浏览 30+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34986 | Go JOSE affect by a panic in JWE decryption | go-jose | go-jose | High | 7.5 | 2026-04-06 16:22:45 | Deep Dive |
| CVE-2026-34240 | jose vulnerable to untrusted JWK header key acceptance during signature verification | appsup-dart | jose | High | 7.5 | 2026-03-31 15:44:24 | Deep Dive |
| CVE-2025-57898 | WordPress WP Frontend Admin plugin <= 1.22.7 - Cross Site Scripting (XSS) vulnerability | Jose Vega | WP Frontend Admin | Medium | 6.5 | 2025-09-22 18:25:30 | Deep Dive |
| CVE-2025-53864 | Connect2id Nimbus JOSE + JWT 安全漏洞 | Connect2id | Nimbus JOSE+JWT | Medium | 5.8 | 2025-07-11 00:00:00 | Deep Dive |
| CVE-2025-28993 | WordPress Content No Cache plugin <= 0.1.4 - Arbitrary Function Call vulnerability | Jose Mortellaro | Content No Cache | High | 8.6 | 2025-06-27 11:52:41 | Deep Dive |
| CVE-2025-32503 | WordPress Link Shield plugin <= 0.5.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | Jose Conti | Link Shield | High | 7.1 | 2025-04-09 16:09:42 | Deep Dive |
| CVE-2025-30874 | WordPress Specific Content For Mobile plugin <= 0.5.3 - Broken Access Control vulnerability | Jose Mortellaro | Specific Content For Mobile | Medium | 4.3 | 2025-03-27 10:55:38 | Deep Dive |
| CVE-2025-27144 | Go JOSE's Parsing Vulnerable to Denial of Service | go-jose | go-jose | 高危 | - | 2025-02-24 22:22:23 | Deep Dive |
| CVE-2023-46188 | WordPress Freesoul Deactivate Plugins plugin <= 2.1.3 - Broken Access Control vulnerability | Jose Mortellaro | Freesoul Deactivate Plugins – Plugin manager and cleanup | Medium | 4.3 | 2025-01-02 12:00:00 | Deep Dive |
| CVE-2023-31073 | WordPress Shortcode to display post and user data plugin <= 1.2.0 - Broken Access Control vulnerability | Jose Vega | Display custom fields in the frontend – Post and User Profile Fields | Medium | 4.3 | 2024-12-09 11:31:00 | Deep Dive |
| CVE-2024-29126 | WordPress Specific Content For Mobile plugin <= 0.1.9.5 - Cross Site Scripting (XSS) vulnerability | Jose Mortellaro | Specific Content For Mobile – Customize the mobile version without redirections | High | 7.1 | 2024-03-19 14:18:29 | Deep Dive |
| CVE-2024-28180 | Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) | go-jose | go-jose | Medium | 4.3 | 2024-03-09 00:54:46 | Deep Dive |
| CVE-2024-28176 | jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext | panva | jose | Medium | 4.9 | 2024-03-09 00:43:07 | Deep Dive |
| CVE-2024-1437 | WordPress Adsmonetizer Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS) | José Fernandez | Adsmonetizer | High | 7.1 | 2024-02-29 05:12:22 | Deep Dive |
| CVE-2023-5537 | Delete Usermetas <= 1.1.2 - Cross-Site Request Forgery | jose-lazo | Delete Usermetas | Medium | 4.3 | 2023-11-22 15:33:22 | Deep Dive |
| CVE-2023-44239 | WordPress WWM Social Share On Image Hover Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) | Jobin Jose | WWM Social Share On Image Hover | Medium | 5.9 | 2023-10-02 09:30:43 | Deep Dive |
| CVE-2023-22687 | WordPress Freesoul Deactivate Plugins – Plugin manager and cleanup Plugin <= 1.9.4.0 is vulnerable to Sensitive Data Exposure | Jose Mortellaro | Freesoul Deactivate Plugins – Plugin manager and cleanup | Low | 3.7 | 2023-04-16 08:08:23 | Deep Dive |
| CVE-2023-25653 | Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS) | cisco | node-jose | High | 7.5 | 2023-02-16 18:15:27 | Deep Dive |
| CVE-2023-23928 | reason-jose ignores signature checks | ulrikstrid | reason-jose | Medium | 5.9 | 2023-02-01 00:59:38 | Deep Dive |
| CVE-2022-36083 | JOSE vulnerable to resource exhaustion via specifically crafted JWE | panva | jose | Medium | 5.3 | 2022-09-07 21:55:09 | Deep Dive |