排序
CVE-2025-1974-k8s: Ingress-Nginx Controller – Unauthenticated Remote Code Execution
漏洞标题 CVE-2025-1974-k8s: Ingress-Nginx Controller - Unauthenticated Remote Code Execution 漏洞描述 A security issue was discovered in ingress-nginx where the `auth-tls-match-cn`...
2025年5月19日 13:18CVE-2025-51501: Microweber CMS2.0 – Cross-Site Scripting
漏洞标题 CVE-2025-51501: Microweber CMS2.0 - Cross-Site Scripting 漏洞描述 Reflected Cross-Site Scripting (XSS) in the `id` parameter of the `live_edit.module_settings` API endpoin...
2025年1月9日 12:56CVE-2025-27892: Shopware < 6.5.8.13 - SQL Injection
漏洞标题 CVE-2025-27892: Shopware < 6.5.8.13 - SQL Injection 漏洞描述 The Shopware application API contains a search functionality which enables users to search through informat...
2025年6月17日 23:23CVE-2025-11371: Gladinet CentreStack & TrioFox – Local File Inclusion
漏洞标题 CVE-2025-11371: Gladinet CentreStack & TrioFox - Local File Inclusion 漏洞描述 In the default installation and configuration of Gladinet CentreStack and TrioFox, there...
2025年1月20日 08:38CVE-2025-27007: OttoKit < 1.0.83 - SureTriggers allows Privilege Escalation
漏洞标题 CVE-2025-27007: OttoKit < 1.0.83 - SureTriggers allows Privilege Escalation 漏洞描述 Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allow...
2025年2月2日 02:32CVE-2025-6851: WordPress Broken Link Notifier < 1.3.1 - Unauthenticated SSRF
漏洞标题 CVE-2025-6851: WordPress Broken Link Notifier < 1.3.1 - Unauthenticated SSRF 漏洞描述 The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request...
2025年10月13日 20:05CVE-2025-1661: HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion
漏洞标题 CVE-2025-1661: HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion 漏洞描述 The HUSKY – Products Filter Professiona...
2025年10月20日 23:08CVE-2025-34027: Versa Concerto API Path Based – Authentication Bypass
漏洞标题 CVE-2025-34027: Versa Concerto API Path Based - Authentication Bypass 漏洞描述 Authentication bypass in the Versa Concerto API, caused by URL decoding inconsistencies. It ...
2025年2月25日 12:59CVE-2025-6403: Code-Projects School Fees Payment System 1.0 – SQL Injection
漏洞标题 CVE-2025-6403: Code-Projects School Fees Payment System 1.0 - SQL Injection 漏洞描述 A vulnerability was found in code-projects School Fees Payment System 1.0. It has been...
2025年12月24日 12:22CVE-2025-49002: DataEase 远程代码执行漏洞
漏洞标题 CVE-2025-49002: DataEase 远程代码执行漏洞 漏洞描述 CVE-2025-49002 是由于H2数据库模块没有严格过滤用户输入的JDBC连接参数,可使用大小写绕过补丁。攻击者可利用这些漏洞实现未授...
2025年3月20日 06:56CVE-2025-5961: WordPress WPvivid Backup & Migration Plugin <= 0.9.116 - Authenticated Arbitrary File Upload
漏洞标题 CVE-2025-5961: WordPress WPvivid Backup & Migration Plugin <= 0.9.116 - Authenticated Arbitrary File Upload 漏洞描述 The Migration, Backup, Staging – WPvivid Backu...
2025年5月6日 10:27CVE-2025-3415: Grafana – Exposes DingDing API Keys
漏洞标题 CVE-2025-3415: Grafana - Exposes DingDing API Keys 漏洞描述 An incident occurred where the DingDing alerting integration URL was inadvertently exposed to viewers due to a ...
2025年8月24日 02:36CVE-2025-51502: Microweber CMS 2.0 – Reflected XSS in Admin Page Creation
漏洞标题 CVE-2025-51502: Microweber CMS 2.0 - Reflected XSS in Admin Page Creation 漏洞描述 Reflected Cross-Site Scripting (XSS) exists in Microweber CMS 2.0 through the layout par...
2025年10月18日 07:30(CVE-2025-29927) Next.js 中间件授权检查绕过漏洞
漏洞标题 (CVE-2025-29927) Next.js 中间件授权检查绕过漏洞 漏洞描述 (CVE-2025-29927) Next.js 中间件授权检查绕过漏洞 PoC代码 暂无
2025年8月1日 06:23CVE-2025-32433: Erlang/OTP SSH – Remote Code Execution
漏洞标题 CVE-2025-32433: Erlang/OTP SSH - Remote Code Execution 漏洞描述 Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26....
2025年4月8日 18:46CVE-2025-47445: WordPress Eventin (Themewinter) ≤ 4.0.26 – Arbitrary File Download
漏洞标题 CVE-2025-47445: WordPress Eventin (Themewinter) ≤ 4.0.26 - Arbitrary File Download 漏洞描述 Themewinter Eventin contains a path traversal caused by relative path manipula...
2025年2月5日 14:33
