快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 359293
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2026-2871 |
Tenda A21 SetIpMacBind fromSetIpMacBind stack-based overflow
|
HIGH | 8.7 | 2026-02-21 |
Tenda A21
tenda a21_firmware
|
CVE NVD | |
| CVE-2026-2870 |
Tenda A21 formSetQosBand set_qosMib_list stack-based overflow
|
HIGH | 8.7 | 2026-02-21 |
Tenda A21
tenda a21_firmware
|
CVE NVD | |
| CVE-2026-2869 |
janet-lang janet handleattr specials.c janetc_varset out-of-bounds
|
MEDIUM | 4.8 | 2026-02-21 |
janet-lang janet
janet-lang janet
+1个
|
CVE NVD | |
| CVE-2026-2867 |
itsourcecode Vehicle Management System billaction.php sql injection
|
MEDIUM | 6.9 | 2026-02-21 |
itsourcecode Vehicle Management System
admerc vehicle_management_system
|
CVE NVD | |
| CVE-2026-1787 |
LearnPress Export Import <= 4.1.0 - Missing Authentication to Unauthenticated Migrated Course Deletion
|
MEDIUM | 4.8 | 2026-02-21 |
thimpress LearnPress – Backup & Migration Tool
|
CVE NVD | |
| CVE-2026-27579 |
CollabPlatform : CORS Misconfiguration Allows Arbitrary Origin With Credentials Leading to Authenticated Account Data Exposure
|
HIGH | 7.4 | 2026-02-21 |
karnop realtime-collaboration-platform
|
CVE NVD | |
| CVE-2026-27492 |
Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused
|
MEDIUM | 4.7 | 2026-02-21 |
lettermint lettermint-node
lettermint lettermint
|
CVE NVD | |
| CVE-2026-27574 |
OneUptime: node:vm sandbox escape in probe allows any project member to achieve RCE
|
CRITICAL | 10.0 | 2026-02-21 |
OneUptime oneuptime
hackerbay oneuptime
|
CVE NVD | |
| CVE-2026-27576 |
OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs
|
MEDIUM | 4.8 | 2026-02-21 |
openclaw openclaw
openclaw openclaw
|
CVE NVD | |
| CVE-2026-27488 |
OpenClaw hardened cron webhook delivery against SSRF
|
MEDIUM | 6.9 | 2026-02-21 |
openclaw openclaw
openclaw openclaw
|
CVE NVD | |
| CVE-2026-27487 |
OpenClaw: Prevent shell injection in macOS keychain credential write
|
HIGH | 7.6 | 2026-02-21 |
openclaw openclaw
openclaw openclaw
|
CVE NVD | |
| CVE-2026-27486 |
OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup
|
MEDIUM | 4.3 | 2026-02-21 |
openclaw openclaw
openclaw openclaw
|
CVE NVD | |
| CVE-2025-14339 |
weMail <= 2.0.7 - Missing Authorization to Unauthenticated Form Deletion
|
MEDIUM | 6.5 | 2026-02-21 |
wedevs weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins
|
CVE NVD | |
| CVE-2026-27485 |
OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection
|
MEDIUM | 4.6 | 2026-02-21 |
openclaw openclaw
openclaw openclaw
|
CVE NVD | |
| CVE-2026-27484 |
OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows
|
LOW | 2.3 | 2026-02-21 |
openclaw openclaw
openclaw openclaw
|
CVE NVD | |
| CVE-2026-27482 |
Ray: Dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)
|
MEDIUM | 5.9 | 2026-02-21 |
ray-project ray
anyscale ray
|
CVE NVD | |
| CVE-2026-27480 |
Static Web Server: Timing-Based Username Enumeration in Basic Authentication
|
MEDIUM | 5.3 | 2026-02-21 |
static-web-server static-web-server
static-web-server static_web_server
|
CVE NVD | |
| CVE-2026-27479 |
Wallos: SSRF via Redirect Bypass in Logo/Icon URL Fetch
|
HIGH | 7.7 | 2026-02-21 |
ellite Wallos
wallosapp wallos
|
CVE NVD | |
| CVE-2026-27470 |
ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields
|
HIGH | 8.8 | 2026-02-21 |
ZoneMinder zoneminder
ZoneMinder zoneminder
+1个
|
CVE NVD | |
| CVE-2026-27464 |
Metabase: Server-Side Template Injection via Notifications Endpoint Leads to RCE
|
HIGH | 7.7 | 2026-02-21 |
metabase metabase
metabase metabase
+1个
|
CVE NVD |