快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 361436
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2026-20792 |
Chargemap chargemap.com Improper Restriction of Excessive Authentication Attempts
|
HIGH | 7.5 | 2026-02-26 |
Chargemap chargemap.com
chargemap chargemap.com
|
CVE NVD | |
| CVE-2026-25851 |
Chargemap chargemap.com Missing Authentication for Critical Function
|
CRITICAL | 9.4 | 2026-02-26 |
Chargemap chargemap.com
chargemap chargemap.com
|
CVE NVD | |
| CVE-2026-3268 |
psi-probe PSI Probe Session Attribute RemoveSessAttributeController.java access control
|
MEDIUM | 5.3 | 2026-02-26 |
psi-probe PSI Probe
psi-probe PSI Probe
+3个
|
CVE NVD | |
| CVE-2026-28280 |
`osctrl-admin` has Stored Cross-Site Scripting (XSS) in On-Demand Query List
|
MEDIUM | 6.1 | 2026-02-26 |
jmpsec osctrl
jmpsec osctrl
|
CVE NVD | |
| CVE-2026-28279 |
`osctrl-admin` Vulnerable to OS Command Injection via Environment Configuration
|
HIGH | 7.4 | 2026-02-26 |
jmpsec osctrl
jmpsec osctrl
|
CVE NVD | |
| CVE-2026-28276 |
Initiative Allows Unauthenticated Access to Uploaded Documents via Public /uploads/ Endpoint
|
HIGH | 7.5 | 2026-02-26 |
Morelitea initiative
morelitea initiative
|
CVE NVD | |
| CVE-2026-28275 |
Initiative Vulnerable to Improper Session Invalidation (JWT Remains Valid)
|
HIGH | 8.1 | 2026-02-26 |
Morelitea initiative
morelitea initiative
|
CVE NVD | |
| CVE-2026-28274 |
Initiative Vulnerable to Token Theft via Stored XSS in Document Uploads
|
HIGH | 8.7 | 2026-02-26 |
Morelitea initiative
morelitea initiative
|
CVE NVD | |
| CVE-2026-28269 |
Kiteworks Core has an OS Command Injection
|
MEDIUM | 5.9 | 2026-02-26 |
kiteworks security-advisories
accellion kiteworks
|
CVE NVD | |
| CVE-2026-28230 |
In SteVe, any authenticated charger can terminate any other charger's active transaction (missing ownership verification on StopTransaction)
|
MEDIUM | 5.7 | 2026-02-26 |
steve-community steve
steve-community steve
|
CVE NVD | |
| CVE-2026-28226 |
Phishing Club has Authenticated Blind SQL Injection in GetOrphaned Recipient Listing
|
MEDIUM | 6.5 | 2026-02-26 |
phishingclub phishingclub
phishing.club phishing_club
|
CVE NVD | |
| CVE-2026-28225 |
Manyfold has IDOR in ModelFilesController
|
MEDIUM | 5.3 | 2026-02-26 |
manyfold3d manyfold
manyfold manyfold
|
CVE NVD | |
| CVE-2026-28217 |
IDOR in GraphQL userCollection Query Exposes Other Users' Private Collections
|
MEDIUM | 6.5 | 2026-02-26 |
hoppscotch hoppscotch
hoppscotch hoppscotch
|
CVE NVD | |
| CVE-2026-28216 |
hoppscotch has IDOR in updateUserEnvironment / deleteUserEnvironment
|
HIGH | 8.3 | 2026-02-26 |
hoppscotch hoppscotch
hoppscotch hoppscotch
|
CVE NVD | |
| CVE-2026-28215 |
hoppscotch Vulnerable to Unauthenticated Onboarding Config Takeover
|
CRITICAL | 9.1 | 2026-02-26 |
hoppscotch hoppscotch
hoppscotch hoppscotch
|
CVE NVD | |
| CVE-2026-3265 |
go2ismail Free-CRM Security API improper authorization
|
MEDIUM | 5.3 | 2026-02-26 |
go2ismail Free-CRM
go2ismail free-crm
|
CVE NVD | |
| CVE-2026-28213 |
EverShop Vulnerable to Arbitrary Customer Account Takeover via Exposure of Password Reset Token in API Response
|
CRITICAL | 9.8 | 2026-02-26 |
evershopcommerce evershop
evershop evershop
|
CVE NVD | |
| CVE-2026-28211 |
Arbitrary code execution in log reader via untrusted log file
|
HIGH | 7.8 | 2026-02-26 |
CyrilleB79 NVDA-Dev-Test-Toolbox
|
CVE NVD | |
| CVE-2026-28208 |
Junrar has arbitrary file write due to backslash path traversal bypass in LocalFolderExtractor on Linux/Unix
|
MEDIUM | 5.9 | 2026-02-26 |
junrar junrar
junrar_project junrar
|
CVE NVD | |
| CVE-2026-28207 |
Zen-C Vulnerable to Command Injection via Malicious Output Filename
|
MEDIUM | 6.6 | 2026-02-26 |
z-libs Zen-C
z-libs zen_c
|
CVE NVD |