浏览 118+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-23696 | Windmill < 1.603.3 File Ownership Handling SQLi RCE | Windmill Labs | Windmill CE (Community Edition) | Critical | 9.9 | 2026-04-07 16:50:53 | Deep Dive |
| CVE-2026-22683 | Windmill < 1.615.0 Operator Role Missing Authorization Checks RCE | Windmill Labs | Windmill CE (Community Edition) | High | 8.8 | 2026-04-07 16:50:30 | Deep Dive |
| CVE-2019-25367 | ArangoDB Community Edition 3.4.2-1 XSS via aardvark admin interface | Arangodb | ArangoDB Community Edition | Medium | 5.4 | 2026-02-15 13:58:50 | Deep Dive |
| CVE-2026-1337 | Insufficient escaping of unicode characters in query log | neo4j | Enterprise Edition | - | - | 2026-02-06 13:13:19 | Deep Dive |
| CVE-2026-1622 | Unredacted data exposure in query.log | neo4j | Enterprise Edition | - | - | 2026-02-04 09:14:46 | Deep Dive |
| CVE-2025-15241 | CloudPanel Community Edition HTTP Header users redirect | CloudPanel | Community Edition | Low | 3.5 | 2025-12-30 09:02:07 | Deep Dive |
| CVE-2025-11230 | Denial of service vulnerability in HAProxy mjson library | HAProxy Technologies | HAProxy Community Edition | High | 7.5 | 2025-11-19 09:28:40 | Deep Dive |
| CVE-2025-12922 | OpenClinica Community Edition CRF Data Import ImportCRFData path traversal | OpenClinica | Community Edition | Medium | 6.3 | 2025-11-10 00:02:06 | Deep Dive |
| CVE-2025-12921 | OpenClinica Community Edition CRF Data Import ImportCRFData xml injection | OpenClinica | Community Edition | Medium | 4.3 | 2025-11-09 23:32:05 | Deep Dive |
| CVE-2025-12547 | LogicalDOC Community Edition Admin Login login.jsp excessive authentication | LogicalDOC | Community Edition | Low | 3.7 | 2025-10-31 18:32:08 | Deep Dive |
| CVE-2025-12546 | LogicalDOC Community Edition API Key creation UI cross site scripting | LogicalDOC | Community Edition | Low | 3.5 | 2025-10-31 18:32:06 | Deep Dive |
| CVE-2025-11602 | Untargeted information leak in Bolt protocol handshake | neo4j | Enterprise Edition | 中危 | - | 2025-10-31 10:20:17 | Deep Dive |
| CVE-2025-11946 | LogicalDOC Community Edition Add Contact frontend.jsp cross site scripting | LogicalDOC | Community Edition | Low | 3.5 | 2025-10-19 21:32:06 | Deep Dive |
| CVE-2025-10492 | Jaspersoft Library Deserialisation Vulnerability | Jaspersoft | JasperReports Library Community Edition | - | - | 2025-09-16 16:41:45 | Deep Dive |
| CVE-2025-24388 | Unsafe handling of AJAX calls | OTRS AG | OTRS | Low | 3.8 | 2025-06-16 11:29:20 | Deep Dive |
| CVE-2025-5412 | Mist Community Edition Authentication Endpoint views.py login cross site scripting | Mist | Community Edition | Low | 3.5 | 2025-06-01 23:31:05 | Deep Dive |
| CVE-2025-5411 | Mist Community Edition views.py tag_resources cross site scripting | Mist | Community Edition | Low | 3.5 | 2025-06-01 23:00:19 | Deep Dive |
| CVE-2025-5410 | Mist Community Edition middleware.py session_start_response cross-site request forgery | Mist | Community Edition | Medium | 4.3 | 2025-06-01 22:31:05 | Deep Dive |
| CVE-2025-5409 | Mist Community Edition API Token views.py create_token access control | Mist | Community Edition | High | 7.3 | 2025-06-01 22:00:16 | Deep Dive |
| CVE-2025-24389 | SMTP Password will be shown in cleartext on some SMTP errors | OTRS AG | OTRS | Medium | 6.3 | 2025-01-27 05:59:01 | Deep Dive |