快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 354145
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-12962 |
Local Syndication <= 1.5a - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode
|
MEDIUM | 6.4 | 2025-11-18 |
willbontrager Local Syndication
|
CVE NVD | |
| CVE-2025-12404 |
Like-it <= 2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
|
MEDIUM | 6.1 | 2025-11-18 |
nikolayyordanov Like-it
|
CVE NVD | |
| CVE-2025-12823 |
CSV to SortTable <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-18 |
sscovil CSV to SortTable
|
CVE NVD | |
| CVE-2025-9625 |
Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery
|
MEDIUM | 4.3 | 2025-11-18 |
interledger Coil Web Monetization
|
CVE NVD | |
| CVE-2025-12528 |
Pie Forms for WP <= 1.6 - Unauthenticated Arbitrary File Upload
|
HIGH | 8.1 | 2025-11-18 |
genetechproducts Pie Forms — Drag & Drop Form Builder
|
CVE NVD | |
| CVE-2025-11620 |
Multiple Roles per User <= 1.0 - Missing Authorization to Authenticated (Custom+) Privilege Escalation
|
HIGH | 7.2 | 2025-11-18 |
jemoreto Multiple Roles per User
|
CVE NVD | |
| CVE-2025-12411 |
Premmerce Wholesale Pricing for WooCommerce <= 1.1.10 - Authenticated (Subscriber+) SQL Injection
|
HIGH | 7.1 | 2025-11-18 |
premmerce Premmerce Wholesale Pricing for WooCommerce
|
CVE NVD | |
| CVE-2025-8727 |
A stack buffer overflow vulnerability exists in the Supermicro BMC Web function(SSL).
|
HIGH | 7.2 | 2025-11-18 |
SMCI X13SEDW-F
|
CVE NVD | |
| CVE-2025-8404 |
Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library
|
MEDIUM | 5.5 | 2025-11-18 |
SMCI MBD-X13SEDW-F
|
CVE NVD | |
| CVE-2025-10089 |
Malicious Code Execution Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S
|
HIGH | 7.7 | 2025-11-18 |
Mitsubishi Electric Corporation MILCO.S Setting Application
Mitsubishi Electric Corporation MILCO.S Setting Application (IR)
+2个
|
CVE NVD | |
| CVE-2025-11265 |
VK All in One Expansion Unit <= 9.112.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-18 |
kurudrive VK All in One Expansion Unit
|
CVE NVD | |
| CVE-2025-11267 |
VK All in One Expansion Unit <= 9.112.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-18 |
kurudrive VK All in One Expansion Unit
|
CVE NVD | |
| CVE-2025-8076 |
A stack buffer overflow vulnerability exists in the Supermicro BMC Web function
|
HIGH | 7.2 | 2025-11-18 |
SMCI MBD-X13SEDW-F
|
CVE NVD | |
| CVE-2025-7623 |
Supermicro BMC SMASH services has a Stack-based buffer overflow vulnerability
|
MEDIUM | 5.4 | 2025-11-18 |
SMCI MBD-X13SEDW-F
|
CVE NVD | |
| CVE-2025-12524 |
Post Type Switcher <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type Change
|
MEDIUM | 5.4 | 2025-11-18 |
johnjamesjacoby Post Type Switcher
|
CVE NVD | |
| CVE-2025-48593 |
In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to ...
|
HIGH | 8.0 | 2025-11-18 |
Google Android
Google Android
+6个
|
CVE NVD | |
| CVE-2025-12974 |
Gravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload
|
HIGH | 8.1 | 2025-11-18 |
Gravity Forms Gravity Forms
|
CVE NVD | |
| CVE-2025-64734 |
Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker ...
|
LOW | 2.4 | 2025-11-18 |
Gallagher T21 Reader
|
CVE NVD | |
| CVE-2025-52578 |
Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) vulnerability in the High Sec ...
|
MEDIUM | 5.7 | 2025-11-18 |
Gallagher High Sec End of Line Module
|
CVE NVD | |
| CVE-2025-52457 |
Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access t...
|
MEDIUM | 5.7 | 2025-11-18 |
Gallagher HBUS Devices
|
CVE NVD |