快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 353571
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-66313 |
ChurchCRM vulnerable to a time-based blind SQL injection via the 1FieldSec parameter
|
MEDIUM | 5.1 | 2025-12-01 |
ChurchCRM CRM
churchcrm churchcrm
|
CVE NVD | |
| CVE-2025-66312 |
Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`
|
MEDIUM | 6.2 | 2025-12-01 |
getgrav grav
getgrav grav-plugin-admin
|
CVE NVD | |
| CVE-2025-66311 |
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters
|
MEDIUM | 6.2 | 2025-12-01 |
getgrav grav
getgrav grav-plugin-admin
|
CVE NVD | |
| CVE-2025-66310 |
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` parameter `data[header][template]` in Advanced Tab
|
MEDIUM | 6.2 | 2025-12-01 |
getgrav grav
getgrav grav-plugin-admin
|
CVE NVD | |
| CVE-2025-66309 |
Grav vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tab
|
MEDIUM | 6.2 | 2025-12-01 |
getgrav grav
getgrav grav-plugin-admin
|
CVE NVD | |
| CVE-2025-66308 |
Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]`
|
MEDIUM | 6.8 | 2025-12-01 |
getgrav grav
getgrav grav-plugin-admin
|
CVE NVD | |
| CVE-2025-66307 |
Grav Admin Plugin vulnerable to User Enumeration & Email Disclosure
|
MEDIUM | 6.5 | 2025-12-01 |
getgrav grav
getgrav grav-plugin-admin
|
CVE NVD | |
| CVE-2025-66306 |
Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel
|
MEDIUM | 4.3 | 2025-12-01 |
getgrav grav
getgrav grav
+1个
|
CVE NVD | |
| CVE-2025-66305 |
Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter
|
MEDIUM | 6.9 | 2025-12-01 |
getgrav grav
getgrav grav
+1个
|
CVE NVD | |
| CVE-2025-66304 |
Grav Exposes Password Hashes Leading to privilege escalation
|
MEDIUM | 6.2 | 2025-12-01 |
getgrav grav
getgrav grav
+1个
|
CVE NVD | |
| CVE-2025-66303 |
Grav is vulnerable to a DOS on the admin panel
|
MEDIUM | 4.9 | 2025-12-01 |
getgrav grav
getgrav grav
+1个
|
CVE NVD | |
| CVE-2025-66302 |
Grav vulnerable to Path Traversal allowing server files backup
|
MEDIUM | 6.8 | 2025-12-01 |
getgrav grav
getgrav grav
+1个
|
CVE NVD | |
| CVE-2025-66301 |
Grav ihas Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions
|
HIGH | 8.6 | 2025-12-01 |
getgrav grav
getgrav grav
+1个
|
CVE NVD | |
| CVE-2025-66300 |
Grav is vulnerable to Arbitrary File Read
|
HIGH | 8.5 | 2025-12-01 |
getgrav grav
getgrav grav
+1个
|
CVE NVD | |
| CVE-2025-66299 |
Security Sandbox Bypass with SSTI (Server Side Template Injection) in the Grav CMS
|
HIGH | 8.8 | 2025-12-01 |
getgrav grav
getgrav grav
+1个
|
CVE NVD | |
| CVE-2025-66298 |
Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms
|
HIGH | 7.7 | 2025-12-01 |
getgrav grav
getgrav grav
+1个
|
CVE NVD | |
| CVE-2025-66297 |
Grav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig Injection
|
HIGH | 7.4 | 2025-12-01 |
getgrav grav
getgrav grav
+1个
|
CVE NVD | |
| CVE-2025-66296 |
Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover
|
HIGH | 8.8 | 2025-12-01 |
getgrav grav
getgrav grav
+1个
|
CVE NVD | |
| CVE-2025-66294 |
Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass
|
HIGH | 8.7 | 2025-12-01 |
getgrav grav
getgrav grav
+1个
|
CVE NVD | |
| CVE-2025-66295 |
Grav vulnerable to Path traversal / arbitrary YAML write via user creation leading to Account Takeover / System Corruption
|
HIGH | 8.8 | 2025-12-01 |
getgrav grav
getgrav grav
+1个
|
CVE NVD |