排序
CVE-2025-27817: Apache Kafka 客户端任意文件读取
漏洞标题 CVE-2025-27817: Apache Kafka 客户端任意文件读取 漏洞描述 允许未经身份验证的攻击者利用该漏洞实现任意文件读取,大多数据处理中间件或流式处理框架,如:Apache Spark Structured ...
2025年5月29日 22:11CVE-2025-34045: WeiPHP 5.0 – Path Traversal
漏洞标题 CVE-2025-34045: WeiPHP 5.0 - Path Traversal 漏洞描述 WeiPHP 5.0 contains a path traversal caused by insufficient input validation of the picUrl parameter in /public/index....
2025年9月6日 09:24CVE-2025-34141: ETQ Reliance – Reflected XSS via SQLConverterServlet
漏洞标题 CVE-2025-34141: ETQ Reliance - Reflected XSS via SQLConverterServlet 漏洞描述 A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platf...
2025年5月13日 06:22CVE-2025-51501: Microweber CMS2.0 – Cross-Site Scripting
漏洞标题 CVE-2025-51501: Microweber CMS2.0 - Cross-Site Scripting 漏洞描述 Reflected Cross-Site Scripting (XSS) in the `id` parameter of the `live_edit.module_settings` API endpoin...
2025年8月21日 20:20CVE-2025-24963: Vitest Browser Mode – Local File Read
漏洞标题 CVE-2025-24963: Vitest Browser Mode - Local File Read 漏洞描述 Vitest is a testing framework powered by Vite. The `__screenshot-error` handler on the browser mode HTTP ser...
2025年5月22日 22:12CVE-2025-48703: CWP (Control Web Panel) < 0.9.8.1205 - Remote Code Execution
漏洞标题 CVE-2025-48703: CWP (Control Web Panel) < 0.9.8.1205 - Remote Code Execution 漏洞描述 CWP (Control Web Panel) < 0.9.8.1205 contains a remote code execution caused by...
2025年9月14日 20:01Adobe Commerce/Magento SessionReaper /customer/address_file/upload 文件上传漏洞(CVE-2025-54236)
漏洞标题 Adobe Commerce/Magento SessionReaper /customer/address_file/upload 文件上传漏洞(CVE-2025-54236) 漏洞描述 Adobe Commerce是一款由Adobe公司开发的电子商务平台,广泛应用于全...
2025年6月17日 09:39CVE-2025-27218: Sitecore Experience Manager (XM)/Experience Platform (XP) 10.4 – Insecure Deserialization
漏洞标题 CVE-2025-27218: Sitecore Experience Manager (XM)/Experience Platform (XP) 10.4 - Insecure Deserialization 漏洞描述 Sitecore Experience Manager (XM) and Experience Platform...
2025年3月27日 03:56CVE-2025-47539: Eventin <= 4.0.26 - Privilege Escalation
漏洞标题 CVE-2025-47539: Eventin <= 4.0.26 - Privilege Escalation 漏洞描述 The Eventin WordPress plugin before 4.0.27 suffers from an unauthenticated privilege escalation vulner...
2025年1月27日 19:04CVE-2025-0868: DocsGPT – Unauthenticated Remote Code Execution
漏洞标题 CVE-2025-0868: DocsGPT - Unauthenticated Remote Code Execution 漏洞描述 A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due t...
2025年1月16日 04:09CVE-2025-0108: PAN-OS Management Interface – Path Confusion to Authentication Bypass
漏洞标题 CVE-2025-0108: PAN-OS Management Interface - Path Confusion to Authentication Bypass 漏洞描述 A vulnerability in PAN-OS management interface allows authentication bypass t...
2025年2月22日 01:18CVE-2025-27225: TRUfusion Enterprise <= 7.10.4.0 - Admin Contact Portal
漏洞标题 CVE-2025-27225: TRUfusion Enterprise <= 7.10.4.0 - Admin Contact Portal 漏洞描述 TRUfusion Enterprise versions 7.10.4.0 and earlier contained a vulnerability that allow...
2025年5月23日 11:34CVE-2025-41646: RevPi Webstatus <= v2.4.5 - Authentication Bypass
漏洞标题 CVE-2025-41646: RevPi Webstatus <= v2.4.5 - Authentication Bypass 漏洞描述 An unauthorized remote attacker can bypass the authentication of the affected software packag...
2025年5月27日 11:43CVE-2025-46822: Java-springboot-codebase 1.1 – Arbitrary File Read
漏洞标题 CVE-2025-46822: Java-springboot-codebase 1.1 - Arbitrary File Read 漏洞描述 OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, appl...
2025年12月15日 04:43CVE-2025-24963: Vitest Browser Mode – Local File Read
漏洞标题 CVE-2025-24963: Vitest Browser Mode - Local File Read 漏洞描述 Vitest is a testing framework powered by Vite. The `__screenshot-error` handler on the browser mode HTTP ser...
2025年10月30日 11:08CVE-2025-31324: SAP NetWeaver Visual Composer Metadata Uploader – Deserialization
漏洞标题 CVE-2025-31324: SAP NetWeaver Visual Composer Metadata Uploader - Deserialization 漏洞描述 SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper a...
2025年12月25日 12:30
