快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 358424
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2026-27965 |
Vitess users with backup storage access can gain unauthorized access to production deployment environments
|
HIGH | 8.4 | 2026-02-26 |
vitessio vitess
vitessio vitess
+1个
|
CVE NVD | |
| CVE-2026-27959 |
Koa has Host Header Injection via `ctx.hostname`
|
HIGH | 7.5 | 2026-02-26 |
koajs koa
koajs koa
+1个
|
CVE NVD | |
| CVE-2026-27954 |
LiveHelperChat has department-level authorization bypass in holdaction, blockuser, and transferchat endpoints
|
MEDIUM | 4.9 | 2026-02-26 |
LiveHelperChat livehelperchat
livehelperchat live_helper_chat
|
CVE NVD | |
| CVE-2026-27961 |
Agenta's Server-Side Template Injection (SSTI) via custom evaluator Jinja2 templates allows RCE
|
HIGH | 8.8 | 2026-02-26 |
Agenta-AI agenta
agentatech agenta
|
CVE NVD | |
| CVE-2026-27952 |
Agenta has Python Sandbox Escape, Leading to Remote Code Execution (RCE)
|
HIGH | 8.8 | 2026-02-26 |
Agenta-AI agenta-api
agentatech agenta
|
CVE NVD | |
| CVE-2026-27948 |
Copyparty vulnerable to eflected cross-site scripting via setck parameter
|
MEDIUM | 5.4 | 2026-02-26 |
9001 copyparty
9001 copyparty
|
CVE NVD | |
| CVE-2026-27943 |
OpenEMR's Eye Exam View Trusts form_id Without Verifying Patient/Encounter Ownership
|
MEDIUM | 6.5 | 2026-02-26 |
openemr openemr
open-emr openemr
|
CVE NVD | |
| CVE-2026-2499 |
Custom Logo <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Logo Path Setting
|
MEDIUM | 4.4 | 2026-02-26 |
tgrk Custom Logo
|
CVE NVD | |
| CVE-2026-2029 |
Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' and 'value' Shortcode Attributes
|
MEDIUM | 6.4 | 2026-02-26 |
livemesh Livemesh Addons for Beaver Builder
|
CVE NVD | |
| CVE-2026-2489 |
TP2WP Importer <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Watched domains' Textarea
|
MEDIUM | 4.4 | 2026-02-26 |
readymadeweb TP2WP Importer
|
CVE NVD | |
| CVE-2026-2498 |
WP Social Meta <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings
|
MEDIUM | 4.4 | 2026-02-26 |
bulktheme WP Social Meta
|
CVE NVD | |
| CVE-2026-1557 |
WP Responsive Images <= 1.0 - Unauthenticated Path Traversal to Arbitrary File Read via src
|
HIGH | 7.5 | 2026-02-26 |
stuartbates WP Responsive Images
|
CVE NVD | |
| CVE-2026-2506 |
EM Cost Calculator <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting via 'customer_name'
|
MEDIUM | 6.1 | 2026-02-26 |
motahar1 EM Cost Calculator
|
CVE NVD | |
| CVE-2026-27942 |
fast-xml-parser has stack overflow in XMLBuilder with preserveOrder
|
LOW | 2.7 | 2026-02-26 |
NaturalIntelligence fast-xml-parser
fast-xml-parser_project fast-xml-parser
+1个
|
CVE NVD | |
| CVE-2026-27941 |
OpenLIT Vulnerable to Remote Code Execution and Secret Exposure via Misuse of `pull_request_target` in GitHub Actions Workflows
|
CRITICAL | 10.0 | 2026-02-26 |
openlit openlit
|
CVE NVD | |
| CVE-2026-27938 |
WPGraphQL Repo Vulnerable to Command Injection via Unsanitized GitHub Actions Expression in Release Workflow
|
HIGH | 7.7 | 2026-02-26 |
wp-graphql wp-graphql
|
CVE NVD | |
| CVE-2026-27904 |
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions
|
HIGH | 7.5 | 2026-02-26 |
isaacs minimatch
isaacs minimatch
+7个
|
CVE NVD | |
| CVE-2026-27903 |
minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
|
HIGH | 7.5 | 2026-02-26 |
isaacs minimatch
isaacs minimatch
+7个
|
CVE NVD | |
| CVE-2026-27902 |
Svelte Vulnerable to XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers
|
MEDIUM | 5.3 | 2026-02-26 |
sveltejs svelte
|
CVE NVD | |
| CVE-2026-27901 |
Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`
|
MEDIUM | 5.3 | 2026-02-26 |
sveltejs svelte
|
CVE NVD |