快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 340282
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-42882 |
Missing Authorization check in SAP NetWeaver Application Server for ABAP
|
MEDIUM | 4.3 | 2025-11-11 |
SAP_SE SAP NetWeaver Application Server for ABAP
SAP_SE SAP NetWeaver Application Server for ABAP
+13个
|
CVE NVD | |
| CVE-2024-57695 |
An issue in Agnitum Outpost Security Suite 7.5.3 (3942.608.1810) and 7.6 (3984.693.1842) allows a lo...
|
MEDIUM | -1.0 | 2025-11-11 |
未知
|
CVE | |
| CVE-2025-11578 |
Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation
|
HIGH | 7.5 | 2025-11-10 |
GitHub Enterprise Server
|
CVE NVD | |
| CVE-2025-11892 |
DOM-based Cross-Site Scripting was identified in GitHub Enterprise Server Issues search allows privilege escalation and unauthorized workflow triggers
|
HIGH | 8.6 | 2025-11-10 |
GitHub Enterprise Server
|
CVE NVD | |
| CVE-2021-4462 |
Employee Records System v1.0 Arbitrary File Upload RCE
|
CRITICAL | 9.3 | 2025-11-10 |
Employee Records System Employee Records System
|
CVE NVD | |
| CVE-2018-25124 |
PacsOne Server 6.6.2 DICOM Web Viewer Directory Traversal LFI
|
HIGH | 8.7 | 2025-11-10 |
RainbowFish Software PacsOne Server
|
CVE NVD | |
| CVE-2025-64529 |
SpiceDB's WriteRelationships fails silently if payload is too big
|
LOW | 2.7 | 2025-11-10 |
authzed spicedb
|
CVE NVD | |
| CVE-2025-64519 |
TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter
|
HIGH | 8.8 | 2025-11-10 |
torrentpier torrentpier
|
CVE NVD | |
| CVE-2025-64522 |
Soft Serve is vulnerable to SSRF through its Webhooks
|
CRITICAL | 9.1 | 2025-11-10 |
charmbracelet soft-serve
|
CVE NVD | |
| CVE-2025-64518 |
CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
|
HIGH | 7.5 | 2025-11-10 |
CycloneDX cyclonedx-core-java
|
CVE NVD | |
| CVE-2025-64513 |
Milvus Proxy has Critical Authentication Bypass Vulnerability
|
CRITICAL | 9.3 | 2025-11-10 |
milvus-io milvus
milvus-io milvus
+1个
|
CVE NVD | |
| CVE-2025-64512 |
pdfminer.six vulnerable to Arbitrary Code Execution via Crafted PDF Input
|
HIGH | 8.6 | 2025-11-10 |
pdfminer pdfminer.six
|
CVE NVD | |
| CVE-2025-64507 |
Incus vulnerable to local privilege escalation through custom storage volumes
|
HIGH | 8.6 | 2025-11-10 |
lxc incus
lxc incus
|
CVE NVD | |
| CVE-2025-64504 |
Langfuse vulnerable to cross‑organization enumeration of member & invitation lists via project membership APIs
|
MEDIUM | 5.0 | 2025-11-10 |
langfuse langfuse
langfuse langfuse
|
CVE NVD | |
| CVE-2025-64509 |
Bugsink vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)
|
HIGH | 7.5 | 2025-11-10 |
bugsink bugsink
|
CVE NVD | |
| CVE-2025-64508 |
Bugsink vulnerable to unauthenticated remote DoS via crafted Brotli input
|
HIGH | 7.5 | 2025-11-10 |
bugsink bugsink
|
CVE NVD | |
| CVE-2025-64502 |
Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
|
MEDIUM | 6.9 | 2025-11-10 |
parse-community parse-server
|
CVE NVD | |
| CVE-2025-64501 |
ProsemirrorToHtml: Cross-Site Scripting vulnerability through unescaped HTML attribute values
|
HIGH | 7.6 | 2025-11-10 |
etaminstudio prosemirror_to_html
|
CVE NVD | |
| CVE-2025-64484 |
OAuth2-Proxy vulnerable to header smuggling via underscore, leading to potential privilege escalation
|
HIGH | 8.5 | 2025-11-10 |
oauth2-proxy oauth2-proxy
|
CVE NVD | |
| CVE-2025-64183 |
OpenEXR has use after free in PyObject_StealAttrString
|
MEDIUM | 5.5 | 2025-11-10 |
AcademySoftwareFoundation openexr
AcademySoftwareFoundation openexr
+1个
|
CVE NVD |