快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 358219
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2026-27948 |
Copyparty vulnerable to eflected cross-site scripting via setck parameter
|
MEDIUM | 5.4 | 2026-02-26 |
9001 copyparty
9001 copyparty
|
CVE NVD | |
| CVE-2026-27943 |
OpenEMR's Eye Exam View Trusts form_id Without Verifying Patient/Encounter Ownership
|
MEDIUM | 6.5 | 2026-02-26 |
openemr openemr
open-emr openemr
|
CVE NVD | |
| CVE-2026-2499 |
Custom Logo <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Logo Path Setting
|
MEDIUM | 4.4 | 2026-02-26 |
tgrk Custom Logo
|
CVE NVD | |
| CVE-2026-2029 |
Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' and 'value' Shortcode Attributes
|
MEDIUM | 6.4 | 2026-02-26 |
livemesh Livemesh Addons for Beaver Builder
|
CVE NVD | |
| CVE-2026-2489 |
TP2WP Importer <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Watched domains' Textarea
|
MEDIUM | 4.4 | 2026-02-26 |
readymadeweb TP2WP Importer
|
CVE NVD | |
| CVE-2026-2498 |
WP Social Meta <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings
|
MEDIUM | 4.4 | 2026-02-26 |
bulktheme WP Social Meta
|
CVE NVD | |
| CVE-2026-1557 |
WP Responsive Images <= 1.0 - Unauthenticated Path Traversal to Arbitrary File Read via src
|
HIGH | 7.5 | 2026-02-26 |
stuartbates WP Responsive Images
|
CVE NVD | |
| CVE-2026-2506 |
EM Cost Calculator <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting via 'customer_name'
|
MEDIUM | 6.1 | 2026-02-26 |
motahar1 EM Cost Calculator
|
CVE NVD | |
| CVE-2026-27942 |
fast-xml-parser has stack overflow in XMLBuilder with preserveOrder
|
LOW | 2.7 | 2026-02-26 |
NaturalIntelligence fast-xml-parser
fast-xml-parser_project fast-xml-parser
+1个
|
CVE NVD | |
| CVE-2026-27941 |
OpenLIT Vulnerable to Remote Code Execution and Secret Exposure via Misuse of `pull_request_target` in GitHub Actions Workflows
|
CRITICAL | 10.0 | 2026-02-26 |
openlit openlit
|
CVE NVD | |
| CVE-2026-27938 |
WPGraphQL Repo Vulnerable to Command Injection via Unsanitized GitHub Actions Expression in Release Workflow
|
HIGH | 7.7 | 2026-02-26 |
wp-graphql wp-graphql
|
CVE NVD | |
| CVE-2026-27904 |
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions
|
HIGH | 7.5 | 2026-02-26 |
isaacs minimatch
isaacs minimatch
+7个
|
CVE NVD | |
| CVE-2026-27903 |
minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
|
HIGH | 7.5 | 2026-02-26 |
isaacs minimatch
isaacs minimatch
+7个
|
CVE NVD | |
| CVE-2026-27902 |
Svelte Vulnerable to XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers
|
MEDIUM | 5.3 | 2026-02-26 |
sveltejs svelte
|
CVE NVD | |
| CVE-2026-27901 |
Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`
|
MEDIUM | 5.3 | 2026-02-26 |
sveltejs svelte
|
CVE NVD | |
| CVE-2026-27887 |
Spin has memory leaks in various WIT interfaces
|
MEDIUM | 6.9 | 2026-02-26 |
spinframework spin
spinframework SpinKube
+1个
|
CVE NVD | |
| CVE-2026-27900 |
Terraform Provider Debug Logs Vulnerable to Sensitive Information Exposure
|
MEDIUM | 5.0 | 2026-02-26 |
linode terraform-provider-linode
|
CVE NVD | |
| CVE-2026-22728 |
sealed-secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations
|
MEDIUM | 4.9 | 2026-02-26 |
Bitnami sealed-secrets
|
CVE NVD | |
| CVE-2026-27899 |
WireGuard Portal Vulnerable to Privilege Escalation to Admin via User Self-Update
|
HIGH | 8.8 | 2026-02-26 |
h44z wg-portal
wgportal wireguard_portal
|
CVE NVD | |
| CVE-2026-27896 |
MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity
|
HIGH | 7.0 | 2026-02-26 |
modelcontextprotocol go-sdk
|
CVE NVD |