快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 352871
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-14068 |
WPNakama <= 0.6.3 - Unauthenticated SQL Injection via 'order_by' Parameter
|
HIGH | 7.5 | 2025-12-12 |
qdonow WPNakama – Team and multi-Client Collaboration, Editorial and Project Management
|
CVE NVD | |
| CVE-2025-14356 |
Ultra Addons for Contact Form 7 <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF
|
MEDIUM | 4.3 | 2025-12-12 |
themefic Ultra Addons for Contact Form 7
|
CVE NVD | |
| CVE-2025-12570 |
Fancy Product Designer <= 6.4.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
|
HIGH | 7.2 | 2025-12-12 |
radykal Fancy Product Designer
|
CVE NVD | |
| CVE-2025-13660 |
Guest Support <= 1.2.3 - Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint
|
MEDIUM | 5.3 | 2025-12-12 |
rcatheme Guest Support
|
CVE NVD | |
| CVE-2025-67726 |
Tornado is Vulnerable to Quadratic DoS via Crafted Multipart Parameters
|
HIGH | 7.5 | 2025-12-12 |
tornadoweb tornado
tornadoweb tornado
|
CVE NVD | |
| CVE-2025-10684 |
Construction Light < 1.6.8 - Subscriber+ Arbitrary Plugin Activation
|
MEDIUM | 4.3 | 2025-12-12 |
Unknown Construction Light
|
CVE NVD | |
| CVE-2025-67725 |
Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing
|
HIGH | 7.5 | 2025-12-12 |
tornadoweb tornado
tornadoweb tornado
|
CVE NVD | |
| CVE-2025-67724 |
Tornado vulnerable to Header Injection and XSS via reason argument
|
MEDIUM | 5.4 | 2025-12-12 |
tornadoweb tornado
tornadoweb tornado
|
CVE NVD | |
| CVE-2025-67508 |
gardenctl is vulnerable to Command Injection when used with non‑POSIX shells
|
HIGH | 8.0 | 2025-12-12 |
gardener gardenctl-v2
|
CVE NVD | |
| CVE-2025-64781 |
In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSes...
|
MEDIUM | 5.1 | 2025-12-12 |
Japan Total System Co.,Ltd. GroupSession Free edition
Japan Total System Co.,Ltd. GroupSession byCloud
+1个
|
CVE NVD | |
| CVE-2025-62192 |
Japan Total System多款产品 SQL注入漏洞
|
MEDIUM | 5.3 | 2025-12-12 |
Japan Total System Co.,Ltd. GroupSession Free edition
Japan Total System Co.,Ltd. GroupSession byCloud
+1个
|
CVE NVD +1 | |
| CVE-2025-58576 |
Japan Total System多款产品 跨站请求伪造漏洞
|
MEDIUM | 5.1 | 2025-12-12 |
Japan Total System Co.,Ltd. GroupSession Free edition
Japan Total System Co.,Ltd. GroupSession byCloud
+2个
|
CVE NVD +1 | |
| CVE-2025-61987 |
Japan Total System多款产品 安全漏洞
|
MEDIUM | 6.9 | 2025-12-12 |
Japan Total System Co.,Ltd. GroupSession Free edition
Japan Total System Co.,Ltd. GroupSession byCloud
+1个
|
CVE NVD +1 | |
| CVE-2025-61950 |
In GroupSession, a Circular notice can be created with its memo field non-editable, but the authoriz...
|
MEDIUM | 5.3 | 2025-12-12 |
Japan Total System Co.,Ltd. GroupSession Free edition
Japan Total System Co.,Ltd. GroupSession byCloud
+1个
|
CVE NVD | |
| CVE-2025-65120 |
Japan Total System多款产品 跨站脚本漏洞
|
MEDIUM | 5.1 | 2025-12-12 |
Japan Total System Co.,Ltd. GroupSession Free edition
Japan Total System Co.,Ltd. GroupSession byCloud
+1个
|
CVE NVD +1 | |
| CVE-2025-57883 |
Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, ...
|
MEDIUM | 5.1 | 2025-12-12 |
Japan Total System Co.,Ltd. GroupSession Free edition
Japan Total System Co.,Ltd. GroupSession byCloud
+2个
|
CVE NVD | |
| CVE-2025-66284 |
Japan Total System多款产品 跨站脚本漏洞
|
MEDIUM | 4.8 | 2025-12-12 |
Japan Total System Co.,Ltd. GroupSession Free edition
Japan Total System Co.,Ltd. GroupSession byCloud
+1个
|
CVE NVD +1 | |
| CVE-2025-53523 |
Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, Gr...
|
MEDIUM | 4.8 | 2025-12-12 |
Japan Total System Co.,Ltd. GroupSession Free edition
Japan Total System Co.,Ltd. GroupSession byCloud
+1个
|
CVE NVD | |
| CVE-2025-54407 |
Japan Total System多款产品 跨站脚本漏洞
|
MEDIUM | 5.1 | 2025-12-12 |
Japan Total System Co.,Ltd. GroupSession Free edition
Japan Total System Co.,Ltd. GroupSession byCloud
+1个
|
CVE NVD +1 | |
| CVE-2025-66492 |
Masa CMS vulnerable to Cross-Site Scripting (XSS) through URL Parameter
|
HIGH | 8.2 | 2025-12-12 |
MasaCMS MasaCMS
MasaCMS MasaCMS
+3个
|
CVE NVD |