漏洞标题 CVE-2025-2710: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting 漏洞描述 Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via the flag paramet...

漏洞标题 CVE-2025-2748: Kentico Xperience CMS - Unauthenticated Stored XSS 漏洞描述 The Kentico Xperience application does not fully validate or filter files uploaded via the multi...

漏洞标题 CVE-2025-2709: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting 漏洞描述 Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via the key and redi...

漏洞标题 CVE-2025-1743: Pichome 2.1.0 - Arbitrary File Read 漏洞描述 A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown ...

漏洞标题 CVE-2025-24354: Imgproxy < 3.27.2 - Server-Side Request Forgery (SSRF) 漏洞描述 imgproxy contains an issue caused by not blocking the 0.0.0.0 address even when IMGPROXY...

漏洞标题 CVE-2025-49132: Pterodactyl Panel - Remote Code Execution 漏洞描述 Pterodactyl is a free, open-source game server management panel. Using the /locales/locale.json with the...

漏洞标题 CVE-2025-27218: Sitecore Experience Manager (XM)/Experience Platform (XP) 10.4 - Insecure Deserialization 漏洞描述 Sitecore Experience Manager (XM) and Experience Platform...

漏洞标题 CVE-2025-1097: Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation 漏洞描述 A security issue was discovered in ingress-nginx ...

漏洞标题 CVE-2025-49113: Roundcube Webmail - Remote Code Execution 漏洞描述 Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated us...

漏洞标题 CVE-2025-47423: Personal Weather Station Dashboard 12 - Directory Traversal 漏洞描述 Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to r...

漏洞标题 CVE-2025-1661: HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion 漏洞描述 The HUSKY – Products Filter Professiona...

漏洞标题 CVE-2025-34031: Moodle Jmol Filter 6.1 - Local File Inclusion 漏洞描述 Moodle Jmol Filter 6.1 is vulnerable to local file inclusion through the jsmol.php file, allowing at...

漏洞标题 CVE-2025-24752: Essential Addons for Elementor < 6.0.15 - Cross-Site Scripting 漏洞描述 A Cross-Site Scripting (XSS) vulnerability exists in Essential Addons for Elemen...

漏洞标题 CVE-2025-51502: Microweber CMS 2.0 - Reflected XSS in Admin Page Creation 漏洞描述 Reflected Cross-Site Scripting (XSS) exists in Microweber CMS 2.0 through the layout par...

漏洞标题 CVE-2025-5961: WordPress WPvivid Backup & Migration Plugin <= 0.9.116 - Authenticated Arbitrary File Upload 漏洞描述 The Migration, Backup, Staging – WPvivid Backu...

漏洞标题 CVE-2025-46818: Redis Lua Sandbox < 8.2.2 - Cross-User Escape 漏洞描述 Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow...