Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/12/13 12:0 a.m.33 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc. in the United States. A security vulnerability exists in Google Chrome Mac and Linux versions prior to 108.0.5359.124, and Windows versions prior to 108.0.5359.125, which stems from a post-release reuse in Blink Frames...

8.8CVSS8.1AI score0.00651EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/11/21 12:0 a.m.33 views

WordPress plugin Contact Form 7 Database Addon 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...

9.8CVSS7.2AI score0.03617EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/11/15 12:0 a.m.33 views

WordPress plugin Follow Me Plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Follow Me Plugin 3.1.1 and...

8.8CVSS7.8AI score0.00552EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/11/10 12:0 a.m.33 views

HashiCorp Nomad 代码问题漏洞

HashiCorp Nomad is a simple and flexible scheduler and orchestrator from HashiCorp USA. for managing containerized and non-containerized applications at scale, both locally and in the cloud. A code issue vulnerability exists in HashiCorp Nomad and Nomad Enterprise versions 1.4.0 through 1.4.1,...

4.3CVSS5.1AI score0.00462EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/07 12:0 a.m.33 views

Google Android 资源管理错误漏洞

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...

8.4CVSS7.5AI score0.00142EPSS
Exploits2References5
CNNVD
CNNVD
added 2022/09/20 12:0 a.m.33 views

YetiForceCrm 跨站脚本漏洞

YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site scripting vulnerability exists in versions of YetiForceCrm prior to 6.4.0, which stems from the undefined and unvalidated workflowModel-summary parameter on the Workflow module in Settings and is used direct...

6.3CVSS6.2AI score0.00512EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.33 views

Matrix matrix-appservice-irc 资源管理错误漏洞

matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. A resource management error vulnerability exists in Matrix matrix-appservice-irc prior to version 0.35.0, which stems from an error in the underlying matrix-org/node-irc...

6.3CVSS6.4AI score0.00681EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/09 12:0 a.m.33 views

OpenEMR 跨站脚本漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A cross-site scripting vulnerability exists in OpenEMR versions prior to 7.0.0.1,...

9.6CVSS7.2AI score0.95839EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.33 views

Jenkins CLIF Performance Testing Plugin 路径遍历漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A path traversal...

6.5CVSS6.8AI score0.00674EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/07/12 12:0 a.m.33 views

Git for Windows 代码问题漏洞

Git for Windows is the Git groups' Git for Windows. A code issue vulnerability exists in versions prior to Git for Windows v2.37.1, which stems from the possibility that the installer can be tricked into executing untrusted binaries...

8.2CVSS8.1AI score0.00394EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.33 views

Jenkins Plugin RocketChat Notifier 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

4.3CVSS5.6AI score0.00701EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.33 views

WordPress plugin WP Ultimate CSV Importer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A server cross-site request...

7.2CVSS5.4AI score0.0126EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/05/25 12:0 a.m.33 views

Xwiki Platform 跨站脚本漏洞

Xwiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company Xwiki. A security vulnerability exists in XWiki Platform Flamingo Theme UI versions after 6.2.4, 6.3-rc-1, which stems from the presence of a cross-site scripting vector in the...

7.4CVSS5.8AI score0.01263EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/16 12:0 a.m.33 views

WordPress plugin WPCargo Track & Trace 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress WPCargo Track...

4.8CVSS5.3AI score0.00577EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.33 views

Shopware 授权问题漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. There is a security vulnerability in Shopware, there is no information about the vulnerability at the moment, please stay tuned to CNNVD or the vendor's announcement...

7.5CVSS7.2AI score0.00812EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/04 12:0 a.m.33 views

WordPress plugin MapPress Maps代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress MapPress Maps plugin has an authorization problem vulnerability that stems from a lack of authentication measures or...

7.2CVSS5.8AI score0.01484EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/03/24 12:0 a.m.33 views

Gitea 输入验证错误漏洞

Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in Gitea versions prior to 1.16.5, which stems from opening a redirect during login in Gitea versions prior to 1.16.5...

7.2CVSS6.4AI score0.53177EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/03/19 12:0 a.m.33 views

iRZ Mobile Routers 跨站请求伪造漏洞

iRZ Mobile Routers is a series of mobile routers from the Russian company iRZ. A security vulnerability exists in /api/crontab of iRZ Mobile Routers, which can be exploited by an attacker to create a crontab entry in the router's administration panel, which will be executed by a cronjob at an...

9.3CVSS8.8AI score0.34531EPSS
Exploits5References8
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.33 views

Microsoft Defender 代码注入漏洞

Microsoft Defender for IoT is an asset discovery, vulnerability management, and threat monitoring solution for IoT/OT environments.Microsoft Defender for IoT suffers from a remote code execution vulnerability. An attacker could exploit this vulnerability to execute code on the target host...

7.2CVSS6.8AI score0.02209EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/10/19 12:0 a.m.33 views

Oracle VM VirtualBox 安全漏洞

Oracle VM VirtualBox is a virtual machine management software from Oracle. A denial of service vulnerability exists in the Core component of Oracle VM VirtualBox versions prior to 6.1.28, which can be exploited by an attacker to cause Oracle VM VirtualBox to hang or crash frequently and repeatedl...

4.4CVSS5.6AI score0.00383EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/10/07 12:0 a.m.33 views

IR615 Router 跨站脚本漏洞

The IR615 Router is a 4G industrial router from Rimu Technologies, China. IR615 Router has a cross-site scripting vulnerability that could be exploited to hijack user sessions connected to the system...

8.7CVSS4.9AI score0.00537EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/09/01 12:0 a.m.33 views

Http4s访问控制错误漏洞

http4s is an open source streaming HTTP server for Scala. An access control error vulnerability exists in Http4s that stems from the default CORS configuration being vulnerable to source reflection attacks. The following products and versions are affected: 0.21.26 and earlier, 0.22.0 through...

9.1CVSS8.2AI score0.00594EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/08/11 12:0 a.m.33 views

merge-change 软件包安全漏洞

merge-change is an open source simple library for deep merging of objects and other types, also for patching and immutable new. The merge-change package has a security vulnerability that makes the package susceptible to prototype contamination via the utils.set function...

9.8CVSS8.3AI score0.01084EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/06/28 12:0 a.m.33 views

RabbitMQ跨站脚本漏洞

Pivotal Software RabbitMQ is a suite of open source message broker software from Pivotal Software, USA, that implements the Advanced Message Queuing Protocol AMQP. A cross-site scripting vulnerability exists in RabbitMQ versions prior to 3.8.17, which stems from a cross-site scripting vulnerabili...

5.4CVSS5.1AI score0.01437EPSS
Exploits1References9
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.33 views

Ubuntu Apport 后置链接漏洞

Apport is a toolkit for collecting and giving feedback on error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Ubuntu Apport that stems from incorrect handling of certain information gathering operations, which can be...

7.3CVSS6AI score0.00289EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.32 views

dify 安全漏洞

dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.13.3 have security vulnerabilities. These vulnerabilities stem from improper handling of parameters in the parseopenaipluginjsontotoolbundle function of the ApiBasedToolSchemaParser...

6.5CVSS6.6AI score0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.32 views

Frigate 安全漏洞

Frigate is a complete native NVR designed by Blake Blackshear for home assistants with AI object detection capabilities. Version 0.17.0 of Frigate contains a security vulnerability caused by improper access control, which may lead to the exposure of sensitive configuration information...

6.5CVSS5.8AI score0.00246EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.32 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the IdentityBrokerService.performLogin endpoint allowing authentication with disabled identity providers, potentially leading to bypass of access...

8.1CVSS5.8AI score0.00333EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/16 12:0 a.m.33 views

vichan 授权问题漏洞

Vichan is an open-source PHP image panel developed by vichan-devel. Versions of Vichan 5.1.5 and earlier have a vulnerability related to authorization issues. This vulnerability stems from the handling of the Password parameter by the Password Change Handler component in the inc/mod/pages.php fil...

5.1CVSS5.9AI score0.00271EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.32 views

Microsoft Windows Network Driver Interface Specification 缓冲区错误漏洞

The Microsoft Windows Network Driver Interface Specification is one of the core components of a Windows network architecture from Microsoft Corporation. A buffer error vulnerability exists in the Microsoft Windows Network Driver Interface Specification. An attacker could exploit this vulnerabilit...

4.3CVSS5.9AI score0.00442EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/21 12:0 a.m.32 views

WordPress plugin TempTool 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

6.5CVSS5.6AI score0.00127EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.32 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly freeing the node pointer returned by ofgetchildbyname, which could lead to a reference count leak...

5.5CVSS5.8AI score0.00149EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/08/22 12:0 a.m.32 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from canaan k230 not completing DT resolution before registering pinctrl, which could lead to the use of...

5.5CVSS6.1AI score0.00143EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.32 views

Microsoft Office 资源管理错误漏洞

Microsoft Office is an office software suite product from the U.S.-based Microsoft Corporation Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and others. A resource management error vulnerability exists in Microsoft Office. An attacker...

8.4CVSS6.5AI score0.00499EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.32 views

Siemens多款产品 安全漏洞

Siemens SmartClient modules Opcenter QL Home is a client module from Siemens Germany. A security vulnerability exists in various Siemens products, which stems from mishandling of errors and could lead to the exposure of system applications. The following products and versions are affected:...

3.5CVSS6.4AI score0.00151EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.32 views

Autodesk Navisworks 缓冲区错误漏洞

Autodesk Navisworks is a 3D model review software for architecture, engineering, and construction by Autodesk, Inc. A security vulnerability exists in Autodesk Navisworks that originates from parsing a specially crafted DWFX file resulting in an out-of-bounds read, which could trigger a crash or...

7.8CVSS7AI score0.00212EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/25 12:0 a.m.32 views

VMware Tools for Windows 安全漏洞

VMware Tools for Windows is a suite of Windows-based enhancement tools from VMware that come with VMWare virtual machines, and it is a driver provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of the virtual machine with th...

7.8CVSS9.3AI score0.00334EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/12 12:0 a.m.32 views

Apache Camel 安全漏洞

Apache Camel is an open source integration framework based on the Enterprise Integration Pattern EIP from the Apache Foundation in the United States. The framework provides an implementation of the Enterprise Integration Pattern's Java Objects POJOs and configures rules for routing and brokering...

5.6CVSS6.6AI score0.79817EPSS
Exploits4References2
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.32 views

Fortinet FortiWeb SQL注入漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A SQL injection vulnerability exists in...

2.7CVSS5.2AI score0.00392EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/24 12:0 a.m.32 views

Hanwha Vision NVR 安全漏洞

Hanwha Vision NVR is a series of network video recorder devices from Hanwha Vision, a South Korean company. A security vulnerability exists in Hanwha Vision NVR that stems from a hard-coded seed string for an encryption key, which can lead to remote code execution...

5.6CVSS7.5AI score0.00182EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/19 12:0 a.m.32 views

Xen 安全漏洞

Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen that stems from a...

6.5CVSS6.9AI score0.00264EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.32 views

AirTies Air4443 跨站脚本漏洞

AirTies Air4443 is a firmware from AirTies, Inc. A cross-site scripting vulnerability exists in AirTies Air4443 that stems from improper input neutralization during web page generation, resulting in a cross-site scripting vulnerability...

6.1CVSS6.1AI score0.00194EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/22 12:0 a.m.32 views

Cisco 多款产品安全漏洞

Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliances Software ASA Software are both products of Cisco Corporation.Cisco Firepower Threat Defense is a set of unified software to provide next-generation firewall services. Cisco Adaptive Security Appliances Software is a set of...

5CVSS6.5AI score0.00333EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.32 views

Intel Extreme Tuning Utility 安全漏洞

Intel Extreme Tuning Utility is a software from Intel Corporation USA that can increase CPU frequency. In addition to supporting overclocking of CPUs and graphics cards, the program also features system hardware information detection and real-time monitoring of the current system status to ensure...

7.8CVSS6.4AI score0.00156EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/31 12:0 a.m.32 views

SaltStack Salt 安全漏洞

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt that stems from an attacker being able to traverse a directory in order to...

7.7CVSS7.2AI score0.0083EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/20 12:0 a.m.32 views

WordPress Plugin GoCardless Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.2CVSS6.5AI score0.00541EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/20 12:0 a.m.32 views

WordPress Plugin flowpaper Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.4CVSS6AI score0.00451EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.32 views

Broadcom Symantec SiteMinder 跨站脚本漏洞

Broadcom Symantec SiteMinder is an identity provider and federation system from Broadcom, Inc. It provides access to web applications and portals. A security vulnerability exists in Broadcom Symantec SiteMinder version 12.52. An attacker could exploit this vulnerability to execute malicious HTML...

6.1CVSS5.9AI score0.03083EPSS
Exploits3References4
CNNVD
CNNVD
added 2023/05/12 12:0 a.m.32 views

WordPress plugin Essential Addons for Elementor 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An authorization issue vulnerabilit...

9.8CVSS8.6AI score0.75531EPSS
Exploits8References5
CNNVD
CNNVD
added 2023/05/12 12:0 a.m.32 views

Lost and Found Information System SQL注入漏洞

Lost and Found Information System is a lost and found information system by oretnom23 Individual Developer. A SQL injection vulnerability exists in Lost and Found Information System version 1.0, which stems from an incorrect manipulation of the parameter id resulting in sql injection...

9.8CVSS7.1AI score0.00819EPSS
Exploits1References4
Total number of security vulnerabilities5000