快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 360566
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2026-29064 |
Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73
|
HIGH | 8.2 | 2026-03-06 |
lfprojects zarf
|
NVD | |
| CVE-2025-70363 |
Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x all
|
HIGH | 7.5 | 2026-03-06 |
未知
|
NVD | |
| CVE-2025-15602 |
Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges tha
|
HIGH | 8.8 | 2026-03-06 |
未知
|
NVD | |
| CVE-2026-27777 |
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
|
MEDIUM | 6.5 | 2026-03-06 |
未知
|
NVD | |
| CVE-2026-27764 |
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows mu
|
HIGH | 7.3 | 2026-03-06 |
未知
|
NVD | |
| CVE-2026-27123 |
Rejected reason: Reason: This candidate was issued in error.
|
UNKNOWN | N/A | 2026-03-06 |
未知
|
NVD | |
| CVE-2026-27027 |
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
|
MEDIUM | 6.5 | 2026-03-06 |
未知
|
NVD | |
| CVE-2026-26288 |
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorize
|
CRITICAL | 9.4 | 2026-03-06 |
未知
|
NVD | |
| CVE-2026-26018 |
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerabil
|
HIGH | 7.5 | 2026-03-06 |
coredns.io coredns
|
NVD | |
| CVE-2026-26017 |
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in Cor
|
HIGH | 7.7 | 2026-03-06 |
coredns.io coredns
|
NVD | |
| CVE-2026-24696 |
The WebSocket Application Programming Interface lacks restrictions on the number of authentication r
|
HIGH | 7.5 | 2026-03-06 |
未知
|
NVD | |
| CVE-2026-20882 |
The WebSocket Application Programming Interface lacks restrictions on the number of authentication r
|
HIGH | 7.5 | 2026-03-06 |
未知
|
NVD | |
| CVE-2026-20748 |
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows mu
|
HIGH | 7.3 | 2026-03-06 |
未知
|
NVD | |
| CVE-2026-2754 |
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on
|
HIGH | 7.5 | 2026-03-06 |
未知
|
NVD | |
| CVE-2026-2753 |
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP se
|
HIGH | 7.5 | 2026-03-06 |
未知
|
NVD | |
| CVE-2026-2752 |
Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticate
|
MEDIUM | 5.3 | 2026-03-06 |
未知
|
NVD | |
| CVE-2026-26051 |
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorize
|
CRITICAL | 9.4 | 2026-03-06 |
未知
|
NVD | |
| CVE-2026-1799 |
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate has been dete
|
UNKNOWN | N/A | 2026-03-06 |
未知
|
NVD | |
| CVE-2022-4947 |
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-32111. Reason:
|
UNKNOWN | N/A | 2026-03-06 |
未知
|
NVD | |
| CVE-2018-25200 |
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated att
|
MEDIUM | 5.3 | 2026-03-06 |
tomalofficial php_oop_cms_blog
|
NVD |