Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/11/08 12:0 a.m.35 views

Microsoft Network Policy Server 安全漏洞

Microsoft Network Policy Server is used to create and enforce organization-wide network access policies for connection request authentication and authorization by Microsoft Corporation USA. A security vulnerability exists in Microsoft Network Policy Server NPS. The following products and versions...

7.5CVSS7.6AI score0.0193EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/11/01 12:0 a.m.35 views

IBAX go-ibax SQL注入漏洞

IBAX go-ibax is a blockchain system platform from IBAX Corporation. IBAX go-ibax suffers from a SQL injection vulnerability that stems from some unknown functionality in file/api/v2/open/rowsInfo, where manipulation of the parameter order leads to SQL injection...

8.8CVSS7.9AI score0.30082EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.35 views

OpenCats 跨站脚本漏洞

OpenCats is an open source recruitment process management system. A security vulnerability exists in OpenCats v0.9.6, which stems from a security issue with the email parameter in the Check Email feature. No details of the vulnerability are provided at this time...

6.1CVSS6.6AI score0.01333EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.35 views

Rdiffweb 访问控制错误漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. An access control error vulnerability exists in Rdiffweb versions prior to 2.5.0a6, which stems from a lack of authentication for...

9.8CVSS5.8AI score0.00749EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/24 12:0 a.m.35 views

Nepxion 安全漏洞

Nepxion Discovery is an enhanced middleware for service registration discovery for Spring Cloud. Nepxion Discovery 6.16.2 and earlier versions are vulnerable to a remote code execution vulnerability that stems from a lack of validation of input data in Discovery-commons and is susceptible to SpEL...

9.8CVSS8.6AI score0.01804EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/09 12:0 a.m.35 views

Microsoft Visual Studio 安全漏洞

Microsoft Visual Studio is a family of development tool suites from Microsoft Corporation USA and a largely complete development toolset that includes most of the tools needed throughout the software lifecycle. A security vulnerability exists in Microsoft Visual Studio. The following products and...

8.8CVSS8.3AI score0.01779EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.35 views

Ruby ruby-mysql 安全漏洞

Ruby ruby-mysql is a pure Ruby version of the MySQL connector from the Ruby community.An access control error vulnerability exists in Ruby ruby-mysql Gem versions prior to 2.10.0, which stems from the fact that a malicious MySQL server can request local file content from a client without explicit...

6.5CVSS5.5AI score0.01107EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/05/19 12:0 a.m.35 views

Cisco Common Services Platform Collector 跨站脚本漏洞

Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...

6.1CVSS6.4AI score0.00685EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.35 views

Encode OSS httpx 输入验证错误漏洞

Encode OSS httpx is a full-featured HTTP client from Encode OSS UK. It provides both synchronous and asynchronous APIs and supports HTTP/1.1 and HTTP/2. An input validation error vulnerability exists in Encode OSS httpx version 1.0.0 and prior versions, which stems from improper input validation ...

9.1CVSS8.1AI score0.02026EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.35 views

Jenkins Dashboard View Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both products of Jenkins, an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins Dashboard View Plugin version 2.18 and earlier is vulnerable to a cross-site scripting...

5.4CVSS5.7AI score0.00792EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/02/28 12:0 a.m.35 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in WordPress Crazy Bone plugin 0.6.0 and earlier versions, which stems fr...

6.1CVSS5.7AI score0.01374EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.35 views

Jenkins 插件 权限许可和访问控制问题漏洞

Jenkins plug-ins are plug-ins that provide functionality for Jenkins. The Jenkins SWAMP Plugin Access Control Error vulnerability can be exploited by an attacker to connect to the attacker's specified web server using the attacker's specified credentials...

8.8CVSS5.6AI score0.0111EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.35 views

TokTok c-toxcore 缓冲区错误漏洞

c-toxcore is a peer-to-peer serverless instant messenger designed to make security and privacy easier for the average user. A buffer error vulnerability in TokTok c-toxcore, which stems from a stack-based buffer overflow in the handlerequest function in DHT.c caused by improperly calculating the...

9.8CVSS9.1AI score0.03954EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/12/08 12:0 a.m.35 views

Ivanti Endpoint Manager 代码注入漏洞

Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Endpoint Manager EPM that originates in Ivanti EPM that allows an unauthenticated user with limited privileges to execute arbitrary code...

9.8CVSS8.9AI score0.99105EPSS
Exploits9References7
CNNVD
CNNVD
added 2021/10/26 12:0 a.m.35 views

CODESYS 安全漏洞

CODESYS is a controller development system from 3S-Smart Software Solutions, Germany. A security vulnerability exists in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT versions prior to V2.4.7.56, which stems from a crafted invalid request without authentication in the affected software may...

7.5CVSS7.2AI score0.02649EPSS
Exploits4References7
CNNVD
CNNVD
added 2021/10/13 12:0 a.m.35 views

Intel HAXM 资源管理错误漏洞

Intel HAXM Intel Hardware Accelerated Execution Manager is a cross-platform hardware-assisted virtualization engine hypervisor from Intel Corporation that is widely used as a gas pedal for Android Emulator and QEMU. Intel HAXM suffers from a resource management error vulnerability, which arises...

8.4CVSS7.8AI score0.00252EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/06/15 12:0 a.m.35 views

ThroughTek P2P SDK 信息泄露漏洞

ThroughTek P2P SDK is a software application from Throughtek for video surveillance products and large "audio/video" file transfers. An information disclosure vulnerability exists in the ThroughTek P2P SDK. The vulnerability can be exploited by an attacker to access sensitive information...

9.1CVSS5.6AI score0.00578EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.34 views

Bouncy Castle Java 安全漏洞

Bouncy Castle Java is an open-source encryption algorithm developed by Legion of the Bouncy Castle Inc. Versions of Bouncy Castle Java prior to 1.84 contained security vulnerabilities. These vulnerabilities stemmed from unlimited resource allocation, which could lead to exhaustion of pre-authoriz...

8.7CVSS5.8AI score0.00758EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.34 views

OpenClaw 数据伪造问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a Data Forgery Issue vulnerability that stems from an unverified webhook key in Telegram webhook mode, which can be exploited by an attacker to forge Telegram updates to bypass the sender permission li...

9.8CVSS5.8AI score0.00255EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.34 views

Tinycontrol LAN Controller 安全漏洞

Tinycontrol LAN Controller is a building automation controller from Tinycontrol Poland. A security vulnerability exists in Tinycontrol LAN Controller version 1.58a, which stems from an authentication bypass that could lead to modification of administrator credentials...

9.8CVSS6.9AI score0.00621EPSS
Exploits2References4
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.34 views

N-able N-central 安全漏洞

N-able N-central is an RMM platform from N-able Canada Inc. provides large-scale management, automation and orchestration capabilities for sophisticated MSPs and IT professionals. A security vulnerability exists in N-able N-central versions prior to 2025.4, which originates from XML external enti...

8.4CVSS6.7AI score0.307EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/08/16 12:0 a.m.34 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uncalled rcubarrier, which could lead to the execution of unintended code when a module is uninstalled...

5.5CVSS6.8AI score0.00157EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/06/29 12:0 a.m.34 views

Code-Projects Simple Forum 路径遍历漏洞

Simple forum is a simple forum. Simple forum suffers from a path traversal vulnerability, which stems from the parameter filename in the file /forumdownloadfile.php failing to properly filter for special elements in the path of a resource or file. An attacker can exploit this vulnerability to cau...

5.3CVSS6.9AI score0.0045EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.34 views

Microsoft Windows Common Log File System Driver 资源管理错误漏洞

The Microsoft Windows Common Log File System Driver is a Microsoft Corporation Common Log File System CLFS API that provides a high-performance, general-purpose log file subsystem that can be used by dedicated client applications and shared by multiple clients to optimize logging and access...

7.8CVSS9.5AI score0.01291EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.34 views

WordPress plugin WP STAGING Pro 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. An information...

5.3CVSS5.8AI score0.0029EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/07 12:0 a.m.34 views

GNUPlot 代码问题漏洞

GNUPlot is a command line interactive tool by Leon Sorokin, a personal developer, that allows users to convert data and data functions into easily viewable planar or three-dimensional shapes by entering commands. A code issue vulnerability exists in GNUPlot, which stems from IOstrinitstaticintern...

6.2CVSS6.4AI score0.00195EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.34 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from a runtime PM underflow in the qcom bamdma driver...

5.5CVSS5.5AI score0.00249EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/12/31 12:0 a.m.34 views

path-sanitizer 路径遍历漏洞

path-sanitizer is a simple lightweight npm package from the individual developers at Cabra. A path traversal vulnerability exists in path-sanitizer versions prior to 3.1.0. An attacker could use this vulnerability to access sensitive files or directories on the system...

9.3CVSS9AI score0.00733EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/04 12:0 a.m.34 views

WordPress plugin Accessibility by AllAccessible 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS8AI score0.0072EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/15 12:0 a.m.34 views

WordPress plugin WP 2FA with Telegram 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.8CVSS6.7AI score0.00465EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.34 views

SAP HANA 安全漏洞

SAP HANA is a set of high-performance real-time data analytics platform from Germany's SAP SAP. The platform provides data query functions to support users to query real-time business data query and analysis. An input validation error vulnerability exists in the SAP HANA Node.js client, which ste...

4.3CVSS6.8AI score0.00589EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/09/03 12:0 a.m.34 views

Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat USA that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak version 24.0.3 and prior versions. An attacker could use this vulnerability to brute-force...

6.5CVSS6.5AI score0.00793EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/02/20 12:0 a.m.34 views

wolfSSL 缓冲区错误漏洞

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in wolfSSL versions prior to 5.6.6, which can be exploited by an attacker to trigger a 5-byte buffer out-of-bounds read...

9.1CVSS6.9AI score0.006EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/10/18 12:0 a.m.34 views

PrestaShop Path Traversal Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts and product image scaling. A security vulnerability exists in PrestaShop Common-Services version 2.5.9 and prior versions, which stems from a lac...

7.5CVSS7.1AI score0.00583EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.34 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from allowing commit...

6.5CVSS6.3AI score0.00485EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.34 views

Apache Pulsar 授权问题漏洞

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-room cross-region data replication, and...

6.5CVSS6.4AI score0.00722EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/17 12:0 a.m.34 views

Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen has a security vulnerability that stems...

3.3CVSS4.8AI score0.00264EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.34 views

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. XWiki Platform suffers from a cross-site scripting vulnerability that originates from the fact that any user who can create a space can become the administrator of that space in ...

7.7CVSS5.4AI score0.00567EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/03/22 12:0 a.m.34 views

MinIO 安全漏洞

MinIO is an open source object storage server from US-based MinIO. The product supports building infrastructures for machine learning, analytics, and application data workloads. A security vulnerability exists in MinIO. An attacker exploited the vulnerability to gain access to the Enable Console...

8.8CVSS8.3AI score0.06736EPSS
Exploits2References5
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.34 views

Schneider Electric IGSS Data Server 数据伪造问题漏洞

Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to a data forgery issue, which could be exploited by an attacker to send specific crafted messages to the data server T...

8.8CVSS6.9AI score0.00403EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/07 12:0 a.m.34 views

LMeve SQL注入漏洞

LMeve is the industry manager and contribution tracker for EVE Online. A SQL injection vulnerability exists in roxlukas LMeve versions prior to 0.1.59-beta, which stems from an issue with the function insertlog in the file wwwroot/ccpwgl/proxy.php, where manipulation of the parameter fetch can le...

9.8CVSS6.5AI score0.00667EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.35 views

Elrond go 安全漏洞

Elrond go is an open source go implementation of the Elrond Network protocol by Elrond Network. Elrond go 1.3.50 before the version of a security vulnerability , the vulnerability stems from the existence of a processing problem , in trying to use smart contracts to deploy transaction data...

7.2CVSS6.7AI score0.00724EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/25 12:0 a.m.34 views

Bank Management System SQL注入漏洞

Bank Management System is a bank management system. A SQL injection vulnerability exists in Blood Bank Management System version 1.0, which stems from several unknown handlers in the login.php file that manipulate the parameters username/password allowing an attacker to implement SQL injection. N...

9.8CVSS8AI score0.00605EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/19 12:0 a.m.34 views

WordPress plugin Photo Gallery by 10Web 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.5AI score0.00244EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/12/14 12:0 a.m.34 views

WordPress 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress suffers from a code issue vulnerability that stems from unauthenticated server-side request forgery ...

5.9CVSS6.1AI score0.0315EPSS
Exploits5References3
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.34 views

IBM CICS TX 加密问题漏洞

IBM CICS TX is a comprehensive, single transaction runtime package from International Business Machines IBM. IBM CICS TX version 11.7 is vulnerable to an encryption issue that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decrypt...

7.5CVSS6.6AI score0.00478EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/11 12:0 a.m.34 views

IBM PowerVM Hypervisor 授权问题漏洞

IBM PowerVM Hypervisor is an application from International Business Machines IBM, Inc. Providing a secure and scalable virtualized environment, these applications are built on the advanced RAS capabilities and leading performance of the Power Systems platform. A misconfiguration vulnerability...

9.8CVSS6.7AI score0.00465EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/11 12:0 a.m.34 views

ForU CMS 跨站脚本漏洞

ForU CMS is a website builder system by ForU Open Source. A security vulnerability exists in ForU CMS that originates from unknown code in cmschip.php. An attacker can exploit the vulnerability to cause cross-site scripting through manipulation of parameter names...

5.4CVSS5.4AI score0.00344EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/07 12:0 a.m.34 views

Trellix Data Exchange Layer Broker 安全漏洞

The Trellix Data Exchange Layer Broker Trellix DXL Broker is a data exchange layer DXL broker from Trellix, Inc. It is installed on hosted systems and routes messages between connected clients, effectively allowing clients to connect to the DXL. A security vulnerability exists in Trellix Data...

6.5CVSS6AI score0.00146EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/31 12:0 a.m.34 views

VMware Spring Security 安全漏洞

VMware Spring Security is a suite of security frameworks from VMware that provide illustrative security protections for Spring-based applications. A security vulnerability exists in VMware Spring Security versions 5.7.x prior to 5.7.5 and 5.6.x prior to 5.6.9, which stems from a malicious user or...

8.1CVSS7.8AI score0.01011EPSS
Exploits0References6
Total number of security vulnerabilities5000