快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 359293
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2026-2865 |
itsourcecode Agri-Trading Online Shopping System HTTP POST Request productcontroller.php sql injection
|
MEDIUM | 6.9 | 2026-02-21 |
itsourcecode Agri-Trading Online Shopping System
adonesevangelista agri-trading_online_shopping_system
|
CVE NVD | |
| CVE-2026-2864 |
feng_ha_ha/megagao ssm-erp/production_ssm PictureController.java pictureDelete path traversal
|
MEDIUM | 5.3 | 2026-02-21 |
feng_ha_ha ssm-erp
feng_ha_ha production_ssm
+2个
|
CVE NVD | |
| CVE-2026-27469 |
Isso: Stored XSS via comment website field
|
MEDIUM | 6.1 | 2026-02-21 |
isso-comments isso
|
CVE NVD | |
| CVE-2026-27467 |
BigBlueButton: Audio from participants to the server initially unmuted
|
LOW | 2.0 | 2026-02-21 |
bigbluebutton bigbluebutton
bigbluebutton bigbluebutton
|
CVE NVD | |
| CVE-2026-27466 |
BigBlueButton: Exposed ClamAV port enables Denial of Service
|
HIGH | 7.2 | 2026-02-21 |
bigbluebutton bigbluebutton
bigbluebutton bigbluebutton
|
CVE NVD | |
| CVE-2026-27206 |
Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()
|
HIGH | 8.1 | 2026-02-21 |
zumba json-serializer
|
CVE NVD | |
| CVE-2026-27458 |
LinkAce: Stored XSS in Atom Feed via CDATA Escape in List Description
|
HIGH | 8.7 | 2026-02-21 |
Kovah LinkAce
linkace linkace
|
CVE NVD | |
| CVE-2026-27452 |
ASN.1 TypeScript Library: Decoding an INTEGER could leak the underlying ArrayBuffer
|
CRITICAL | 9.2 | 2026-02-21 |
JonathanWilbur asn1-ts
jonathanwilbur asn1-ts
|
CVE NVD | |
| CVE-2026-27471 |
ERP: Document access through endpoints due to missing validation
|
CRITICAL | 9.3 | 2026-02-21 |
frappe erpnext
frappe erpnext
+2个
|
CVE NVD | |
| CVE-2026-2863 |
feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java deleteFile path traversal
|
MEDIUM | 5.3 | 2026-02-21 |
feng_ha_ha ssm-erp
feng_ha_ha production_ssm
+2个
|
CVE NVD | |
| CVE-2026-2861 |
Foswiki Changes/Viewfile/Oops information disclosure
|
MEDIUM | 6.9 | 2026-02-21 |
foswiki foswiki
|
CVE NVD | |
| CVE-2026-27212 |
Swiper has a Prototype Pollution Vulnerability
|
CRITICAL | 9.4 | 2026-02-21 |
nolimits4web swiper
swiperjs swiper
|
CVE NVD | |
| CVE-2026-26047 |
Moodle: moodle: uncontrolled resource consumption in tex formula editor leading to denial of service
|
MEDIUM | 6.5 | 2026-02-21 |
moodle moodle
|
CVE NVD | |
| CVE-2026-26046 |
Moodle: moodle: improper input sanitization in tex filter administration setting
|
HIGH | 7.2 | 2026-02-21 |
moodle moodle
|
CVE NVD | |
| CVE-2026-26045 |
Moodle: moodle: improper validation in file restore functionality leading to remote code execution
|
HIGH | 7.2 | 2026-02-21 |
moodle moodle
|
CVE NVD | |
| CVE-2026-27211 |
Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse
|
CRITICAL | 9.1 | 2026-02-21 |
cloud-hypervisor cloud-hypervisor
cloudhypervisor cloud_hypervisor
|
CVE NVD | |
| CVE-2026-27210 |
Pannellum has a XSS vulnerability in hot spot attributes
|
MEDIUM | 5.3 | 2026-02-21 |
mpetroff pannellum
pannellum pannellum
|
CVE NVD | |
| CVE-2026-27205 |
Flask session does not add `Vary: Cookie` header when accessed in some ways
|
LOW | 2.3 | 2026-02-21 |
pallets flask
palletsprojects flask
|
CVE NVD | |
| CVE-2026-27199 |
Werkzeug safe_join() allows Windows special device names
|
MEDIUM | 6.3 | 2026-02-21 |
pallets werkzeug
palletsprojects werkzeug
|
CVE NVD | |
| CVE-2026-27198 |
Formwork Improperly Manages Privileges During User Creation
|
HIGH | 8.8 | 2026-02-21 |
getformwork formwork
formwork_project formwork
|
CVE NVD |