Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/12/06 12:0 a.m.38 views

Fortinet FortiADC 输入验证错误漏洞

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. An input validation error vulnerability exists in Fortinet FortiADC, which stems from improper input validation of the application and could be exploited by an authenticated attacker to retrieve a file with a specific...

6.5CVSS6.6AI score0.0074EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/30 12:0 a.m.38 views

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform. The platform includes community, email and chat room features. A cross-site scripting vulnerability exists in Discourse BBCode, which stems from the fact that it allows an attacker to utilize multiple CSS injections...

9.8CVSS7.9AI score0.0113EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/09/19 12:0 a.m.38 views

Necta WiFi Mouse 授权问题漏洞

Necta WiFi Mouse is a wireless mouse from Necta. A security vulnerability exists in Necta WiFi Mouse version 1.7.8.5, which stems from the fact that due to the reliance on client-side authentication, the authentication mechanism can be easily bypassed, which could lead to remote code execution...

9.8CVSS8.7AI score0.73475EPSS
Exploits5References7
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.38 views

Adobe InCopy 缓冲区错误漏洞

Adobe InCopy is an application produced by Adobe for professional word processing. Adobe InCopy 17.3 and 16.4.2 and prior versions contain an out-of-bounds read vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS7.5AI score0.00595EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.38 views

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google. A security vulnerability exists in Google TensorFlow, which stems from an assertion failure given by Unbatch when it receives a non-scalar input id, which could trigger a denial-of-service attack. T...

7.5CVSS7.4AI score0.00396EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/23 12:0 a.m.38 views

FreeOpcUa 安全漏洞

FreeOpcUa is an open source C++ OPC-UA server and client library. A security vulnerability exists in FreeOpcUa, which is susceptible to a denial of service DoS attack when sending multiple CloseSession requests with the DeleteSubscription parameter equal to False to bypass excessive memory...

7.5CVSS5.6AI score0.00779EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/22 12:0 a.m.38 views

WordPress Plugin WP phpMyAdmin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.8CVSS5.1AI score0.00642EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.38 views

Advantech iView SQL注入漏洞

Advantech iView, a software based on Simple Network Protocol SNMP for managing B B SmartWorx devices from Advantech, China, is vulnerable to a SQL injection vulnerability in versions prior to Advantech iView 5.7.04.6469, which results from the use of special elements in SQL commands that are not...

7.5CVSS5.9AI score0.10085EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.38 views

Gogs 代码问题漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service from the GOGS team that supports creating and migrating public/private repositories, adding and removing repository collaborators, and more. A security vulnerability exists in Gogs versions prior to 0.12.5, which stems from the la...

5.3CVSS6.1AI score0.03422EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/12/27 12:0 a.m.38 views

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a security vulnerability exists in versions of Rust nanorand crate prior to 0.6.1, which stems from the fact that the same object can have multiple mutable references. No details of the vulnerability are current...

9.8CVSS5.6AI score0.01191EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/27 12:0 a.m.38 views

Rust 加密问题漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. version 0.9.7 before Rust sha2 crate 0.9.8 contains a security vulnerability in which the hash of a long message may be incorrect when the AVX2-accelerated backend is used. No details of the vulnerability are...

9.8CVSS5.5AI score0.00805EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/10/19 12:0 a.m.38 views

Oracle MySQL 输入验证错误漏洞

Oracle MySQL Cluster is a write-scalable, real-time, ACID-compatible transactional database developed by Oracle Corporation USA. Oracle MySQL Cluster 8.0.26 and earlier versions of the Cluster: General component are vulnerable to an input validation error that could be exploited by an attacker to...

1.8CVSS5.3AI score0.00655EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/10/18 12:0 a.m.38 views

WordPress 插件跨站脚本漏洞

WordPress plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress PDF Flipbook, 3D Flipbook, DearFlip plugin versions prior to 1.7.10, which stems from not bypassing the class attribute of its shortcode before outputting back to the attribut...

5.4CVSS5.5AI score0.00629EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.37 views

Strapi 安全漏洞

Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 5.45.0 contained security vulnerabilities. These vulnerabilities stemmed from a rate-limiting mechanism in the users-permissions plugin, which derived rate-limiting keys...

6.9CVSS6AI score0.00492EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.37 views

pypdf 资源管理错误漏洞

pypdf is py-pdf open source a free open source pure python PDF library . Able to split , merge , crop and convert pages of PDF files . pypdf versions prior to 6.6.0 has a resource management error vulnerability , the vulnerability stems from the processing of missing Root objects and large Size...

6.9CVSS6.4AI score0.00391EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.37 views

datart 安全漏洞

datart is an open source data visualization open platform by running-elephant. A security vulnerability exists in datart version 1.0.0-rc.3, which stems from the POST /viz/image interface not strictly validating filenames, which could lead to a directory traversal attack...

7.1CVSS6.4AI score0.00582EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.37 views

SUSE Linux多款产品 安全漏洞

SUSE Linux Enterprise Desktop is an enterprise server version of the Linux desktop operating system from SUSE Germany. A security vulnerability exists in various SUSE Linux products that originates from a stream reset in the HTTP/2 implementation that results in excessive consumption of server...

7.5CVSS6.6AI score0.04604EPSS
Exploits3References11
CNNVD
CNNVD
added 2025/06/18 12:0 a.m.37 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a missing node reference release that could lead to a reference count leak...

5.5CVSS6.3AI score0.00208EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/03/09 12:0 a.m.37 views

Apache Camel 安全漏洞

Apache Camel is the United States Apache Apache Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern Java objects POJO implementation , and throug...

5.6CVSS7.4AI score0.79817EPSS
Exploits3References9
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.37 views

WordPress plugin iThemes Sync 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

4.3CVSS7.2AI score0.00383EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/14 12:0 a.m.37 views

Harbor 授权问题漏洞

Harbor is an open source registry from Harbor Open Source. Artifacts are protected through policies and role-based access control to ensure that images are scanned and are not vulnerable, and that images are signed as trusted. Harbor suffers from an authorization issue vulnerability that stems fr...

7.7CVSS7.3AI score0.00396EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.37 views

Adobe Photoshop 数字错误漏洞

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. Adobe Photoshop suffers from a numeric error vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current...

7.8CVSS7.2AI score0.00299EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.37 views

HP PC 代码问题漏洞

HP PC is a computer product from Hewlett-Packard HP in the United States. A security vulnerability exists in HP PC that stems from a potential hole in the audio package, which could allow privileged escalation...

6CVSS6.7AI score0.00136EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.37 views

Splunk Enterprise和Splunk Cloud Platform 安全漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A security vulnerability exists in Splunk...

5.4CVSS7AI score0.12945EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/09/27 12:0 a.m.37 views

NginxProxyManager 安全漏洞

NginxProxyManager is NginxProxyManager individual developer's Docker container for managing Nginx proxy hosts with a simple, powerful interface. A security vulnerability exists in NginxProxyManager version 2.11.3, which stems from the presence of a command injection vulnerability that could allow...

9.8CVSS8.1AI score0.03084EPSS
Exploits2References4
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.37 views

WordPress plugin Base64 Encoder/Decoder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.8CVSS6.5AI score0.00741EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.37 views

TP-LINK AX1800 安全漏洞

The TP-LINK AX1800 is a dual-band Wi-Fi 6 router from China P&L TP-LINK. The TP-LINK AX1800 suffers from a contention condition vulnerability that can be exploited by an attacker to access resources available on the LAN interface and execute arbitrary code...

9.8CVSS7.3AI score0.01159EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/12 12:0 a.m.37 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE. An attacker exploited the...

6.5CVSS6.5AI score0.00601EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/24 12:0 a.m.37 views

WiX Toolset 安全漏洞

WiX Toolset is an open source code library for . A security vulnerability exists in WiX Toolset that originates from a standard user being able to hijack a binary before it is loaded into an application, resulting in elevated privileges...

7.3CVSS7.3AI score0.00463EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.37 views

Grav 代码注入漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product displays. A security vulnerability exists in Grav prior to version 1.7.45, which stems from validating accessible functions via the Utils::isDangerousFunction function,...

8.8CVSS8.5AI score0.01381EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/03/12 12:0 a.m.37 views

Microsoft Open Management Infrastructure Security Vulnerability

Microsoft Open Management Infrastructure is a free, open source Common Information Model CIM management server from Microsoft. A security vulnerability exists in Microsoft Open Management Infrastructure. An attacker could exploit this vulnerability to gain elevated privileges. The following...

7.8CVSS6.8AI score0.00988EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.37 views

WordPress plugin Font Awesome 4 Menus security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.8CVSS6AI score0.00524EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/05/12 12:0 a.m.37 views

Apache OpenMeetings 授权问题漏洞

Apache OpenMeetings is a multilingual, customizable video conferencing and collaboration system from the Apache Foundation. The product supports audio, video and allows users to view each participant's desktop and more. An authorization issue vulnerability exists in Apache OpenMeetings versions...

8.1CVSS6.8AI score0.01093EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/19 12:0 a.m.37 views

AWS SDK for Rust 日志信息泄露漏洞

Amazon AWS SDK for Rust is an AWS SDK for Rust from Amazon.com, USA. AWS SDK for Rust suffers from a log message disclosure vulnerability that originates from including a user's access key, secret key, and security token in plaintext...

5.5CVSS5.7AI score0.00216EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.37 views

Jenkins Plugin TestQuality Updater 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.5AI score0.00723EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/26 12:0 a.m.37 views

WordPress Plugin php-mod/curl 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.1CVSS6.2AI score0.01261EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/12/19 12:0 a.m.37 views

WordPress plugin InPost Gallery 路径遍历漏洞

WordPress and others are products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language.WordPress plugin is an application plugin.PHP and others are products of.PHP is a scripting language that executes on the server side. A path traversal...

9.8CVSS8.4AI score0.09519EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/12/08 12:0 a.m.37 views

PrestaShop 信息泄露漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. An information disclosure vulnerability exists in PrestaShop versions prior to 1.7.8.8. The vulnerability...

5.3CVSS5.3AI score0.00456EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/10 12:0 a.m.37 views

Wiesemann & Theis Com-Server Family 安全特征问题特征问题漏洞

The Wiesemann & Theis Com-Server Family is a series of serial device servers from the German company Wiesemann & Theis. A security signature issue vulnerability exists in Wiesemann & Theis Com-Server Family. An attacker could exploit this vulnerability to brute force a session id and access...

8.8CVSS8AI score0.00734EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/17 12:0 a.m.37 views

BoxBilling 代码问题漏洞

BoxBilling is open source billing and customer management software from the individual developers of BoxBilling. A security vulnerability exists in BoxBilling versions prior to 0.0.1 that stems from not restricting the upload of dangerous types of files...

7.2CVSS7AI score0.44002EPSS
Exploits7References5
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.37 views

Apache Pinot 安全漏洞

Apache Pinot is the U.S. Apache Apache Foundation, a real-time distributed OLAP data store. It is designed to provide ultra-low latency analytics. A security vulnerability exists in Apache Pinot 0.11.0 and earlier versions, which stems from a vulnerability in the groovy feature support...

9.8CVSS8.2AI score0.01367EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/23 12:0 a.m.37 views

BlueCMS SQL注入漏洞

BlueCMS is a PHP and MySQL based content management system CMS. a security vulnerability exists in BlueCMS version 1.6, which stems from an SQL injection in line 55 of admin/model.php. No details of the vulnerability are currently available...

9.8CVSS7.9AI score0.00761EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.37 views

CoreDNS 安全漏洞

CoreDNS is a DNS server for the CoreDNS community. A security vulnerability exists in CoreDNS that stems from DNS redirection of internal services...

4.4CVSS6.2AI score0.00174EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/11 12:0 a.m.37 views

Varnish Cache 安全漏洞

Varnish Cache is a suite of reverse web caching servers. A security vulnerability exists in Varnish Cache version 7.0.0, 7.0.1, 7.0.2, and 7.1.0, which originates. An attacker can exploit the vulnerability by spoofing HTTP/1 back-end response assertions and automatically restarting the server...

7.5CVSS7.3AI score0.01147EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/08 12:0 a.m.37 views

Online Class and Exam Scheduling System SQL注入漏洞

Online Class and Exam Scheduling System is an online class and exam scheduling system. Online Class and Exam Scheduling System 1.0 suffers from a SQL injection vulnerability that originates from an unknown function in the file /pages/facultysched.php being affected. The operation parameter facult...

9.8CVSS8.2AI score0.00613EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/08/04 12:0 a.m.37 views

Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that originates from the SAML protocol mapper uploading arbitrary Javascript...

7.2CVSS6.8AI score0.00851EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/07/19 12:0 a.m.37 views

GNU SASL 缓冲区错误漏洞

GNU SASL is a GNU community implementation of the Simple Authentication and Security Layer SASL framework and some common SASL mechanisms. A security vulnerability exists in GNU SASL versions prior to 2.0.1 that stems from. Server-side out-of-bounds reads to maliciously authenticated GSS-API...

8.1CVSS7.2AI score0.01091EPSS
Exploits0References11
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.37 views

Jenkins Plugin Deployment Dashboard 信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. an information disclosure vulnerability...

4.3CVSS5.7AI score0.00684EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/06/25 12:0 a.m.37 views

Wire 跨站脚本漏洞

Wire is a chat software from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has group functionality, can make voice calls, send photos, and its original greeting method, PING. Wire has a cross-site scripting vulnerability that stems from insufficient...

9.6CVSS5.6AI score0.00777EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.37 views

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland. A security vulnerability exists in TYPO3. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor's announcement. The...

6.1CVSS6.2AI score0.00541EPSS
Exploits0References3
Total number of security vulnerabilities5000