快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 354299
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-7663 |
Ovatheme Events Manager <= 1.8.6 - Missing Authorization
|
MEDIUM | 6.5 | 2025-11-08 |
ovatheme Ovatheme Events Manager
|
CVE NVD | |
| CVE-2025-12353 |
WPFunnels <= 3.6.2 - Unauthorized User Registration
|
MEDIUM | 5.3 | 2025-11-08 |
getwpfunnels Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels
|
CVE NVD | |
| CVE-2025-12042 |
Course Booking System <= 6.1.5 - Missing Authorization to Unauthenticated Booking Data Export
|
MEDIUM | 5.3 | 2025-11-08 |
werbeagenturcommotion Course Booking System
|
CVE NVD | |
| CVE-2025-12064 |
WP2Social Auto Publish <= 2.4.7 - Reflected Cross-Site Scripting via PostMessage
|
MEDIUM | 6.1 | 2025-11-08 |
f1logic WP2Social Auto Publish
|
CVE NVD | |
| CVE-2025-12177 |
Download Manager <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key
|
MEDIUM | 5.3 | 2025-11-08 |
codename065 Download Manager
|
CVE NVD | |
| CVE-2025-12167 |
Contact Form 7 AWeber Extension <= 0.1.42 - Missing Authorization to Authenticated (Subscriber+) Log Reset
|
MEDIUM | 4.3 | 2025-11-08 |
rnzo Contact Form 7 AWeber Extension
|
CVE NVD | |
| CVE-2025-12583 |
Simple Downloads List <= 1.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-08 |
neofix Simple Downloads List
|
CVE NVD | |
| CVE-2025-11452 |
Asgaros Forum <= 3.1.0 - Unauthenticated SQL Injection
|
HIGH | 7.5 | 2025-11-08 |
asgaros Asgaros Forum
|
CVE NVD | |
| CVE-2025-64496 |
Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events
|
HIGH | 7.3 | 2025-11-08 |
open-webui open-webui
openwebui open_webui
|
CVE NVD | |
| CVE-2025-64495 |
Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE
|
HIGH | 8.7 | 2025-11-08 |
open-webui open-webui
openwebui open_webui
|
CVE NVD | |
| CVE-2025-64494 |
Soft Serve does not sanitize ANSI escape sequences in user input
|
MEDIUM | 4.6 | 2025-11-08 |
charmbracelet soft-serve
|
CVE NVD | |
| CVE-2025-64493 |
SuiteCRM is Vulnerable to Authenticated Blind SQL Injection via GraphQL
|
MEDIUM | 6.5 | 2025-11-08 |
SuiteCRM SuiteCRM-Core
salesagility suitecrm
|
CVE NVD | |
| CVE-2025-64492 |
SuiteCRM is Vulnerable to Authenticated Time Based Blind SQL Injection
|
HIGH | 8.8 | 2025-11-08 |
SuiteCRM SuiteCRM-Core
salesagility suitecrm
|
CVE NVD | |
| CVE-2025-64491 |
SuiteCRM is vulnerable to unauthenticated reflected XSS through its Login page
|
MEDIUM | 6.1 | 2025-11-08 |
SuiteCRM SuiteCRM
salesagility suitecrm
|
CVE NVD | |
| CVE-2025-64490 |
SuiteCRM's Inconsistent RBAC Enforcement Enables Access Control Bypass
|
HIGH | 8.3 | 2025-11-08 |
SuiteCRM SuiteCRM
SuiteCRM SuiteCRM
+1个
|
CVE NVD | |
| CVE-2025-64489 |
SuiteCRM: Privilege Escalation via Improper Session Invalidation and Inactive User Bypass
|
HIGH | 8.3 | 2025-11-08 |
SuiteCRM SuiteCRM
SuiteCRM SuiteCRM
+1个
|
CVE NVD | |
| CVE-2025-64488 |
SuiteCRM: Authenticated SQL Injection Possible in Reschedule Call Module
|
HIGH | 8.6 | 2025-11-07 |
SuiteCRM SuiteCRM
SuiteCRM SuiteCRM
+1个
|
CVE NVD | |
| CVE-2025-64486 |
calibre is vulnerable to arbitrary code execution when opening FB2 files
|
CRITICAL | 9.3 | 2025-11-07 |
kovidgoyal calibre
|
CVE NVD | |
| CVE-2025-12911 |
Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote...
|
MEDIUM | 4.3 | 2025-11-07 |
Google Chrome
google chrome
|
CVE NVD | |
| CVE-2025-12910 |
Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local att...
|
MEDIUM | 6.2 | 2025-11-07 |
Google Chrome
google chrome
|
CVE NVD |