浏览 31+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40265 | Note Mark has Broken Access Control on Asset Download | enchant97 | note-mark | Medium | 5.9 | 2026-04-16 23:56:03 | Deep Dive |
| CVE-2026-40263 | Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel | enchant97 | note-mark | Low | 3.7 | 2026-04-16 23:53:50 | Deep Dive |
| CVE-2026-40262 | Note Mark has Stored XSS via Unrestricted Asset Upload | enchant97 | note-mark | High | 8.7 | 2026-04-16 23:51:39 | Deep Dive |
| CVE-2026-34890 | WordPress MSTW League Manager plugin <= 2.10 - Cross Site Scripting (XSS) vulnerability | Mark O’Donnell | MSTW League Manager | Medium | 6.5 | 2026-04-02 12:58:02 | Deep Dive |
| CVE-2025-62944 | WordPress MSTW CSV EXPORTER plugin <= 1.4 - Broken Access Control vulnerability | Mark O'Donnell | MSTW CSV EXPORTER | Medium | 5.3 | 2025-10-27 01:34:07 | Deep Dive |
| CVE-2025-58852 | WordPress MSTW League Manager Plugin <= 2.10 - Cross Site Request Forgery (CSRF) Vulnerability | Mark O'Donnell | MSTW League Manager | High | 7.1 | 2025-09-05 13:45:36 | Deep Dive |
| CVE-2025-46440 | WordPress kStats Reloaded plugin <= 0.7.4 - Reflected Cross Site Scripting (XSS) vulnerability | Mark | kStats Reloaded | High | 7.1 | 2025-05-23 12:43:48 | Deep Dive |
| CVE-2025-32670 | WordPress Spark GF Failed Submissions plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability | Mark Parnell | Spark GF Failed Submissions | High | 7.1 | 2025-04-17 15:47:00 | Deep Dive |
| CVE-2025-31905 | WordPress Team Rosters Plugin <= 4.7 - Reflected Cross Site Scripting (XSS) vulnerability | Mark O'Donnell | Team Rosters | High | 7.1 | 2025-04-03 13:27:17 | Deep Dive |
| CVE-2025-23534 | WordPress WPLingo plugin <= 1.1.2 - Arbitrary Content Deletion vulnerability | Mark Winiarski | WPLingo | Medium | 6.5 | 2025-02-14 12:44:29 | Deep Dive |
| CVE-2025-25160 | WordPress Style Tweaker plugin <= 0.11 - CSRF to Stored XSS vulnerability | Mark Barnes | Style Tweaker | High | 7.1 | 2025-02-07 10:11:58 | Deep Dive |
| CVE-2025-23963 | WordPress Mark Posts plugin <= 2.2.4 - Broken Access Control vulnerability | flymke | Mark Posts | Medium | 5.4 | 2025-01-16 20:08:10 | Deep Dive |
| CVE-2024-54311 | WordPress Mark New Posts plugin <= 7.5.1 - Broken Access Control vulnerability | i.lychkov | Mark New Posts | Medium | 5.4 | 2024-12-13 14:25:21 | Deep Dive |
| CVE-2024-52439 | WordPress Team Rosters plugin <= 4.8.2 - PHP Object Injection vulnerability | Mark O'Donnell | Team Rosters | Critical | 9.8 | 2024-11-20 11:27:34 | Deep Dive |
| CVE-2024-50547 | WordPress Themedy Toolbox plugin <= 1.0.16 - Cross Site Scripting (XSS) vulnerability | Mark Hodder | Themedy Toolbox | Medium | 6.5 | 2024-11-19 16:32:07 | Deep Dive |
| CVE-2024-47320 | WordPress WS Form LITE plugin <= 1.9.238 - Cross Site Scripting (XSS) vulnerability | Mark Westguard | WS Form LITE | High | 7.1 | 2024-10-06 11:19:16 | Deep Dive |
| CVE-2024-41819 | Note Mark has a stored XSS in the note link href attribute | enchant97 | note-mark | High | 8.7 | 2024-07-29 16:03:34 | Deep Dive |
| CVE-2023-52228 | WordPress Beds24 Online Booking plugin <= 2.0.24 - Cross Site Scripting (XSS) vulnerability | Mark Kinchin | Beds24 Online Booking | Medium | 6.5 | 2024-03-27 05:54:46 | Deep Dive |
| CVE-2024-24850 | WordPress Quicksand Post Filter jQuery plugin <= 3.1.1 - Broken Access Control vulnerability | Mark Stockton | Quicksand Post Filter jQuery Plugin | Medium | 5.3 | 2024-03-21 17:49:24 | Deep Dive |
| CVE-2024-29139 | WordPress MyCurator Content Curation plugin <= 3.76 - Cross Site Scripting (XSS) vulnerability | Mark Tilly | MyCurator Content Curation | High | 7.1 | 2024-03-19 13:37:42 | Deep Dive |