快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 352871
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-65835 |
The Cordova plugin cordova-plugin-x-socialsharing (SocialSharing-PhoneGap-Plugin) for Android 6.0.4,...
|
MEDIUM | 6.2 | 2025-12-15 |
eddyverbruggen cordova_social_sharing
|
CVE NVD | |
| CVE-2025-66434 |
An SSTI (Server-Side Template Injection) vulnerability exists in the get_dunning_letter_text method ...
|
HIGH | 8.8 | 2025-12-15 |
frappe erpnext
|
CVE NVD | |
| CVE-2025-66435 |
An SSTI (Server-Side Template Injection) vulnerability exists in the get_contract_template method of...
|
MEDIUM | 4.3 | 2025-12-15 |
frappe erpnext
|
CVE NVD | |
| CVE-2025-66436 |
An SSTI (Server-Side Template Injection) vulnerability exists in the get_terms_and_conditions method...
|
MEDIUM | 4.3 | 2025-12-15 |
frappe erpnext
|
CVE NVD | |
| CVE-2025-66437 |
An SSTI (Server-Side Template Injection) vulnerability exists in the get_address_display method of F...
|
HIGH | 8.8 | 2025-12-15 |
frappe erpnext
|
CVE NVD | |
| CVE-2025-66438 |
A Server-Side Template Injection (SSTI) vulnerability exists in the Frappe ERPNext through 15.89.0 P...
|
CRITICAL | 9.8 | 2025-12-15 |
frappe erpnext
|
CVE NVD | |
| CVE-2025-66439 |
An issue was discovered in Frappe ERPNext through 15.89.0. Function get_outstanding_reference_docume...
|
CRITICAL | 9.8 | 2025-12-15 |
frappe erpnext
|
CVE NVD | |
| CVE-2025-66440 |
An issue was discovered in Frappe ERPNext through 15.89.0. Function get_outstanding_reference_docume...
|
CRITICAL | 9.8 | 2025-12-15 |
frappe erpnext
|
CVE NVD | |
| CVE-2025-66843 |
grav before v1.7.49.5 has a Stored Cross-Site Scripting (Stored XSS) vulnerability in the page editi...
|
MEDIUM | 5.4 | 2025-12-15 |
getgrav grav
|
CVE NVD | |
| CVE-2025-66844 |
In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates w...
|
CRITICAL | 9.1 | 2025-12-15 |
getgrav grav
|
CVE NVD | |
| CVE-2025-66963 |
An issue in Hitron HI3120 v.7.2.4.5.2b1 allows a local attacker to obtain sensitive information via ...
|
MEDIUM | 5.5 | 2025-12-15 |
hitrontech hi3120_firmware
|
CVE NVD | |
| CVE-2025-67809 |
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A hardcoded Flickr API key and ...
|
MEDIUM | 4.7 | 2025-12-15 |
zimbra collaboration
|
CVE NVD | |
| CVE-2025-67901 |
openrsync through 0.5.0, as used in OpenBSD through 7.8 and on other platforms, allows a client to c...
|
MEDIUM | 5.3 | 2025-12-14 |
kristapsdz openrsync
|
CVE NVD | |
| CVE-2025-14692 |
Mayan EDMS authentication redirect
|
MEDIUM | 5.3 | 2025-12-14 |
Mayan EDMS
Mayan EDMS
|
CVE NVD | |
| CVE-2025-14691 |
Mayan EDMS authentication cross site scripting
|
MEDIUM | 5.3 | 2025-12-14 |
Mayan EDMS
Mayan EDMS
|
CVE NVD | |
| CVE-2025-67900 |
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.
|
HIGH | 8.1 | 2025-12-14 |
NXLog NXLog Agent
|
CVE NVD | |
| CVE-2025-67899 |
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMu...
|
LOW | 2.9 | 2025-12-14 |
uriparser project uriparser
|
CVE NVD | |
| CVE-2025-67898 |
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="c...
|
MEDIUM | 4.5 | 2025-12-14 |
MJML MJML
|
CVE NVD | |
| CVE-2025-13281 |
Portworx Half-Blind SSRF in kube-controller-manager
|
MEDIUM | 5.8 | 2025-12-14 |
Kubernetes Kubernetes
|
CVE NVD | |
| CVE-2025-14674 |
aizuda snail-job QLExpressEngine.java QLExpressEngine.doEval injection
|
MEDIUM | 5.3 | 2025-12-14 |
aizuda snail-job
aizuda snail-job
+5个
|
CVE NVD |