快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 358424
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2026-1434 |
Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious
|
MEDIUM | 6.1 | 2026-02-27 |
pw omega-psir
|
NVD | |
| CVE-2026-21660 |
Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password
|
CRITICAL | 9.8 | 2026-02-27 |
johnsoncontrols frick_controls_quantum_hd_firmware
|
NVD | |
| CVE-2026-21659 |
Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) v
|
CRITICAL | 9.8 | 2026-02-27 |
johnsoncontrols frick_controls_quantum_hd_firmware
|
NVD | |
| CVE-2026-1305 |
The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versi
|
MEDIUM | 5.3 | 2026-02-27 |
未知
|
NVD | |
| CVE-2025-14142 |
The Electric Enquiries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bu
|
MEDIUM | 6.4 | 2026-02-27 |
未知
|
NVD | |
| CVE-2024-10938 |
The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files
|
MEDIUM | 6.5 | 2026-02-27 |
未知
|
NVD | |
| CVE-2026-2383 |
The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via cu
|
MEDIUM | 6.4 | 2026-02-27 |
未知
|
NVD | |
| CVE-2026-2362 |
The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via
|
MEDIUM | 6.4 | 2026-02-27 |
未知
|
NVD | |
| CVE-2026-2252 |
An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forg
|
HIGH | 7.5 | 2026-02-27 |
xerox freeflow_core
|
NVD | |
| CVE-2026-2251 |
Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox
|
CRITICAL | 9.8 | 2026-02-27 |
xerox freeflow_core
|
NVD | |
| CVE-2026-21658 |
Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection')
|
CRITICAL | 9.8 | 2026-02-27 |
johnsoncontrols frick_controls_quantum_hd_firmware
|
NVD | |
| CVE-2026-21657 |
Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Co
|
CRITICAL | 9.8 | 2026-02-27 |
johnsoncontrols frick_controls_quantum_hd_firmware
|
NVD | |
| CVE-2026-21656 |
Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Co
|
CRITICAL | 9.8 | 2026-02-27 |
johnsoncontrols frick_controls_quantum_hd_firmware
|
NVD | |
| CVE-2026-21654 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi
|
CRITICAL | 9.8 | 2026-02-27 |
johnsoncontrols frick_controls_quantum_hd_firmware
|
NVD | |
| CVE-2026-1627 |
An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to p
|
MEDIUM | 6.5 | 2026-02-27 |
未知
|
NVD | |
| CVE-2026-1626 |
An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to poten
|
MEDIUM | 6.5 | 2026-02-27 |
未知
|
NVD | |
| CVE-2025-12150 |
A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacke
|
LOW | 3.1 | 2026-02-27 |
未知
|
NVD | |
| CVE-2026-27776 |
IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This c
|
HIGH | 7.2 | 2026-02-27 |
未知
|
NVD | |
| CVE-2026-0980 |
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of R
|
HIGH | 8.3 | 2026-02-27 |
未知
|
NVD | |
| CVE-2026-0871 |
A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only a
|
MEDIUM | 4.9 | 2026-02-27 |
未知
|
NVD |