快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 358219
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2026-27830 |
c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property
|
HIGH | 8.9 | 2026-02-26 |
swaldman c3p0
|
CVE NVD | |
| CVE-2026-27888 |
pypdf: Manipulated FlateDecode XFA streams can exhaust RAM
|
MEDIUM | 6.6 | 2026-02-26 |
py-pdf pypdf
pypdf_project pypdf
|
CVE NVD | |
| CVE-2026-27884 |
NetExec vulnerable to arbitrary file write via path traversal in spider_plus module
|
MEDIUM | 5.3 | 2026-02-26 |
Pennyw0rth NetExec
|
CVE NVD | |
| CVE-2026-27829 |
Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize
|
MEDIUM | 6.5 | 2026-02-26 |
withastro astro
|
CVE NVD | |
| CVE-2026-27946 |
ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API
|
HIGH | 8.2 | 2026-02-26 |
zitadel zitadel
zitadel zitadel
|
CVE NVD | |
| CVE-2026-27945 |
ZITADEL has potential SSRF via Actions
|
LOW | 2.1 | 2026-02-26 |
zitadel zitadel
|
CVE NVD | |
| CVE-2026-27840 |
ZITADEL's truncated opaque tokens are still valid
|
MEDIUM | 4.3 | 2026-02-26 |
zitadel zitadel
zitadel zitadel
+1个
|
CVE NVD | |
| CVE-2026-27837 |
Dottie vulnerable to prototype pollution bypass via non-first path segments in set() and transform()
|
MEDIUM | 6.3 | 2026-02-26 |
mickhansen dottie.js
dottie_project dottie
|
CVE NVD | |
| CVE-2026-27831 |
rldns Vulnerable to Heap-based Out-of-Bounds Read
|
HIGH | 7.5 | 2026-02-26 |
bluedragonsecurity rldns
|
CVE NVD | |
| CVE-2026-27821 |
GPAC NHML Demuxer (dmx_nhml.c) Vulnerable to Stack Buffer Overflow
|
HIGH | 7.7 | 2026-02-26 |
gpac gpac
|
CVE NVD | |
| CVE-2026-26186 |
Fleet has a SQL injection via backtick escape in ORDER BY parameter
|
MEDIUM | 5.1 | 2026-02-26 |
fleetdm fleet
fleetdm fleet
|
CVE NVD | |
| CVE-2026-27818 |
TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist
|
HIGH | 8.7 | 2026-02-26 |
TerriaJS terriajs-server
|
CVE NVD | |
| CVE-2026-27812 |
Sub2API Vulnerable to Password Reset Poisoning via Host Header Trust Issue, Leading to Account Takeover
|
HIGH | 8.0 | 2026-02-26 |
Wei-Shaw sub2api
|
CVE NVD | |
| CVE-2025-50857 |
ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. ...
|
CRITICAL | 9.8 | 2026-02-26 |
未知
|
CVE NVD | |
| CVE-2025-56605 |
A reflected Cross-Site Scripting (XSS) vulnerability exists in the register.php backend script of Pu...
|
MEDIUM | 5.4 | 2026-02-26 |
未知
|
CVE NVD | |
| CVE-2025-71057 |
Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 allows atta...
|
HIGH | 8.2 | 2026-02-26 |
未知
|
CVE NVD | |
| CVE-2026-26682 |
An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginC...
|
HIGH | 7.8 | 2026-02-26 |
xjd2020 fastcms
|
CVE NVD | |
| CVE-2026-27809 |
psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps
|
MEDIUM | 6.8 | 2026-02-25 |
psd-tools psd-tools
psd-tools_project psd-tools
|
CVE NVD | |
| CVE-2026-27808 |
Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API
|
MEDIUM | 5.8 | 2026-02-25 |
axllent mailpit
axllent mailpit
|
CVE NVD | |
| CVE-2026-27804 |
Parse Server: Account takeover via JWT algorithm confusion in Google auth adapter
|
CRITICAL | 9.3 | 2026-02-25 |
parse-community parse-server
parse-community parse-server
|
CVE NVD |