快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 358915
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2026-2489 |
TP2WP Importer <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Watched domains' Textarea
|
MEDIUM | 4.4 | 2026-02-26 |
readymadeweb TP2WP Importer
|
CVE NVD | |
| CVE-2026-2498 |
WP Social Meta <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings
|
MEDIUM | 4.4 | 2026-02-26 |
bulktheme WP Social Meta
|
CVE NVD | |
| CVE-2026-1557 |
WP Responsive Images <= 1.0 - Unauthenticated Path Traversal to Arbitrary File Read via src
|
HIGH | 7.5 | 2026-02-26 |
stuartbates WP Responsive Images
|
CVE NVD | |
| CVE-2026-2506 |
EM Cost Calculator <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting via 'customer_name'
|
MEDIUM | 6.1 | 2026-02-26 |
motahar1 EM Cost Calculator
|
CVE NVD | |
| CVE-2026-27942 |
fast-xml-parser has stack overflow in XMLBuilder with preserveOrder
|
LOW | 2.7 | 2026-02-26 |
NaturalIntelligence fast-xml-parser
fast-xml-parser_project fast-xml-parser
+1个
|
CVE NVD | |
| CVE-2026-27941 |
OpenLIT Vulnerable to Remote Code Execution and Secret Exposure via Misuse of `pull_request_target` in GitHub Actions Workflows
|
CRITICAL | 10.0 | 2026-02-26 |
openlit openlit
|
CVE NVD | |
| CVE-2026-27938 |
WPGraphQL Repo Vulnerable to Command Injection via Unsanitized GitHub Actions Expression in Release Workflow
|
HIGH | 7.7 | 2026-02-26 |
wp-graphql wp-graphql
|
CVE NVD | |
| CVE-2026-27904 |
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions
|
HIGH | 7.5 | 2026-02-26 |
isaacs minimatch
isaacs minimatch
+7个
|
CVE NVD | |
| CVE-2026-27903 |
minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
|
HIGH | 7.5 | 2026-02-26 |
isaacs minimatch
isaacs minimatch
+7个
|
CVE NVD | |
| CVE-2026-27902 |
Svelte Vulnerable to XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers
|
MEDIUM | 5.3 | 2026-02-26 |
sveltejs svelte
svelte svelte
|
CVE NVD | |
| CVE-2026-27901 |
Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`
|
MEDIUM | 5.3 | 2026-02-26 |
sveltejs svelte
svelte svelte
+1个
|
CVE NVD | |
| CVE-2026-27887 |
Spin has memory leaks in various WIT interfaces
|
MEDIUM | 6.9 | 2026-02-26 |
spinframework spin
spinframework SpinKube
+1个
|
CVE NVD | |
| CVE-2026-27900 |
Terraform Provider Debug Logs Vulnerable to Sensitive Information Exposure
|
MEDIUM | 5.0 | 2026-02-26 |
linode terraform-provider-linode
|
CVE NVD | |
| CVE-2026-22728 |
sealed-secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations
|
MEDIUM | 4.9 | 2026-02-26 |
Bitnami sealed-secrets
|
CVE NVD | |
| CVE-2026-27899 |
WireGuard Portal Vulnerable to Privilege Escalation to Admin via User Self-Update
|
HIGH | 8.8 | 2026-02-26 |
h44z wg-portal
wgportal wireguard_portal
|
CVE NVD | |
| CVE-2026-27896 |
MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity
|
HIGH | 7.0 | 2026-02-26 |
modelcontextprotocol go-sdk
|
CVE NVD | |
| CVE-2026-27830 |
c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property
|
HIGH | 8.9 | 2026-02-26 |
swaldman c3p0
|
CVE NVD | |
| CVE-2026-27888 |
pypdf: Manipulated FlateDecode XFA streams can exhaust RAM
|
MEDIUM | 6.6 | 2026-02-26 |
py-pdf pypdf
pypdf_project pypdf
|
CVE NVD | |
| CVE-2026-27884 |
NetExec vulnerable to arbitrary file write via path traversal in spider_plus module
|
MEDIUM | 5.3 | 2026-02-26 |
Pennyw0rth NetExec
|
CVE NVD | |
| CVE-2026-27829 |
Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize
|
MEDIUM | 6.5 | 2026-02-26 |
withastro astro
|
CVE NVD |