快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 359408
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2026-26280 |
Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path
|
HIGH | 8.4 | 2026-02-19 |
sebhildebrandt systeminformation
systeminformation systeminformation
|
CVE NVD | |
| CVE-2026-26278 |
fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)
|
HIGH | 7.5 | 2026-02-19 |
NaturalIntelligence fast-xml-parser
naturalintelligence fast-xml-parser
|
CVE NVD | |
| CVE-2026-27013 |
Fabric.js Affected by Stored XSS via SVG Export
|
HIGH | 7.6 | 2026-02-19 |
fabricjs fabric.js
fabricjs fabric.js
|
CVE NVD | |
| CVE-2026-26267 |
rs-soroban-sdk #[contractimpl] macro calls inherent function instead of trait function when names collide
|
HIGH | 7.5 | 2026-02-19 |
stellar rs-soroban-sdk
stellar rs-soroban-sdk
+2个
|
CVE NVD | |
| CVE-2026-26205 |
opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`
|
HIGH | 7.1 | 2026-02-19 |
open-policy-agent opa-envoy-plugin
|
CVE NVD | |
| CVE-2026-26203 |
PJSIP's pjmedia-video has use-after-free in H264 packetizer when packetizing fragmented NAL
|
MEDIUM | 5.1 | 2026-02-19 |
pjsip pjmedia-video
pjsip pjsip
|
CVE NVD | |
| CVE-2026-26202 |
Penpot has Arbitrary File Read via create-font-variant RPC endpoint
|
HIGH | 7.5 | 2026-02-19 |
penpot penpot
kaleidos penpot
|
CVE NVD | |
| CVE-2026-26201 |
emp3r0r Affected by Concurrent Map Access DoS (panic/crash)
|
HIGH | 7.0 | 2026-02-19 |
jm33-m0 emp3r0r
jm33-m0 emp3r0r
|
CVE NVD | |
| CVE-2026-26200 |
HDF5 Affected by H5T__conv_struct_opt Heap Buffer Overflow
|
HIGH | 7.8 | 2026-02-19 |
HDFGroup hdf5
hdfgroup hdf5
|
CVE NVD | |
| CVE-2026-26193 |
Open WebUI vulnerable to Stored XSS via iFrame embeds in response messages
|
HIGH | 7.3 | 2026-02-19 |
open-webui open-webui
openwebui open_webui
|
CVE NVD | |
| CVE-2026-26192 |
Open WebUI vulnerable to Stored XSS via iFrame in citations model
|
HIGH | 7.3 | 2026-02-19 |
open-webui open-webui
openwebui open_webui
|
CVE NVD | |
| CVE-2026-26189 |
Trivy Action has a script injection via sourced env file in composite action
|
MEDIUM | 5.9 | 2026-02-19 |
aquasecurity trivy-action
aquasec trivy_action
|
CVE NVD | |
| CVE-2026-26063 |
CediPay Affected by Improper Input Validation in Payment Processing
|
HIGH | 8.8 | 2026-02-19 |
xpertforextradeinc CediPay
|
CVE NVD | |
| CVE-2026-26059 |
ChurchCRM has Stored Cross-Site Scripting (XSS) in GroupEditor.php
|
LOW | 2.1 | 2026-02-19 |
ChurchCRM CRM
churchcrm churchcrm
|
CVE NVD | |
| CVE-2026-26057 |
Skill Scanner Unsecured Network Binding Vulnerability
|
MEDIUM | 6.5 | 2026-02-19 |
cisco-ai-defense skill-scanner
cisco skill_scanner
|
CVE NVD | |
| CVE-2026-27475 |
SPIP < 4.4.9 Insecure Deserialization
|
CRITICAL | 9.2 | 2026-02-19 |
SPIP SPIP
spip spip
|
CVE NVD | |
| CVE-2026-27474 |
SPIP < 4.4.9 Cross-Site Scripting in Private Area (Incomplete Fix)
|
MEDIUM | 4.8 | 2026-02-19 |
SPIP SPIP
spip spip
|
CVE NVD | |
| CVE-2026-27473 |
SPIP < 4.4.9 Stored Cross-Site Scripting via Syndicated Sites
|
MEDIUM | 5.1 | 2026-02-19 |
SPIP SPIP
spip spip
|
CVE NVD | |
| CVE-2026-27472 |
SPIP < 4.4.9 Blind Server-Side Request Forgery via Syndicated Sites
|
MEDIUM | 5.3 | 2026-02-19 |
SPIP SPIP
spip spip
|
CVE NVD | |
| CVE-2026-23621 |
GFI MailEssentials AI < 22.4 ListServer.IsPathExist() Absolute Directory Traversal to File Enumeration
|
MEDIUM | 5.3 | 2026-02-19 |
GFI Software MailEssentials AI
gfi mailessentials
|
CVE NVD |