快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 351381
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-27378 |
SQL Injection in AES Due to Inactive SQL Parsing Configuration
|
HIGH | 8.6 | 2026-01-22 |
Altium AES
|
CVE | |
| CVE-2026-23952 |
ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load
|
MEDIUM | 6.5 | 2026-01-22 |
ImageMagick ImageMagick
|
CVE | |
| CVE-2026-23951 |
SumatraPDF's Integer Underflow in PalmDbReader Leads to Crash
|
MEDIUM | 5.5 | 2026-01-22 |
sumatrapdfreader sumatrapdf
|
CVE | |
| CVE-2025-27377 |
Missing Validation of Self-Signed Certificates in Altium Designer Allows Man-in-the-Middle Attacks
|
MEDIUM | 5.3 | 2026-01-22 |
Altium Altium Designer
|
CVE | |
| CVE-2026-23946 |
Tendenci has Authenticated Remote Code Execution via Pickle Deserialization
|
MEDIUM | 6.8 | 2026-01-22 |
tendenci tendenci
|
CVE | |
| CVE-2026-23893 |
openCryptoki has improper link resolution before file access (link following)
|
MEDIUM | 6.8 | 2026-01-22 |
opencryptoki opencryptoki
|
CVE | |
| CVE-2026-23887 |
Group-Office has stored XSS vulnerability via unsanitized filenames
|
MEDIUM | 5.1 | 2026-01-21 |
Intermesh groupoffice
Intermesh groupoffice
|
CVE NVD | |
| CVE-2026-23873 |
HUSTOJ is Vulnerable to Stored CSV Injection (Formula Injection) in Contest Rank Export
|
MEDIUM | 5.2 | 2026-01-21 |
zhblue hustoj
|
CVE NVD | |
| CVE-2026-1036 |
Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion
|
MEDIUM | 5.3 | 2026-01-21 |
10web Photo Gallery by 10Web – Mobile-Friendly Image Gallery
|
CVE NVD | |
| CVE-2026-23737 |
seroval Affected by Remote Code Execution via JSON Deserialization
|
HIGH | 7.5 | 2026-01-21 |
lxsmnsyc seroval
|
CVE NVD | |
| CVE-2026-23736 |
seroval Affected by Prototype Pollution via JSON Deserialization
|
HIGH | 7.3 | 2026-01-21 |
lxsmnsyc seroval
|
CVE NVD | |
| CVE-2026-24048 |
Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow`
|
LOW | 3.5 | 2026-01-21 |
backstage backstage
backstage backstage
+1个
|
CVE NVD | |
| CVE-2026-23630 |
Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering
|
MEDIUM | 6.3 | 2026-01-21 |
docmost docmost
|
CVE NVD | |
| CVE-2026-24047 |
@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass
|
MEDIUM | 6.3 | 2026-01-21 |
backstage backstage
|
CVE NVD | |
| CVE-2026-24046 |
Backstage has a Possible Symlink Path Traversal in Scaffolder Actions
|
HIGH | 7.1 | 2026-01-21 |
backstage backstage
backstage backstage
+6个
|
CVE NVD | |
| CVE-2026-23996 |
FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection
|
LOW | 3.7 | 2026-01-21 |
Athroniaeth fastapi-api-key
|
CVE NVD | |
| CVE-2026-23990 |
Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims
|
MEDIUM | 5.3 | 2026-01-21 |
controlplaneio-fluxcd flux-operator
|
CVE NVD | |
| CVE-2026-23986 |
Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true
|
MEDIUM | 6.9 | 2026-01-21 |
copier-org copier
|
CVE NVD | |
| CVE-2026-23968 |
Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false
|
MEDIUM | 6.8 | 2026-01-21 |
copier-org copier
|
CVE NVD | |
| CVE-2026-23524 |
Laravel Redis Horizontal Scaling Insecure Deserialization
|
CRITICAL | 9.8 | 2026-01-21 |
laravel reverb
|
CVE NVD |