快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 353571
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-66373 |
Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing erro...
|
MEDIUM | 4.8 | 2025-12-04 |
akamai akamaighost
|
CVE NVD | |
| CVE-2025-62173 |
Authenticated SQL Injection in Endpoint Module Rest API
|
HIGH | 8.6 | 2025-12-03 |
FreePBX security-reporting
FreePBX security-reporting
|
CVE NVD | |
| CVE-2025-66404 |
mcp-server-kubernetes potential security issue in exec_in_pod tool
|
MEDIUM | 6.4 | 2025-12-03 |
Flux159 mcp-server-kubernetes
suyogs mcp-server-kubernetes
|
CVE NVD | |
| CVE-2025-66293 |
LIBPNG has an out-of-bounds read in png_image_read_composite
|
HIGH | 7.1 | 2025-12-03 |
pnggroup libpng
libpng libpng
|
CVE NVD | |
| CVE-2025-13086 |
OpenVPN 安全漏洞
|
MEDIUM | 4.6 | 2025-12-03 |
OpenVPN OpenVPN
openvpn openvpn
+1个
|
CVE NVD +1 | |
| CVE-2025-66489 |
Cal.com Authentication Bypass via bad TOTP + password checks
|
CRITICAL | 9.9 | 2025-12-03 |
calcom cal.com
|
CVE NVD | |
| CVE-2025-65097 |
Insecure Direct Object Reference (IDOR) Allows Unauthorized Deletion of User Collections
|
HIGH | 7.1 | 2025-12-03 |
rommapp romm
|
CVE NVD | |
| CVE-2025-65096 |
RomM Insecure Direct Object Reference (IDOR) Allows Unauthorized Access to Private Collections
|
MEDIUM | 5.3 | 2025-12-03 |
rommapp romm
|
CVE NVD | |
| CVE-2025-12385 |
Improper validation of <img> tag size in Text component parser
|
HIGH | 8.7 | 2025-12-03 |
The Qt Company Qt
|
CVE NVD | |
| CVE-2025-61727 |
Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
|
MEDIUM | 6.5 | 2025-12-03 |
Go standard library crypto/x509
golang go
|
CVE NVD | |
| CVE-2025-65027 |
RomM Chained XSS and CSRF Vulnerabilities Enable Admin Account Takeover
|
HIGH | 7.6 | 2025-12-03 |
rommapp romm
|
CVE NVD | |
| CVE-2025-66453 |
Rhino vulnerable high CPU usage and potential DoS when passing specific numbers to toFixed() function
|
MEDIUM | 5.5 | 2025-12-03 |
mozilla rhino
mozilla rhino
+1个
|
CVE NVD | |
| CVE-2025-66411 |
Coder logged sensitive objects unsanitized
|
HIGH | 7.8 | 2025-12-03 |
coder coder
coder coder
+1个
|
CVE NVD | |
| CVE-2025-66406 |
Improper Authorization Check for SSH Certificate Revocation
|
MEDIUM | 5.0 | 2025-12-03 |
smallstep certificates
|
CVE NVD | |
| CVE-2025-13992 |
Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 a...
|
MEDIUM | 4.7 | 2025-12-03 |
Google Chrome
google chrome
|
CVE NVD | |
| CVE-2025-12819 |
Untrusted search path in auth_query connection in PgBouncer
|
HIGH | 7.5 | 2025-12-03 |
pgbouncer pgbouncer
|
CVE NVD | |
| CVE-2025-12084 |
Quadratic complexity in node ID cache clearing
|
MEDIUM | 6.3 | 2025-12-03 |
Python Software Foundation CPython
python python
+1个
|
CVE NVD | |
| CVE-2024-3884 |
Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded
|
HIGH | 7.5 | 2025-12-03 |
Red Hat Red Hat JBoss Enterprise Application Platform 8
Red Hat Red Hat JBoss Enterprise Application Platform 8.0
+22个
|
CVE NVD | |
| CVE-2025-66222 |
DeepChat Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE)
|
CRITICAL | 9.7 | 2025-12-03 |
ThinkInAIXYZ deepchat
thinkinai deepchat
|
CVE NVD | |
| CVE-2025-66220 |
Envoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte
|
MEDIUM | 5.0 | 2025-12-03 |
envoyproxy envoy
envoyproxy envoy
+3个
|
CVE NVD |