浏览 247+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-28272 | Kiteworks Email Protection Gateway has a Cross-site Scripting vulnerability | kiteworks | security-advisories | High | 8.1 | 2026-02-27 20:23:00 | Deep Dive |
| CVE-2026-28271 | Kiteworks Core is vulnerable to Server-Side Request Forgery (SSRF) | kiteworks | security-advisories | Medium | 6.5 | 2026-02-27 20:21:12 | Deep Dive |
| CVE-2026-28270 | Kiteworks Core has an Unrestricted Upload of File with Dangerous Type | kiteworks | security-advisories | Medium | 4.9 | 2026-02-27 20:19:55 | Deep Dive |
| CVE-2026-28269 | Kiteworks Core has an OS Command Injection | kiteworks | security-advisories | Medium | 5.9 | 2026-02-26 22:52:27 | Deep Dive |
| CVE-2025-66558 | Nextcloud Twofactor WebAuthn app was updated based on public key | nextcloud | security-advisories | Low | 3.1 | 2025-12-05 18:00:50 | Deep Dive |
| CVE-2025-66556 | Nextcloud talk allows participants to blindly delete poll drafts of other users by ID | nextcloud | security-advisories | Low | 3.5 | 2025-12-05 17:56:44 | Deep Dive |
| CVE-2025-66554 | Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field | nextcloud | security-advisories | Low | 3.5 | 2025-12-05 17:51:00 | Deep Dive |
| CVE-2025-66549 | Nextcloud Desktop discloses information when attempting to lock a file inside a end-to-end encrypted directory | nextcloud | security-advisories | Low | 2.4 | 2025-12-05 17:47:01 | Deep Dive |
| CVE-2025-66545 | Nextcloud Groupfolders users with read-only permissions for team folder can restore deleted files from trash bin | nextcloud | security-advisories | Low | 3.5 | 2025-12-05 17:44:13 | Deep Dive |
| CVE-2025-66515 | Nextcloud Approval app allows users to request approval for other users file | nextcloud | security-advisories | Low | 2.7 | 2025-12-05 17:37:07 | Deep Dive |
| CVE-2025-66514 | Nextcloud Mail stored HTML injection in subject text | nextcloud | security-advisories | Low | 3.5 | 2025-12-05 17:32:26 | Deep Dive |
| CVE-2025-66557 | Nextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-owners | nextcloud | security-advisories | Medium | 5.4 | 2025-12-05 17:28:49 | Deep Dive |
| CVE-2025-66548 | Nextcloud Deck app allows to spoof file extensions by using RTLO characters | nextcloud | security-advisories | Low | 3.3 | 2025-12-05 17:26:11 | Deep Dive |
| CVE-2025-66553 | Nextcloud Tables app allowed users to view columns metadata information of any table | nextcloud | security-advisories | Medium | 4.3 | 2025-12-05 17:18:10 | Deep Dive |
| CVE-2025-66551 | Nextcloud Tables is missing an ownership check which allows moving columns into tables of other users | nextcloud | security-advisories | Medium | 6.3 | 2025-12-05 17:15:17 | Deep Dive |
| CVE-2025-66513 | Nextcloud Tables app share information not limited to relevant users | nextcloud | security-advisories | Medium | 4.3 | 2025-12-05 17:11:20 | Deep Dive |
| CVE-2025-66550 | Nextcloud Calendar attachments of local files are offered to downloaded | nextcloud | security-advisories | Medium | 5.7 | 2025-12-05 16:56:45 | Deep Dive |
| CVE-2025-66546 | Nextcloud Calendar app allowed booking appointments without the generated token | nextcloud | security-advisories | Low | 3.3 | 2025-12-05 16:49:47 | Deep Dive |
| CVE-2025-66511 | Nextcloud Calendar app used predictable proposal participant tokens | nextcloud | security-advisories | Medium | 4.8 | 2025-12-05 16:42:30 | Deep Dive |
| CVE-2025-66552 | Nextcloud Server admin_audit does not log all actions on files in groupfolders | nextcloud | security-advisories | Medium | 4.3 | 2025-12-05 16:36:40 | Deep Dive |