排序
CVE-2025-31125: Vite Development Server – Path Traversal
漏洞标题 CVE-2025-31125: Vite Development Server - Path Traversal 漏洞描述 Path traversal vulnerability in Vite development server's @fs endpoint allows attackers to access fi...
2025年7月18日 20:07CentreStack 存在反序列化漏洞(CVE-2025-30406)
漏洞标题 CentreStack 存在反序列化漏洞(CVE-2025-30406) 漏洞描述 CVE-2025-30406 是由 CentreStack 门户的硬编码 machineKey使用导致的反序列化漏洞。攻击者可以通过该漏洞获取服务器权限,...
2025年7月2日 09:41CVE-2025-24514: Ingress-Nginx Controller – Configuration Injection via Unsanitized `auth-url` Annotation
漏洞标题 CVE-2025-24514: Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation 漏洞描述 A security issue was discovered in ingress-nginx https-//...
2025年2月14日 07:09CVE-2025-53118: Securden Unified PAM – Authentication Bypass
漏洞标题 CVE-2025-53118: Securden Unified PAM - Authentication Bypass 漏洞描述 An authentication bypass vulnerability exists which allows an unauthenticated attacker to control adm...
2025年1月16日 13:40CVE-2025-2129: Mage AI – Insecure Default Authentication Setup
漏洞标题 CVE-2025-2129: Mage AI - Insecure Default Authentication Setup 漏洞描述 A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an...
2025年4月30日 09:34CVE-2025-1023: ChurchCRM – SQL Injection
漏洞标题 CVE-2025-1023: ChurchCRM - SQL Injection 漏洞描述 A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiti...
2025年10月27日 09:22CVE-2025-29085: Vipshop Saturn Console <= 3.5.1 - SQL Injection via ClusterKey Component
漏洞标题 CVE-2025-29085: Vipshop Saturn Console <= 3.5.1 - SQL Injection via ClusterKey Component 漏洞描述 SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allow...
2025年6月20日 15:36CVE-2025-2748: Kentico Xperience CMS – Unauthenticated Stored XSS
漏洞标题 CVE-2025-2748: Kentico Xperience CMS - Unauthenticated Stored XSS 漏洞描述 The Kentico Xperience application does not fully validate or filter files uploaded via the multi...
2025年4月22日 00:04CVE-2025-27223: TRUfusion Enterprise <= 7.10.4.0 - Authentication Bypass
漏洞标题 CVE-2025-27223: TRUfusion Enterprise <= 7.10.4.0 - Authentication Bypass 漏洞描述 Hard-Coded Cryptographic key allowing to forge session cookies that can be used to ent...
2025年2月7日 10:18CVE-2025-1023: ChurchCRM – SQL Injection
漏洞标题 CVE-2025-1023: ChurchCRM - SQL Injection 漏洞描述 A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiti...
2025年11月15日 14:08CVE-2025-59474: Jenkins Sidepanel – Unauthorized Agent/Queue Exposure
漏洞标题 CVE-2025-59474: Jenkins Sidepanel - Unauthorized Agent/Queue Exposure 漏洞描述 Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in th...
2025年11月11日 22:03CVE-2025-24799: GLPI < 10.0.17 - Pre-Auth SQL Injection
漏洞标题 CVE-2025-24799: GLPI < 10.0.17 - Pre-Auth SQL Injection 漏洞描述 A pre-authentication SQL injection vulnerability exists in the Inventory feature of GLPI. The vulnerabi...
2025年6月8日 17:01Commvault /commandcenter/deployServiceCommcell.do 文件上传漏洞(CVE-2025-34028)
漏洞标题 Commvault /commandcenter/deployServiceCommcell.do 文件上传漏洞(CVE-2025-34028) 漏洞描述 Commvault是一款数据保护或网络弹性解决方案,为企业备份和复制套件。 Commva...
2025年2月22日 20:33CVE-2025-2747: Kentico Xperience 13 CMS – Staging Service Authentication Bypass (WT-2025-0006)
漏洞标题 CVE-2025-2747: Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006) 漏洞描述 An authentication bypass vulnerability in Kentico Xperience allows ...
2025年5月5日 11:07CVE-2025-6403: Code-Projects School Fees Payment System 1.0 – SQL Injection
漏洞标题 CVE-2025-6403: Code-Projects School Fees Payment System 1.0 - SQL Injection 漏洞描述 A vulnerability was found in code-projects School Fees Payment System 1.0. It has been...
2025年11月18日 07:12CVE-2025-4302: Stop User Enumeration WordPress plugin – Authentication Bypass
漏洞标题 CVE-2025-4302: Stop User Enumeration WordPress plugin - Authentication Bypass 漏洞描述 Stop User Enumeration WordPress plugin < 1.7.3 contains an authentication bypass ...
2025年6月4日 13:48
