快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 352749
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-34434 |
AVideo < 20.1 ImageGallery Plugin Unauthenticated File Upload and Deletion
|
CRITICAL | 9.3 | 2025-12-17 |
World Wide Broadcast Network AVideo
wwbn avideo
|
CVE NVD | |
| CVE-2025-34439 |
AVideo < 20.1 Open Redirect via cancelUri Parameter
|
MEDIUM | 4.8 | 2025-12-17 |
World Wide Broadcast Network AVideo
wwbn avideo
|
CVE NVD | |
| CVE-2025-34440 |
AVideo < 20.1 Open Redirect via siteRedirectUri Parameter
|
MEDIUM | 4.8 | 2025-12-17 |
World Wide Broadcast Network AVideo
wwbn avideo
|
CVE NVD | |
| CVE-2025-34442 |
AVideo < 20.1 System Path Disclosure via Public API
|
MEDIUM | 6.9 | 2025-12-17 |
World Wide Broadcast Network AVideo
wwbn avideo
|
CVE NVD | |
| CVE-2025-34441 |
AVideo < 20.1 User Information Disclosure via Public API
|
MEDIUM | 6.9 | 2025-12-17 |
World Wide Broadcast Network AVideo
wwbn avideo
|
CVE NVD | |
| CVE-2025-66646 |
RIOT-OS has NULL pointer dereference in gnrc_ipv6_ext_frag_reass
|
LOW | 1.7 | 2025-12-17 |
RIOT-OS RIOT
riot-os riot
+1个
|
CVE NVD | |
| CVE-2025-66397 |
ChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access Control
|
HIGH | 8.3 | 2025-12-17 |
ChurchCRM CRM
churchcrm churchcrm
|
CVE NVD | |
| CVE-2025-66396 |
ChurchCRM has SQL Injection in User Editor via `type` Parameter Key
|
HIGH | 7.2 | 2025-12-17 |
ChurchCRM CRM
churchcrm churchcrm
|
CVE NVD | |
| CVE-2025-66395 |
SQL Injection in Event List via `WhichType` Parameter
|
HIGH | 8.8 | 2025-12-17 |
ChurchCRM CRM
churchcrm churchcrm
|
CVE NVD | |
| CVE-2025-62521 |
ChurchCRM has unauthenticated RCE in its Install Wizard
|
CRITICAL | 10.0 | 2025-12-17 |
ChurchCRM CRM
churchcrm churchcrm
|
CVE NVD | |
| CVE-2025-14081 |
Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass
|
MEDIUM | 4.3 | 2025-12-17 |
ultimatemember Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
|
CVE NVD | |
| CVE-2025-13537 |
Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-12-17 |
livecomposer Live Composer – Free WordPress Website Builder
|
CVE NVD | |
| CVE-2025-13217 |
Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value'
|
MEDIUM | 6.4 | 2025-12-17 |
ultimatemember Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
|
CVE NVD | |
| CVE-2025-13326 |
Mattermost Desktop App fails to enable Hardened Runtime when packaged for Mac App Store
|
LOW | 3.9 | 2025-12-17 |
Mattermost Mattermost
mattermost mattermost_desktop
|
CVE NVD | |
| CVE-2025-13324 |
Lack of Invalidation of Legacy Remote Cluster Invite Tokens After Confirmation
|
LOW | 3.7 | 2025-12-17 |
Mattermost Mattermost
mattermost mattermost_server
|
CVE NVD | |
| CVE-2025-13321 |
Mattermost Desktop App logging sensitive information and fails to clear data on server deletion
|
LOW | 3.3 | 2025-12-17 |
Mattermost Mattermost
mattermost mattermost_desktop
|
CVE NVD | |
| CVE-2025-12689 |
DoS in Calls plugin via malformed UTF-8 in WebSocket request
|
MEDIUM | 6.5 | 2025-12-17 |
Mattermost Mattermost
mattermost mattermost_server
|
CVE NVD | |
| CVE-2025-20393 |
Cisco Secure Email和Cisco Secure Email and Web Manager 安全漏洞
|
CRITICAL | 10.0 | 2025-12-17 |
Cisco Cisco Secure Email
Cisco Cisco Secure Email
+43个
|
CVE NVD +1 | |
| CVE-2025-26381 |
OpenBlue Mobile Web Application configuration issue for optional for OpenBlue Workplace (formerly FM Systems)
|
MEDIUM | 6.5 | 2025-12-17 |
Johnson Controls OpenBlue Workplace (formerly FM Systems)
|
CVE NVD | |
| CVE-2025-43873 |
iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - setFaultDebounce
|
HIGH | 8.7 | 2025-12-17 |
Johnson Control iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2
|
CVE NVD |