快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 353571
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-66290 |
OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Candidate Attachments
|
MEDIUM | 5.3 | 2025-11-29 |
orangehrm orangehrm
orangehrm orangehrm
|
CVE NVD | |
| CVE-2025-66289 |
OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change
|
HIGH | 8.7 | 2025-11-29 |
orangehrm orangehrm
orangehrm orangehrm
|
CVE NVD | |
| CVE-2025-66225 |
OrangeHRM is Vulnerable to Account Takeover Through Unvalidated Username in Password Reset Workflow
|
HIGH | 8.7 | 2025-11-29 |
orangehrm orangehrm
orangehrm orangehrm
|
CVE NVD | |
| CVE-2025-66224 |
OrangeHRM is Vulnerable to Code Execution Through Arbitrary File Write from Sendmail Parameter Injection
|
CRITICAL | 9.0 | 2025-11-29 |
orangehrm orangehrm
orangehrm orangehrm
|
CVE NVD | |
| CVE-2025-66223 |
OpenObserve's Invite Token Lifecycle Misconfiguration
|
HIGH | 8.4 | 2025-11-29 |
openobserve openobserve
|
CVE NVD | |
| CVE-2025-66221 |
Werkzeug safe_join() allows Windows special device names
|
MEDIUM | 6.3 | 2025-11-29 |
pallets werkzeug
palletsprojects werkzeug
|
CVE NVD | |
| CVE-2025-53939 |
Kiteworks Core is vulnerable to Improper Input Validation
|
MEDIUM | 6.3 | 2025-11-29 |
kiteworks security-advisories
accellion kiteworks
|
CVE NVD | |
| CVE-2025-53900 |
Kiteworks MFT has a Privilege Defined With Unsafe Actions
|
MEDIUM | 6.5 | 2025-11-29 |
kiteworks security-advisories
accellion kiteworks_managed_file_transfer
|
CVE NVD | |
| CVE-2025-53899 |
Kiteworks MFT is vulnerable to an Incorrectly Specified Destination in a Communication Channel
|
HIGH | 7.2 | 2025-11-29 |
kiteworks security-advisories
accellion kiteworks_managed_file_transfer
|
CVE NVD | |
| CVE-2025-53897 |
Kiteworks MFT has a Cross-Site Request Forgery (CSRF) vulnerability
|
MEDIUM | 6.8 | 2025-11-29 |
kiteworks security-advisories
accellion kiteworks_managed_file_transfer
|
CVE NVD | |
| CVE-2025-53896 |
Kiteworks MFT is vulnerable to Insufficient Session Expiration
|
HIGH | 7.1 | 2025-11-29 |
kiteworks security-advisories
accellion kiteworks_managed_file_transfer
|
CVE NVD | |
| CVE-2025-58436 |
OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack
|
MEDIUM | 5.1 | 2025-11-29 |
OpenPrinting cups
openprinting cups
|
CVE NVD | |
| CVE-2025-61915 |
OpenPrinting CUPS vulnerable to stack based out-of-bound write
|
MEDIUM | 6.0 | 2025-11-29 |
OpenPrinting cups
openprinting cups
|
CVE NVD | |
| CVE-2025-66216 |
AIS-catcher has a Buffer Overflow vulnerability in `AIS::Message` leading to DoS/RCE
|
CRITICAL | 9.3 | 2025-11-29 |
jvde-github AIS-catcher
aiscatcher ais-catcher
|
CVE NVD | |
| CVE-2025-66217 |
AIS-catcher Integer Underflow in MQTT Packet Parsing leading to Heap Buffer Overflow
|
HIGH | 8.8 | 2025-11-29 |
jvde-github AIS-catcher
aiscatcher ais-catcher
|
CVE NVD | |
| CVE-2025-66219 |
willitmerge has a command Injection vulnerability
|
MEDIUM | 6.9 | 2025-11-29 |
shama willitmerge
dontkry willitmerge
|
CVE NVD | |
| CVE-2025-66201 |
LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability
|
HIGH | 8.6 | 2025-11-29 |
danny-avila LibreChat
librechat librechat
+1个
|
CVE NVD | |
| CVE-2025-66036 |
Retro is vulnerable to XSS vulnerability in input handling component
|
MEDIUM | 6.1 | 2025-11-29 |
Anjaliavv51 Retro
|
CVE NVD | |
| CVE-2025-66034 |
fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
|
MEDIUM | 6.3 | 2025-11-29 |
fonttools fonttools
fonttools fonttools
|
CVE NVD | |
| CVE-2025-66027 |
Rallly Information Disclosure Vulnerability in Participant API Leaks Names and Emails Despite Pro Privacy Settings
|
HIGH | 7.1 | 2025-11-29 |
lukevella rallly
rallly rallly
|
CVE NVD |