漏洞标题 （CVE-2025-15004）DedeCMS至5.7.118版本freelist_main.php文件orderby参数SQL注入漏洞 漏洞描述 （CVE-2025-15004）DedeCMS至5.7.118版本freelist_main.php文件orderby参数SQL注入漏...

漏洞标题 CVE-2025-2747: Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006) 漏洞描述 An authentication bypass vulnerability in Kentico Xperience allows ...

漏洞标题 CVE-2025-41243: Spring Cloud Gateway Server Webflux - Broken Access Control 漏洞描述 Spring Cloud Gateway Server Webflux contains a vulnerability caused by unsecured and e...

漏洞标题 CVE-2025-23061: Mongoose - NoSQL Injection 漏洞描述 NoSQL injection vulnerability in Mongoose < 8.9.5 affecting the populate() function's match option. This vulner...

漏洞标题 CVE-2025-28906: Skitter Slideshow <= 2.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting 漏洞描述 The Skitter Slideshow plugin for WordPress is vulnerabl...

漏洞标题 CVE-2025-6204: DELMIA Apriso - Command Injection 漏洞描述 An Improper Control of Generation of Code (code injection / file upload → RCE) vulnerability affecting DELMIA Ap...

漏洞标题 CVE-2025-53771: Microsoft SharePoint Server - Authentication Bypass (ToolShell) 漏洞描述 Microsoft Office SharePoint Server contains an improper authentication vulnerabili...

漏洞标题 CVE-2025-31489: MinIO - Incomplete Signature Validation for Unsigned-Trailer Uploads 漏洞描述 MinIO is a High Performance Object Storage released under GNU Affero General ...

漏洞标题 CVE-2025-4008: MeteoBridge <= 6.1 - Remote Code Execution 漏洞描述 The Meteobridge web interface let meteobridge administrator manage their weather station data collect...

漏洞标题 CVE-2025-41243: Spring Cloud Gateway Server Webflux - Broken Access Control 漏洞描述 Spring Cloud Gateway Server Webflux contains a vulnerability caused by unsecured and e...

漏洞标题 CVE-2025-1661: HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion 漏洞描述 The HUSKY – Products Filter Professiona...

漏洞标题 CVE-2025-44137: MapTiler Tileserver-php v2.0 - Unauthenticated File Read 漏洞描述 MapTiler Tileserver-php v2.0 contains a directory traversal caused by improper sanitizati...

漏洞标题 CVE-2025-51990: XWiki – Stored Cross-Site Scripting (XSS) 漏洞描述 XWiki through version 17.3.0 contains stored cross-site scripting caused by improper sanitization of in...

漏洞标题 Commvault /commandcenter/publicLink.do 权限绕过漏洞（CVE-2025-57788） 漏洞描述 Commvault-WebServer是Commvault公司推出的一款网络服务器软件。该软件具有高效、安全、稳定的特点...

漏洞标题 CVE-2025-53624: Docusaurus Gists Plugin < 4.0.0 - GitHub Personal Access Token Exposure 漏洞描述 The Docusaurus gists plugin adds a page to your Docusaurus instance, di...

漏洞标题 CVE-2025-3102: SureTriggers – All-in-One Automation Platform ≤ 1.0.78 - Authentication Bypass 漏洞描述 The SureTriggers- All-in-One Automation Platform plugin for WordPr...