| CVE-2026-0592 |
code-projects在线产品预订系统SQL注入漏洞 |
高危 |
7.3 |
2026-01-05 |
| CVE-2026-0591 |
code-projects在线产品预订系统SQL注入漏洞 |
中危 |
6.3 |
2026-01-05 |
| CVE-2026-0590 |
code-projects Online Product Reservation System SQ... |
中危 |
6.3 |
2026-01-05 |
| CVE-2026-0589 |
Online Product Reservation System 1.0 管理员后台认证绕过漏洞 |
高危 |
7.3 |
2026-01-05 |
| CVE-2026-0588 |
Xinhu Rainrock RockOA跨站脚本漏洞 |
低危 |
3.5 |
2026-01-05 |
| CVE-2026-0587 |
Xinhu Rainrock RockOA Cover Image Handler XSS漏洞 |
低危 |
3.5 |
2026-01-05 |
| CVE-2026-0586 |
| Online Product Reservation System 1.0 跨站脚本漏洞 |
中危 |
4.3 |
2026-01-05 |
| CVE-2026-0585 |
code-projects Online Product Reservation System 1.... |
高危 |
7.3 |
2026-01-05 |
| CVE-2026-0584 |
Online Product Reservation System SQL注入漏洞 |
中危 |
6.3 |
2026-01-05 |
| CVE-2026-0583 |
code-projects Online Product Reservation System 1.... |
高危 |
7.3 |
2026-01-05 |
| CVE-2026-0582 |
itsourcecode Society Management System 1.0 SQL注入漏洞 |
中危 |
6.3 |
2026-01-05 |
| CVE-2026-0581 |
Tenda AC1206路由器 formBehaviorManager命令注入漏洞 |
中危 |
6.3 |
2026-01-05 |
| CVE-2026-0580 |
SourceCodester API Key Manager App 1.0 Import Key ... |
低危 |
3.5 |
2026-01-05 |
| CVE-2025-9543 |
FlexTable WordPress插件存储型XSS漏洞 |
低危 |
3.5 |
2026-01-05 |
| CVE-2025-69226 |
AIOHTTP静态文件路径规范化信息泄露漏洞 |
中危 |
5.3 |
2026-01-05 |
| CVE-2025-69224 |
AIOHTTP HTTP请求走私漏洞 |
中危 |
6.5 |
2026-01-05 |
| CVE-2025-69223 |
AIOHTTP ZIP炸弹拒绝服务漏洞 |
高危 |
7.5 |
2026-01-05 |
| CVE-2025-69087 |
WordPress FreeAgent主题本地文件包含漏洞 |
高危 |
8.1 |
2026-01-05 |
| CVE-2025-68953 |
Frappe框架路径遍历漏洞允许任意文件读取 |
高危 |
7.5 |
2026-01-05 |
| CVE-2025-68865 |
Infility Global SQL注入漏洞 |
严重 |
9.3 |
2026-01-05 |
| CVE-2025-68850 |
WordPress Sell Downloads插件缺失授权漏洞 |
高危 |
7.5 |
2026-01-05 |
| CVE-2025-68547 |
WordPress Follow My Blog Post插件缺少授权漏洞 |
高危 |
7.5 |
2026-01-05 |
| CVE-2025-68456 |
Craft CMS CVE-2025-68456 未授权数据库备份漏洞 |
严重 |
9.1 |
2026-01-05 |
| CVE-2025-68455 |
Craft CMS 认证后远程代码执行漏洞 |
高危 |
7.2 |
2026-01-05 |
| CVE-2025-68454 |
Craft CMS Twig SSTI远程代码执行漏洞 |
高危 |
8.8 |
2026-01-05 |
| CVE-2025-68437 |
Craft CMS GraphQL API服务器端请求伪造漏洞 |
中危 |
6.8 |
2026-01-05 |
| CVE-2025-68436 |
Craft CMS用户头像功能敏感资产泄露漏洞 |
中危 |
6.5 |
2026-01-05 |
| CVE-2025-68428 |
jsPDF路径遍历导致本地文件读取漏洞 |
高危 |
7.5 |
2026-01-05 |
| CVE-2025-68280 |
Apache SIS XXE漏洞可读取服务器本地文件 |
中危 |
6.5 |
2026-01-05 |
| CVE-2025-68044 |
Five Star Restaurant Reservations 授权绕过漏洞 |
高危 |
8.6 |
2026-01-05 |
| CVE-2025-68033 |
WordPress Custom Related Posts插件敏感信息泄露漏洞 |
高危 |
7.5 |
2026-01-05 |
| CVE-2025-68029 |
WordPress Wallet System for WooCommerce敏感信息泄露漏洞 |
中危 |
6.3 |
2026-01-05 |
| CVE-2025-68014 |
AweBooking插件敏感数据泄露漏洞 |
中危 |
6.5 |
2026-01-05 |
| CVE-2025-67732 |
Dify平台API密钥明文暴露漏洞 |
中危 |
6.5 |
2026-01-05 |
| CVE-2025-67427 |
evershop /images API Blind SSRF漏洞 |
中危 |
6.5 |
2026-01-05 |
| CVE-2025-67419 |
evershop /images API 拒绝服务漏洞 |
高危 |
7.5 |
2026-01-05 |
| CVE-2025-67397 |
Passy 1.6.3 远程代码执行漏洞 |
严重 |
9.1 |
2026-01-05 |
| CVE-2025-67316 |
Realme浏览器远程代码执行漏洞 |
中危 |
5.4 |
2026-01-05 |
| CVE-2025-67303 |
ComfyUI-Manager 路径遍历导致配置数据泄露 |
高危 |
7.5 |
2026-01-05 |
| CVE-2025-66648 |
vega-functions XSS跨站脚本漏洞 |
高危 |
7.2 |
2026-01-05 |
| CVE-2025-66518 |
Apache Kyuubi Server访问控制绕过漏洞 |
高危 |
8.8 |
2026-01-05 |
| CVE-2025-66376 |
Zimbra Collaboration Classic UI存储型XSS漏洞 |
高危 |
7.2 |
2026-01-05 |
| CVE-2025-65922 |
Planka 2.0.0 缺少安全头导致点击劫持/钓鱼攻击风险 |
中危 |
4.3 |
2026-01-05 |
| CVE-2025-65328 |
Mega-Fence XFF头部IP欺骗漏洞 |
中危 |
6.5 |
2026-01-05 |
| CVE-2025-65110 |
Vega可视化库DOM XSS漏洞 |
高危 |
8.1 |
2026-01-05 |
| CVE-2025-61916 |
Spinnaker服务器端请求伪造漏洞 |
高危 |
7.9 |
2026-01-05 |
| CVE-2025-61781 |
OpenCTI GraphQL授权绕过导致工作区未授权删除漏洞 |
高危 |
7.1 |
2026-01-05 |
| CVE-2025-59955 |
Coolify团队成员API信息泄露漏洞 |
中危 |
5.7 |
2026-01-05 |
| CVE-2025-5965 |
Centreon Infra Monitoring 命令注入漏洞 |
高危 |
7.2 |
2026-01-05 |
| CVE-2025-59467 |
UCRM Argentina AFIP invoices Plugin XSS漏洞 |
高危 |
7.5 |
2026-01-05 |