快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 354145
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-65032 |
Rallly Has an IDOR Vulnerability in Participant Rename Function Allows Unauthorized Modification of Other Users’ Names
|
MEDIUM | 6.5 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65031 |
Rallly Improper Authorization in Comment Endpoint Allows User Impersonation
|
MEDIUM | 6.5 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65030 |
Rallly Improper Authorization in Comment Deletion Endpoint Allows Unauthorized Comment Removal
|
HIGH | 7.1 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65029 |
Rallly Has an IDOR Vulnerability in Participant Deletion Endpoint Allows Unauthorized Removal of Poll Participants
|
HIGH | 8.1 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65021 |
Rallly Has Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR)
|
CRITICAL | 9.1 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65020 |
Rallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR)
|
MEDIUM | 6.5 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65028 |
Rallly Has an IDOR Vulnerability in Vote Update Endpoint Allows Unauthorized Manipulation of Participant Votes
|
MEDIUM | 6.5 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-64708 |
authentik invitation expiry is delayed by at least 5 minutes
|
MEDIUM | 5.8 | 2025-11-19 |
goauthentik authentik
goauthentik authentik
+1个
|
CVE NVD | |
| CVE-2025-64521 |
authentik deactivated service accounts can authenticate to OAuth
|
MEDIUM | 4.8 | 2025-11-19 |
goauthentik authentik
goauthentik authentik
+1个
|
CVE NVD | |
| CVE-2025-13400 |
Tenda CH22 WrlExtraGet formWrlExtraGet buffer overflow
|
HIGH | 8.7 | 2025-11-19 |
Tenda CH22
tenda ch22_firmware
|
CVE NVD | |
| CVE-2025-12743 |
SQL Injection in Looker Project Generation Endpoint Allows Access to Internal MySQL Database
|
MEDIUM | 6.0 | 2025-11-19 |
Google Cloud Looker
|
CVE NVD | |
| CVE-2025-64765 |
Astro middleware authentication checks based on url.pathname can be bypassed via url encoded values
|
MEDIUM | 6.9 | 2025-11-19 |
withastro astro
astro astro
|
CVE NVD | |
| CVE-2025-64764 |
Astro is vulnerable to Reflected XSS via the server islands feature
|
HIGH | 7.1 | 2025-11-19 |
withastro astro
astro astro
|
CVE NVD | |
| CVE-2025-65019 |
Astro Cloudflare adapter has a Stored Cross Site Scripting vulnerability in /_image endpoint
|
MEDIUM | 5.4 | 2025-11-19 |
withastro astro
astro astro
|
CVE NVD | |
| CVE-2025-64757 |
Astro Development Server is Vulnerable to Arbitrary Local File Read
|
LOW | 3.5 | 2025-11-19 |
withastro astro
astro astro
|
CVE NVD | |
| CVE-2025-34335 |
AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via ActivateLicense.php
|
HIGH | 8.7 | 2025-11-19 |
AudioCodes Limited AudioCodes Fax/IVR Appliance
audiocodes fax_server
+1个
|
CVE NVD | |
| CVE-2025-34334 |
AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via TestFax.php & LPE
|
HIGH | 8.7 | 2025-11-19 |
AudioCodes Limited AudioCodes Fax/IVR Appliance
audiocodes fax_server
+1个
|
CVE NVD | |
| CVE-2025-34332 |
AudioCodes Fax/IVR Appliance <= 2.6.23 Insecure Service Control Scripts LPE
|
HIGH | 8.5 | 2025-11-19 |
AudioCodes Limited AudioCodes Fax/IVR Appliance
audiocodes fax_server
+1个
|
CVE NVD | |
| CVE-2025-34329 |
AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated Backup Upload RCE via ajaxBackupUploadFile.php
|
CRITICAL | 9.3 | 2025-11-19 |
AudioCodes Limited AudioCodes Fax/IVR Appliance
audiocodes fax_server
+1个
|
CVE NVD | |
| CVE-2025-34331 |
AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File Read via download.php
|
HIGH | 8.7 | 2025-11-19 |
AudioCodes Limited AudioCodes Fax/IVR Appliance
audiocodes fax_server
+1个
|
CVE NVD |