漏洞标题 CVE-2025-51586: PrestaShop - Information Disclosure 漏洞描述 User enumeration vulnerability in the AdminLogin controller in PrestaShop 1.7 through 8.2.2 allows remote atta...

漏洞标题 CVE-2025-53364: Parse Server - GraphQL Schema Information Disclosure 漏洞描述 The Parse Server GraphQL API previously allowed public access to the GraphQL schema without r...

漏洞标题 CVE-2025-47204: Bootstrap Multiselect <= 1.1.2 - Cross-Site Scripting 漏洞描述 A PHP script in the source code release echoes arbitrary POST data. If a developer adopts...

漏洞标题 CVE-2025-6403: Code-Projects School Fees Payment System 1.0 - SQL Injection 漏洞描述 A vulnerability was found in code-projects School Fees Payment System 1.0. It has been...

漏洞标题 CVE-2025-28367: mojoPortal <=2.9.0.1 - Directory Traversal 漏洞描述 mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller -...

漏洞标题 CVE-2025-2907: Order Delivery Date Pro for WooCommerce < 12.3.1 - Arbitrary Option Update 漏洞描述 The Order Delivery Date WordPress plugin before 12.3.1 does not have ...

漏洞标题 CVE-2025-23061: Mongoose - NoSQL Injection 漏洞描述 NoSQL injection vulnerability in Mongoose < 8.9.5 affecting the populate() function's match option. This vulner...

漏洞标题 CVE-2025-27218: Sitecore Experience Manager (XM)/Experience Platform (XP) 10.4 - Insecure Deserialization 漏洞描述 Sitecore Experience Manager (XM) and Experience Platform...

漏洞标题 CVE-2025-49029: WordPress Custom Login And Signup Widget Plugin <= 1.0 - Arbitrary Code Execution 漏洞描述 Improper Control of Generation of Code ('Code Injection&...

漏洞标题 CVE-2025-1743: Pichome 2.1.0 - Arbitrary File Read 漏洞描述 A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown ...

漏洞标题 CVE-2025-55523: Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download 漏洞描述 Agent-Zero v0.8.0 - 0.9.4 contains a path traversal caused by improper validation in /api/downl...

漏洞标题 CVE-2025-61757: Oracle Identity Manager REST WebServices - Authentication Bypass 漏洞描述 Vulnerability in the Identity Manager product of Oracle Fusion Middleware (compon...

漏洞标题 CVE-2025-34027: Versa Concerto API Path Based - Authentication Bypass 漏洞描述 Authentication bypass in the Versa Concerto API, caused by URL decoding inconsistencies. It ...

漏洞标题 CVE-2025-1974-k8s: Ingress-Nginx Controller - Unauthenticated Remote Code Execution 漏洞描述 A security issue was discovered in ingress-nginx where the `auth-tls-match-cn`...

漏洞标题 CVE-2025-11749: WordPress AI Engine Plugin - Token Exposure 漏洞描述 Unauthenticated sensitive information exposure in AI Engine WordPress plugin <= 3.1.3 exposes beare...

漏洞标题 CVE-2025-2711: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting 漏洞描述 Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via the langcode par...