浏览 15+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-11762 | HubSpot All-In-One Marketing - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure | hubspotdev | HubSpot All-In-One Marketing – Forms, Popups, Live Chat | Medium | 4.3 | 2026-04-24 07:45:07 | Deep Dive |
| CVE-2026-1908 | Integration with Hubspot Forms <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | minnur | Integration with Hubspot Forms | Medium | 6.4 | 2026-03-21 03:26:59 | Deep Dive |
| CVE-2026-25526 | JinJava Bypass through ForTag leads to Arbitrary Java Execution | HubSpot | jinjava | Critical | 9.8 | 2026-02-04 21:26:59 | Deep Dive |
| CVE-2026-24559 | WordPress Integration for Contact Form 7 HubSpot plugin <= 1.4.3 - Sensitive Data Exposure vulnerability | CRM Perks | Integration for Contact Form 7 HubSpot | Medium | 5.3 | 2026-01-23 14:28:55 | Deep Dive |
| CVE-2025-68590 | WordPress Integration for Contact Form 7 HubSpot plugin <= 1.4.2 - SQL Injection vulnerability | CRM Perks | Integration for Contact Form 7 HubSpot | High | 7.6 | 2025-12-24 13:10:43 | Deep Dive |
| CVE-2025-60178 | WordPress WP Gravity Forms HubSpot plugin <= 1.2.6 - Deserialization of untrusted data vulnerability | CRM Perks | WP Gravity Forms HubSpot | - | - | 2025-12-18 07:22:09 | Deep Dive |
| CVE-2025-11257 | LLM Hubspot Blog Import <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Hubspot Import | limelightmarketing | LLM Hubspot Blog Import | Medium | 4.3 | 2025-10-24 08:24:01 | Deep Dive |
| CVE-2025-60151 | WordPress WP Gravity Forms HubSpot Plugin <= 1.2.5 - Open Redirection Vulnerability | CRM Perks | WP Gravity Forms HubSpot | - | - | 2025-10-22 14:32:42 | Deep Dive |
| CVE-2025-59340 | jinjava Sandbox Bypass via JavaType-Based Deserialization | HubSpot | jinjava | Critical | 9.8 | 2025-09-17 20:01:56 | Deep Dive |
| CVE-2024-10591 | MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics <= 1.5.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update | makewebbetter | MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics | High | 8.8 | 2025-01-30 13:42:09 | Deep Dive |
| CVE-2024-8628 | Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin <= 1.2.70.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | properfraction | MailOptin – Popup, Optin Forms & Email Newsletters for Mailchimp, HubSpot, AWeber Etc. | Medium | 5.4 | 2024-09-24 03:06:38 | Deep Dive |
| CVE-2024-5879 | HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics <= 11.1.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via HubSpot Meeting Widget | hubspotdev | HubSpot All-In-One Marketing – Forms, Popups, Live Chat | Medium | 6.4 | 2024-08-30 04:29:57 | Deep Dive |
| CVE-2024-34756 | WordPress Integration for HubSpot and Contact Form 7 plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability | CRM Perks | Integration for Contact Form 7 HubSpot | Medium | 4.3 | 2024-05-17 09:49:30 | Deep Dive |
| CVE-2023-31095 | WordPress Integration for Contact Form 7 HubSpot Plugin <= 1.2.8 is vulnerable to Open Redirection | CRM Perks | Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 4.7 | 2023-12-29 09:50:01 | Deep Dive |
| CVE-2022-1239 | HubSpot < 8.8.15 - Contributor+ Blind SSRF | Unknown | HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics | 高危 | - | 2022-05-02 16:05:49 | Deep Dive |