快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 354228
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-12869 |
aEnrich|eHRD - Stored Cross-Site Scripting
|
MEDIUM | 4.8 | 2025-11-12 |
aEnrich a+HRD
aenrich a\+hrd
|
CVE NVD | |
| CVE-2025-12018 |
MembershipWorks <= 6.14 - Authenticated (Admin+) Stored Cross-Site Scripting
|
MEDIUM | 4.4 | 2025-11-12 |
sourcefound MembershipWorks – Membership, Events & Directory
|
CVE NVD | |
| CVE-2025-12113 |
Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images <= 1.8.3 - Missing Authorization to Authenticated (Subscriber+) API Key Deletion
|
MEDIUM | 4.3 | 2025-11-12 |
webtoffee Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images
|
CVE NVD | |
| CVE-2025-12633 |
Booking Calendar | Appointment Booking | Bookit <= 2.5.0 - Missing Authorization to Unauthenticated Stripe Connection
|
HIGH | 7.5 | 2025-11-12 |
stellarwp Booking Calendar | Appointment Booking | Bookit
|
CVE NVD | |
| CVE-2025-11560 |
Team Members Showcase < 3.5.0 - Reflected XSS
|
HIGH | 7.1 | 2025-11-12 |
Unknown Team Members Showcase
|
CVE NVD | |
| CVE-2025-12901 |
Asgaros Forum <= 3.2.1 - Cross-Site Request Forgery to Subscription Settings Update
|
MEDIUM | 4.3 | 2025-11-12 |
asgaros Asgaros Forum
|
CVE NVD | |
| CVE-2025-12833 |
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.139 - Missing Authorization to Authenticated (Author+) Arbitrary Image Attachment
|
MEDIUM | 4.3 | 2025-11-12 |
paoltaia GeoDirectory – WP Business Directory Plugin and Classified Listings Directory
|
CVE NVD | |
| CVE-2025-12087 |
Wishlist and Save for later for Woocommerce <= 1.1.22 - Insecure Direct Object Reference to Authenticated (Subscriber+) Wishlist Item Deletion
|
MEDIUM | 4.3 | 2025-11-12 |
acowebs Wishlist and Save for later for Woocommerce
|
CVE NVD | |
| CVE-2025-54983 |
Health check port on ZCC allows tunnel bypass
|
MEDIUM | 5.2 | 2025-11-12 |
Zscaler Zscaler Client Connector
|
CVE NVD | |
| CVE-2025-40111 |
Linux kernel 安全漏洞
|
UNKNOWN | N/A | 2025-11-12 |
Linux Linux
Linux Linux
|
CVE NVD +1 | |
| CVE-2025-40110 |
Linux kernel 安全漏洞
|
UNKNOWN | N/A | 2025-11-12 |
Linux Linux
Linux Linux
|
CVE NVD +1 | |
| CVE-2025-43205 |
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in wa...
|
MEDIUM | 4.0 | 2025-11-12 |
Apple watchOS
Apple tvOS
+7个
|
CVE NVD | |
| CVE-2025-52331 |
Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11,...
|
MEDIUM | 6.1 | 2025-11-12 |
rarlab winrar
|
CVE NVD | |
| CVE-2025-56385 |
A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.8...
|
CRITICAL | 9.8 | 2025-11-12 |
wellsky harmony
|
CVE NVD | |
| CVE-2025-57310 |
A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted ...
|
HIGH | 8.8 | 2025-11-12 |
salmen simple_faucet_script
|
CVE NVD | |
| CVE-2025-59491 |
Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields.
|
MEDIUM | 6.1 | 2025-11-12 |
centralsquare community_development
|
CVE NVD | |
| CVE-2025-60645 |
A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to t...
|
MEDIUM | 6.5 | 2025-11-12 |
xuxueli xxl-api
|
CVE NVD | |
| CVE-2025-60646 |
A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attacke...
|
MEDIUM | 6.1 | 2025-11-12 |
xuxueli xxl-api
|
CVE NVD | |
| CVE-2025-63289 |
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain...
|
CRITICAL | 9.1 | 2025-11-12 |
sogexia sogexia
|
CVE NVD | |
| CVE-2025-63353 |
A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi pass...
|
CRITICAL | 9.8 | 2025-11-12 |
fiberhome hg6145f1_firmware
|
CVE NVD |