CVE-2025-23061: Mongoose – NoSQL Injection
漏洞标题 CVE-2025-23061: Mongoose - NoSQL Injection 漏洞描述 NoSQL injection vulnerability in Mongoose < 8.9.5 affecting the populate() function's match option. This vulner...
CVE-2025-44177: White Star Software ProTop – Directory Traversal
漏洞标题 CVE-2025-44177: White Star Software ProTop - Directory Traversal 漏洞描述 A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-20...
CVE-2025-25257: Fortinet FortiWeb – SQL Injection
漏洞标题 CVE-2025-25257: Fortinet FortiWeb - SQL Injection 漏洞描述 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability ...
CVE-2025-1661: HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion
漏洞标题 CVE-2025-1661: HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion 漏洞描述 The HUSKY – Products Filter Professiona...
CVE-2025-2711: Yonyou UFIDA ERP-NC V5.0 – Cross-Site Scripting
漏洞标题 CVE-2025-2711: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting 漏洞描述 Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via the langcode par...
CVE-2025-34077: WordPress Pie Register <= 3.7.1.4 - Authentication Bypass
漏洞标题 CVE-2025-34077: WordPress Pie Register <= 3.7.1.4 - Authentication Bypass 漏洞描述 An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤...
CVE-2025-3415: Grafana – Exposes DingDing API Keys
漏洞标题 CVE-2025-3415: Grafana - Exposes DingDing API Keys 漏洞描述 An incident occurred where the DingDing alerting integration URL was inadvertently exposed to viewers due to a ...
CVE-2025-57822: Next.js Middleware – Server-Side Request Forgery
漏洞标题 CVE-2025-57822: Next.js Middleware - Server-Side Request Forgery 漏洞描述 In Next.js prior to versions 14.2.32 and 15.4.7, when request headerswere insecurely passed to Ne...
Apache Tomcat 远程命令执行(CVE-2025-24813)
漏洞标题 Apache Tomcat 远程命令执行(CVE-2025-24813) 漏洞描述 Apache Tomcat 是一个开源的 Java Servlet 容器,广泛用于运行基于 Java 的 Web 应用程序。该漏洞(CVE-2025-24813)允许远程攻...
CVE-2025-2747: Kentico Xperience 13 CMS – Staging Service Authentication Bypass (WT-2025-0006)
漏洞标题 CVE-2025-2747: Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006) 漏洞描述 An authentication bypass vulnerability in Kentico Xperience allows ...
CVE-2025-26319: FlowiseAI Flowise <= 2.2.6 - Arbitrary File Upload
漏洞标题 CVE-2025-26319: FlowiseAI Flowise <= 2.2.6 - Arbitrary File Upload 漏洞描述 FlowiseAI Flowise version 2.2.6 and below contains an arbitrary file upload vulnerability in...
CVE-2025-24963: Vitest Browser Mode – Local File Read
漏洞标题 CVE-2025-24963: Vitest Browser Mode - Local File Read 漏洞描述 Vitest is a testing framework powered by Vite. The `__screenshot-error` handler on the browser mode HTTP ser...
CVE-2025-2712: Yonyou UFIDA ERP-NC V5.0 – Cross-Site Scripting
漏洞标题 CVE-2025-2712: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting 漏洞描述 Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via the langcode par...
CVE-2025-51502: Microweber CMS 2.0 – Reflected XSS in Admin Page Creation
漏洞标题 CVE-2025-51502: Microweber CMS 2.0 - Reflected XSS in Admin Page Creation 漏洞描述 Reflected Cross-Site Scripting (XSS) exists in Microweber CMS 2.0 through the layout par...
CVE-2025-3515: Contact Form 7 Drag and Drop Multiple File Upload – Arbitrary File Upload
漏洞标题 CVE-2025-3515: Contact Form 7 Drag and Drop Multiple File Upload - Arbitrary File Upload 漏洞描述 The Drag and Drop Multiple File Upload for Contact Form 7 plugin for Word...
(CVE-2025-5961) WPvivid备份与迁移插件任意文件上传漏洞
漏洞标题 (CVE-2025-5961) WPvivid备份与迁移插件任意文件上传漏洞 漏洞描述 (CVE-2025-5961) WPvivid备份与迁移插件任意文件上传漏洞 PoC代码 暂无
