Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2024/07/09 12:0 a.m.31 views

Microsoft OLE DB Provider for SQL Server Security Vulnerability

Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation USA that allows access to data from a variety of sources in a unified way. A security vulnerability exists in Microsoft OLE DB Provider for SQL Server. An attacker could exploit the vulnerability to remotely execute cod...

8.8CVSS7.3AI score0.01645EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/29 12:0 a.m.31 views

Mitel MiContact Center Business 跨站脚本漏洞

Mitel MiContact Center Business is an all-media contact center platform from Canadian company Mitel. The platform is used in customer communication, production management and other scenarios. A cross-site scripting vulnerability exists in Mitel MiContact Center Business version 10.0.0.4, which is...

5.4CVSS6.3AI score0.00252EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.31 views

Microsoft Windows Common Log File System Driver 缓冲区错误漏洞

The Microsoft Windows Common Log File System Driver is Microsoft's Common Log File System CLFS API provides a high-performance, common log file subsystem that can be used by dedicated client applications and shared by multiple clients to optimize logging and access. access. A buffer error...

5.5CVSS6.9AI score0.05275EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.31 views

1Panel 命令注入漏洞

1Panel is an open source Linux server operations and management panel for the Chinese 1panel community. A command injection vulnerability exists in versions prior to 1Panel v1.10.3-lts. The vulnerability stems from the presence of a command injection issue that can lead to arbitrary file writing...

7.5CVSS8.2AI score0.01329EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/04/17 12:0 a.m.31 views

PyTorch 安全漏洞

PyTorch is a Python package open-sourced by PyTorch. A security vulnerability exists in PyTorch versions prior to v2.2.0 that stems from the inclusion of a heap buffer overflow vulnerability that allows an attacker to cause a denial of service DoS via crafted input...

4CVSS4.9AI score0.00223EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/20 12:0 a.m.31 views

ELECOM wireless LAN routers security vulnerability

ELECOM wireless LAN routers are a series of routers from ELECOM Japan. A security vulnerability exists in ELECOM wireless LAN routers that stems from the presence of a cross-site scripting XSS vulnerability that could execute arbitrary script on a web browser...

4.8CVSS6AI score0.01289EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/02/13 12:0 a.m.31 views

Grafana Security Vulnerabilities

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. Grafana has a security vulnerability that stems from a security flaw in the PUT /api/user handler...

5.4CVSS9AI score0.01385EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/01/30 12:0 a.m.31 views

Vyper Code Issue Vulnerability

Vyper is the Pythonic smart contract language for EVM. A code issue vulnerability exists in Vyper version 0.3.10 and prior versions that stems from not disabling static and delegate calls...

5.3CVSS7.1AI score0.00485EPSS
Exploits3References3
CNNVD
CNNVD
added 2023/11/14 12:0 a.m.31 views

AsyncSSH Data Forgery Issue Vulnerability

AsyncSSH is a Python package that provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. A data forgery issue vulnerability exists in AsyncSSH v2.14.0 and earlier versions, which stems from a vulnerability that allows an attacker to...

5.9CVSS6.6AI score0.00586EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.31 views

Matrix Synapse Security Vulnerability

Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. A security vulnerability exists in Matrix Synapse versions prior to 1.94.0 that stems from a malicious server ACL event that can impact server performance and lead to a denial of service DOS...

4.9CVSS6.6AI score0.01166EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/07/13 12:0 a.m.31 views

WordPress plugin User Registration 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

9.9CVSS9AI score0.01454EPSS
Exploits2References6
CNNVD
CNNVD
added 2023/06/23 12:0 a.m.31 views

libredwg 缓冲区错误漏洞

libredwg is a free implementation of the DWG file format. A buffer error vulnerability exists in libredwg version 0.12.5, which stems from the bitwriteTF function containing a heap buffer overflow vulnerability...

8.8CVSS8.1AI score0.00921EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/06/12 12:0 a.m.31 views

WordPress Plugin Float menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Float men...

6.1CVSS6.8AI score0.00458EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/05/15 12:0 a.m.31 views

giturlparse 安全漏洞

giturlparse is a simple GIT URL parser similar to giturlparse.py. A security vulnerability exists in giturlparse prior to version 1.2.2, which stems from vulnerability to ReDoS attacks when parsing untrusted URLs...

7.5CVSS7.3AI score0.01033EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/05/12 12:0 a.m.31 views

Froxlor 安全漏洞

Froxlor is a set of lightweight server management software from the Froxlor team. A resource management error vulnerability exists in versions of Froxlor prior to 2.0.16 that stems from a failure to properly allocate resources. An attacker can exploit this vulnerability to cause a denial of servi...

7.5CVSS6.6AI score0.00681EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/12 12:0 a.m.31 views

WordPress Plugin Simple Tooltips 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS6.3AI score0.00392EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/10 12:0 a.m.31 views

WordPress plugin Visual CSS Style Editor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

4.8CVSS6.3AI score0.00352EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/14 12:0 a.m.31 views

Microsoft PostScript Printer Driver 安全漏洞

Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft USA. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft Corporation. Microsoft PostScript and PCL6 Class Printer Driver contains an information disclosure...

7.5CVSS6.1AI score0.01425EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/14 12:0 a.m.31 views

SAP NetWeaver AS 授权问题漏洞

SAP NetWeaver AS is a SAP Web Application Server from SAP Germany. It not only provides network services, but also is the basic platform for SAP software. SAP NetWeaver AS version 7.50 has an authorization problem vulnerability, which stems from the lack of authentication checks and can be...

9.9CVSS6.9AI score0.00544EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/26 12:0 a.m.32 views

ASUS ASMB8-iKVM 命令注入漏洞

ASUS ASMB8-iKVM is an effective remote server management chip from Asus China. A security vulnerability exists in ASUS ASMB8-iKVM version 1.14.51 and earlier, which originated from a vulnerability that allows remote attackers to execute arbitrary code by creating an extension using SNMP...

9.8CVSS9AI score0.17399EPSS
Exploits6References8
CNNVD
CNNVD
added 2023/01/10 12:0 a.m.31 views

SAP Bank Account Management 信息泄露漏洞

SAP Bank Account Management is a bank account management system from SAP. An information disclosure vulnerability exists in the SAP Bank Account Management application, which stems from the fact that when a user clicks on a smart link to navigate to another application, personal data is displayed...

5.7CVSS5.8AI score0.00507EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.31 views

Keystone 授权问题漏洞

Keystone is a powerful CMS designed to help you build and scale faster than any other Cms or application framework. An authorization issue vulnerability exists in versions of Keystone prior to 2.3.1, which stems from the fact that users who use field-level access controls are vulnerable to not...

9.8CVSS8.3AI score0.01055EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.31 views

Cisco Identity Services Engine 跨站脚本漏洞

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users, and devices to develop and implement policies to monitor the network. A cross-site scripting vulnerability exists in th...

6.1CVSS7AI score0.00781EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/13 12:0 a.m.31 views

Istio 资源管理错误漏洞

Istio is a set of open platforms for connecting, managing, and securing microservices. Istio suffers from a resource management error vulnerability that stems from susceptibility to request handling errors, which can be exploited by an attacker to send specially crafted or oversized messages that...

7.5CVSS7.3AI score0.01063EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/10/10 12:0 a.m.31 views

Fastify 代码问题漏洞

Fastify is an open source Web framework for Node.js from the Openjs Foundation.A denial-of-service vulnerability exists in versions of Fastify prior to 4.8.1, which stems from the fact that Content-Type headers can be used maliciously and can be exploited by attackers to send invalid Content-Type...

7.5CVSS6.7AI score0.59244EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/05 12:0 a.m.31 views

Rails 代码问题漏洞

Rails is a set of open source web application frameworks based on the Ruby language by the American Rails team. Rails has a security vulnerability that stems from the fact that when serialized columns using YAML the default are deserialized, Rails uses YAML.unsafeload to transform the YAML data...

9.8CVSS7.5AI score0.02386EPSS
Exploits1References8
CNNVD
CNNVD
added 2022/08/03 12:0 a.m.31 views

F5 BIG-IP 注入漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An elevation of privilege vulnerability exists in the F5 BIG-IP health check configuration, which can be exploited by an...

7.2CVSS5.7AI score0.00775EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/08 12:0 a.m.31 views

rpc.py 代码问题漏洞

rpc.py is a fast and powerful ASGI/WSGI-based RPC framework for individual developers in Aber, China. A security vulnerability exists in rpc.py version 0.6.0 and earlier. An attacker exploited the vulnerability to process data using unpickle...

9.8CVSS8.4AI score0.45862EPSS
Exploits7References8
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.31 views

WordPress plugin Easy SVG Support 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress Easy SVG Support plugin 3.3....

5.4CVSS5.1AI score0.00558EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/05/18 12:0 a.m.31 views

ArgoCD 输入验证错误漏洞

ArgoCD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...

4.3CVSS5.1AI score0.0119EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/05/05 12:0 a.m.31 views

Avast Antivirus和AVG Antivirus 资源管理错误漏洞

Avast Antivirus is a suite of antivirus software from the Czech company Avast. A vulnerability exists in Avast Antivirus prior to version 22.1 and AVG Antivirus prior to version 22.1 due to a security restriction not being properly applied by the application in the "Anti Rootkit" driver in...

5.3CVSS7.5AI score0.0025EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/05/01 12:0 a.m.31 views

Sqlite3 安全漏洞

Sqlite is a lightweight database and ACID-compliant relational database management system. A security vulnerability exists in Sqlite3 versions prior to 5.0.3, which can be exploited by attackers to cause a denial of service DoS attack...

7.5CVSS7.4AI score0.01955EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/04/18 12:0 a.m.31 views

Lenovo Notebook 安全漏洞

Lenovo Notebook is a laptop computer from Lenovo, a Chinese company. A security vulnerability exists in Lenovo Notebook that originates from the use of an incorrect driver that is incorrectly not deactivated. A local privileged user can modify the secure boot settings and bypass the implemented...

6.7CVSS6.9AI score0.02999EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/04/13 12:0 a.m.31 views

Elementor安全漏洞

Elementor is a website builder from Israeli company Elementor that allows WordPress users to create and edit websites. There is a security vulnerability in Elementor versions 3.6.0 to 3.6.2. There is no information about the vulnerability at this time, so please stay tuned to CNNVD or the vendor'...

8.8CVSS7.8AI score0.92658EPSS
Exploits10References8
CNNVD
CNNVD
added 2022/04/01 12:0 a.m.31 views

PKP Open Journals System 跨站脚本漏洞

PKP Open Journals System is a journal system. A security vulnerability exists in PKP Open Journals System versions prior to 3.3 to 2.4.8, which allows an attacker to inject arbitrary code via the X-Forwarded-Host header...

6.1CVSS6.5AI score0.0608EPSS
Exploits3References4
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.31 views

WordPress plugin FormCraft 代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A code issue vulnerability previously existed in the WordPres...

9.1CVSS8.4AI score0.20249EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/03/07 12:0 a.m.31 views

Autodesk AutoCAD 缓冲区错误漏洞

Autodesk AutoCAD is a suite of professional 3D drawing software from Autodesk, Inc. A buffer error vulnerability exists in Autodesk AutoCAD because the product does not fully check the security of a DWF file during parsing. The vulnerability can be exploited to cause memory corruption and code...

7.8CVSS8AI score0.0062EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/02/14 12:0 a.m.31 views

WordPress和WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress SpiderCalendar plugin is vulnerable to a cross-site scripting vulnerability that stems from the...

6.1CVSS5.7AI score0.02291EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/02/14 12:0 a.m.31 views

WordPress和WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress NewStatPress plugin prior to 1.3.6. The vulnerabili...

6.1CVSS5.3AI score0.01446EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/12/28 12:0 a.m.31 views

SAFARI Montage 跨站脚本漏洞

SAFARI Montage is a formative assessment tool from safarimontage that enables teachers to check students' understanding of topics or concepts during the course. A cross-site scripting vulnerability exists in SAFARI Montage versions 8.3 and 8.5, which can be exploited by an attacker to execute...

6.1CVSS5.3AI score0.03394EPSS
Exploits4References5
CNNVD
CNNVD
added 2021/12/15 12:0 a.m.31 views

Lychee 跨站脚本漏洞

Lychee is a beautiful and easy to use photo management system open sourced by The Lychee Organisation. Lychee has a cross-site scripting vulnerability, and no details of the vulnerability are available...

6.1CVSS5.2AI score0.00851EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/09 12:0 a.m.31 views

Autodesk Navisworks 缓冲区错误漏洞

Autodesk Navisworks is a 3D model review software for architecture, engineering and construction from Autodesk, Inc. Autodesk Navisworks is vulnerable to a buffer overflow vulnerability that could be exploited by attackers to execute arbitrary code...

7.8CVSS6.5AI score0.0154EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/09/27 12:0 a.m.31 views

WordPress 插件 访问控制错误漏洞

WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plugin PostX, which stems from Gutenberg Blocks in the Post Grid WordPress plugin prior to PostX - version 2.4.10 allows any logged in user to perform error checking before...

6.5CVSS6.5AI score0.00693EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/06/28 12:0 a.m.31 views

PowerISO 缓冲区错误漏洞

PowerISO is a powerful CD/DVD/BD image file processing tool from PowerISO that can open, extract, burn, create, edit, compress, encrypt, split and convert ISO files, and mount ISO files using internal virtual drives. PowerISO suffers from a buffer overflow vulnerability that originates from a...

8.8CVSS6.6AI score0.00947EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/06/15 12:0 a.m.31 views

CLICK PLC CPU Modules 安全漏洞

CLICK PLC CPU Modules are Automation Direct's network devices A single CLICK CPU Module can be connected to up to eight I/O modules to expand the amount of system I/O and meet the needs of a specific application. A security vulnerability exists in Automation Direct CLICK PLC CPU Modules that allo...

7.5CVSS7.3AI score0.00625EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.31 views

Ubuntu Apport 后置链接漏洞

Apport is a toolkit for collecting and feeding back error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Ubuntu Apport that stems from incorrect handling of certain information gathering operations, which can be exploite...

7.3CVSS6.6AI score0.00289EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/04/28 12:0 a.m.31 views

Huawei 多款产品 注入漏洞

Huawei P30 is a smartphone from Huawei China.The Huawei P30 is vulnerable to JavaScript injection, which can be exploited by attackers to launch JavaScript injection by sending malicious application requests...

7.5CVSS5.6AI score0.00721EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/03/18 12:0 a.m.31 views

Jenkins CloudBees AWS Credentials 安全漏洞

Jenkins CloudBees AWS Credentials is Jenkins open source an application plugin . The plugin allows storing Amazon IAM credentials in the Jenkins Credentials API. A security vulnerability exists in Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier, which stems from not performing permissio...

4.3CVSS5.1AI score0.00722EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.30 views

Roundcube Webmail SQL注入漏洞

Roundcube Webmail is Roundcube open source a browser-based open source IMAP client, which supports address book management, message search, spell checking and so on. Roundcube Webmail 1.6.x versions prior to 1.6.16 and 1.7.x versions prior to 1.7.1 SQL injection vulnerability , the vulnerability...

8.1CVSS5.9AI score0.00764EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.30 views

ZOHO多款产品 安全漏洞

ZOHO Password Manager Pro PMP and so on are products of ZOHO USA company.ZOHO Password Manager Pro is a password manager.ZOHO ManageEngine Access Manager Plus is the ZOHO ManageEngine PAM360 is a complete PAM software. A security vulnerability exists in several ZOHO products, which stems from an...

8.1CVSS5.8AI score0.00723EPSS
Exploits0References1
Total number of security vulnerabilities5000