Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2024/10/22 12:0 a.m.29 views

Liferay Portal和Liferay DXP 跨站请求伪造漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DX...

8.8CVSS7.1AI score0.00342EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.29 views

Next.js 安全漏洞

Next.js is a React framework open-sourced by Vercel. A security vulnerability exists in Next.js versions 13.5.1 through 14.2.10 and earlier. An attacker exploits the vulnerability to poison the caches of non-dynamic server-side rendering routes in the page router by sending specially crafted HTTP...

7.5CVSS6.4AI score0.58768EPSS
Exploits3References4
CNNVD
CNNVD
added 2024/09/09 12:0 a.m.29 views

Red Hat Keycloak 授权问题漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. An authorization issue vulnerability exists in Red Hat Keycloak that stems from a session fixation issue discovered in the SAML adapter. Even i...

7.1CVSS4.3AI score0.008EPSS
Exploits0References14
CNNVD
CNNVD
added 2024/07/31 12:0 a.m.29 views

Weave 安全漏洞

Weave is a toolkit for developing generative AI applications open-sourced by Weights & Biases. Weave has a security vulnerability that stems from an API that allows a remote user to fetch files from a specific directory, leading to remote traversal and disclosure of arbitrary files...

8.8CVSS9.4AI score0.04974EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.29 views

OPC UA.NET Standard 安全漏洞

OPC UA.NET Standard is a set of Unified Architecture standards from the OPC Foundation of America for the development of OPC UA applications. A security vulnerability exists in OPC UA .NET Standard. An attacker exploiting the vulnerability could consume all available resources on the server...

7.5CVSS7.3AI score0.0106EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.29 views

WordPress Plugin Wholesale for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in...

7.5CVSS8.3AI score0.00442EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.29 views

Red Hat JBoss Enterprise Application Platform 安全漏洞

Red Hat JBoss Enterprise Application Platform EAP is an open source, J2EE-based middleware platform from Red Hat, Inc. The platform is primarily used to build, deploy and host Java applications and services. A security vulnerability exists in Red Hat JBoss Enterprise Application Platform, which...

7.3CVSS7.2AI score0.00778EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/06 12:0 a.m.29 views

WordPress Plugin Photo Gallery by 10Web 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

5.5CVSS7.9AI score0.00436EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/30 12:0 a.m.29 views

WordPress Plugin ElementsKit Elementor addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS7.9AI score0.01482EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/27 12:0 a.m.29 views

WordPress Plugin Simple Ajax Chat 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

4.4CVSS7.3AI score0.0033EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.29 views

RiteCMS 跨站脚本漏洞

RiteCMS is an open source content management system based on PHP and SQLite. RiteCMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the component mainmenu/editsection, which can be exploited by an attacker to...

6.1CVSS6.5AI score0.01317EPSS
Exploits4References4
CNNVD
CNNVD
added 2024/02/28 12:0 a.m.29 views

Hazelcast Security Breach

Hazelcast Hazelcast IMDG is a set of scalable open source data distribution platform of the U.S. Hazelcast company . The platform supports a variety of distributed data structures, supports distributed caching and other features. Hazelcast has a security vulnerability that stems from the inabilit...

7.6CVSS6.5AI score0.00503EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/12/20 12:0 a.m.29 views

WordPress Plugin Corsa Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

9.9CVSS6.8AI score0.00785EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.29 views

Adobe InDesign 代码问题漏洞

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign has a security vulnerability that can be exploited by attackers to cause a denial of service...

5.5CVSS6.6AI score0.00303EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/20 12:0 a.m.29 views

WordPress Plugin Horizontal scrolling announcement SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

8.8CVSS7.7AI score0.00725EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/10/19 12:0 a.m.29 views

JustSystems Ichitaro Buffer Error Vulnerability

JustSystems Ichitaro is a Japanese word processing software from JustSystems. A buffer error vulnerability exists in JustSystems Ichitaro version 2023 1.0.1.59372, which stems from an out-of-bounds write in the Ichitaro's DocumentViewStyles and DocumentEditStyles stream parsers, an out-of-bounds...

7.8CVSS8.1AI score0.00484EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/09/06 12:0 a.m.29 views

WireMock Code Issue Vulnerability

WireMock is a popular open source tool for API simulation testing from WireMock Open Source. WireMock has a code issue vulnerability that stems from Filtering target addresses from proxy mode does not work for Webhooks...

5.4CVSS7.1AI score0.00469EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.29 views

WordPress plugin WP SMS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

7.1CVSS6.8AI score0.00396EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/28 12:0 a.m.29 views

Jupyter Server 访问控制错误漏洞

Jupyter Server is an application from the Jupyter organization used to provide back-end services for Jupyter Web applications. An access control error vulnerability exists in versions of Jupyter Server prior to 2.7.2 that stems from incorrect cross-site credential checking of URLs, which could le...

6.1CVSS5.6AI score0.00542EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/08/18 12:0 a.m.29 views

Puma 环境问题漏洞

Puma is a web server for highly concurrent applications by Evan Phoenix, an individual developer in the United States. An environmental issue vulnerability exists in Puma that stems from a security issue when parsing trailing fields and zero-length Content-Length headers in the body of the chunke...

9.8CVSS6.4AI score0.00738EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/11 12:0 a.m.29 views

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that arises from the deletion of a message in a thread without the attachment being deleted, allowing normal users to still access and download the...

4.3CVSS6.7AI score0.00331EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/10 12:0 a.m.30 views

WordPress Plugin Catalyst Connect Catalyst Connect Zoho CRM Client Portal Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.9CVSS5.7AI score0.00366EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/26 12:0 a.m.29 views

mRemoteNG 安全漏洞

mRemoteNG is mRemoteNG open source an open source, tabbed, multi-protocol remote connection manager for Windows. A security vulnerability exists in mRemoteNG v1.76.20 and earlier, 1.77.3-dev and earlier, which stems from the fact that configuration files can be stored on disk in an encrypted stat...

7.5CVSS7.3AI score0.00431EPSS
Exploits4References6
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.29 views

Keeper Security Keeper Password Manager 安全漏洞

Keeper Security Keeper Password Manager is a password management system from Keeper Security. A security vulnerability exists in Keeper Security Keeper Password Manager version 16.10.2, which originates from a vulnerability that allows a local attacker to gain access to sensitive information via...

5.5CVSS5.7AI score0.00839EPSS
Exploits3References7
CNNVD
CNNVD
added 2023/07/04 12:0 a.m.29 views

MediaTek Chipsets 安全漏洞

MediaTek Chipsets are a variety of chips from MediaTek, a Chinese company called MediaTek. A security vulnerability exists in MediaTek Chipsets that stems from misrepresentation of critical information in Wi-Fi, with potentially low throughput, which could lead to a remote denial of service...

7.5CVSS7.4AI score0.0099EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/27 12:0 a.m.29 views

WordPress plugin WP ERP SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

7.2CVSS7.2AI score0.02632EPSS
Exploits5References4
CNNVD
CNNVD
added 2023/06/16 12:0 a.m.29 views

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from TYPO3 Association in Switzerland. A cross-site scripting vulnerability exists in TYPO3 versions 4.0.2 and earlier, 4.1.0 through 4.6.5, and 5.0.0 through 5.0.1, which stems from the kesearch extension that allows...

6.3CVSS6AI score0.00341EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/13 12:0 a.m.29 views

Schneider Electric EcoStruxure Operator Terminal Expert 代码注入漏洞

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software branch is primarily used to create and edit touch applications. A code injection vulnerability exists in Schneider Electric EcoStruxure Operator Terminal...

7.8CVSS7.6AI score0.00597EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.29 views

Xpdf 安全漏洞

Glyph & Cog Xpdf is an open source PDF file viewer from Glyph & Cog. A security vulnerability exists in Xpdf 4.04 and earlier versions, which stems from a loop of PDF objects embedded in the file tree that can lead to infinite recursion and a stack overflow...

5.5CVSS6.4AI score0.00305EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.29 views

Vyper 缓冲区错误漏洞

Vyper is the Pythonic smart contract language for EVM. A buffer error vulnerability exists in Vyper versions prior to 0.3.8. An attacker exploited the vulnerability to cause an array access out-of-bounds...

9.1CVSS8.5AI score0.01241EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.29 views

WordPress plugin WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.29 views

markdown-pdf 跨站脚本漏洞

npm markdown-pdf is the United States npm a Markdown file will be converted to PDF node module. A security vulnerability exists in markdown-pdf version 11.0.0, which stems from an application that does not validate user-entered Markdown content, resulting in an attacker being able to obtain local...

8.2CVSS7.9AI score0.00597EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.29 views

Ivanti Avalanche 安全漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche version 6.3.2.3490, which stems from a lack of proper locking...

9.4CVSS8.4AI score0.83136EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.29 views

IBM App Connect Enterprise 跨站脚本漏洞

IBM App Connect Enterprise is an operating system from International Business Machines IBM, Inc. that combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native IBM App Connect Enterprise combines existing industry-trusted IBM...

6.1CVSS6.2AI score0.00392EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/22 12:0 a.m.29 views

VMware vRealize Orchestrator 代码问题漏洞

VMware vRealize Orchestrator is a workflow automation solution from VMware. It is designed to simplify the automation of complex IT tasks. A security vulnerability exists in VMware vRealize Orchestrator that originated when a malicious actor with unmanaged access to vRealize Orchestrator was able...

8.8CVSS8.2AI score0.01265EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/16 12:0 a.m.29 views

ArgoCD 安全漏洞

ArgoCD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...

9.1CVSS8.2AI score0.00671EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.29 views

Siemens SiPass Integrated 输入验证错误漏洞

ACC-AP Advanced Central Controller is a door controller for up to two Internet/Intranet-connected doors used to communicate with the SiPass integrated access control system. AC5102 / ACC-G2 Advanced Central Controller is the central controller for the SiPass integrated The central controller for...

7.8CVSS7.8AI score0.00229EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.29 views

Velocidex Velociraptor 安全漏洞

Velocidex Velociraptor is a tool from Velocidex Australia that uses Velociraptor Query Language VQL queries to gather host-based status information. A security vulnerability exists in Velocidex Velociraptor that stems from the fact that Rapid7 Velociraptor allows the creation of users with...

8.8CVSS7.8AI score0.00544EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/22 12:0 a.m.29 views

Apache ShardingSphere 安全漏洞

Apache ShardingSphere is an open source distributed database middleware solution from the Apache Foundation. A security vulnerability exists in Apache ShardingSphere-Proxy versions prior to 5.3.0, which stems from the fact that when using MySQL as a database backend, the database session is not...

9.8CVSS8.3AI score0.01388EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/22 12:0 a.m.29 views

OpenImageIO 缓冲区错误漏洞

OpenImageIO is an image read and write library that also provides several tools and applications. A stack buffer overflow vulnerability exists in the TGA file format parser in OpenImageIO v2.3.19.0. An attacker could exploit this vulnerability to cause out-of-bounds writes and arbitrary code...

8.1CVSS8.2AI score0.0104EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/12/19 12:0 a.m.29 views

Apiman 安全漏洞

Apiman is Apiman Open Source, a flexible open source API management platform for enterprise users. A security vulnerability exists in Apiman versions 1.5.7 through 2.2.3.Final, which stems from insufficient checking of read permissions in the Apiman Manager REST API...

6.5CVSS6.4AI score0.00604EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/19 12:0 a.m.29 views

NVIDIA GPU Display Driver 代码问题漏洞

NVIDIA GPU Display Driver is a driver from NVIDIA Corporation that is used for interactive support of graphics card display modules in operating systems. A security vulnerability exists in NVIDIA GPU Display Driver that stems from a null pointer dereference issue at the kernel schema level, which...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.29 views

F5 BIG-IP 命令注入漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A security vulnerability exists in F5 BIG-IP. An attacker can bypass the restrictions of F5 BIG-IP via iControl REST to elevat...

8.7CVSS8.2AI score0.62406EPSS
Exploits8References6
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.29 views

PortlandLabs Concrete CMS 资源管理错误漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A security vulnerability exists in Concrete CMS formerly concrete5 versions prior to 8.5.10 and versions 9.0.0 through 9.1.2, which stems from the fact that its...

6.5CVSS6.4AI score0.00989EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.29 views

WordPress plugin Retain Live Chat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ghost is a plugin used to import/export WordPress data. wordpress plugin is an...

4.8CVSS6AI score0.00554EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/10/11 12:0 a.m.29 views

SAP Customer Data Cloud 加密问题漏洞

SAP Customer Data Cloud is a tool from SAP Germany that provides digital customer identity and access management. It enables companies to collect, aggregate and manage customer data across multiple touch points and applications. An encryption issue vulnerability exists in SAP Customer Data Cloud...

5.2CVSS6.9AI score0.00162EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.29 views

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A security vulnerability exists in Google TensorFlow that stems from TensorListScatter and TensorListScatterV2 failing to give an assertion when they receive an elementsha...

7.5CVSS7.4AI score0.00441EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/07 12:0 a.m.29 views

Poetry 代码问题漏洞

Poetry is a tool for dependency management and packaging in Python. It allows you to declare the libraries on which your project depends and will manage install/update them for you. A code issue vulnerability exists in Poetry versions prior to 1.1.9 and prior to 1.2.0b1 that stems from the...

7.3CVSS7.6AI score0.00341EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/10 12:0 a.m.29 views

Intel Ethernet Controllers 安全漏洞

Intel Ethernet Controllers is an Ethernet controller from Intel Corporation. A security vulnerability exists in IntelR 700 Series Ethernet Controllers and Adapters prior to version 8.5 and IntelR 722 Series Ethernet Controllers and Adapters prior to version 1.5.5, which stems from improper access...

4.4CVSS5.2AI score0.00191EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/02 12:0 a.m.29 views

Arm Mali GPU Kernel Driver 安全漏洞

The Arm Mali GPU Kernel Driver is a driver for a graphics processor unit from Arm UK. A security vulnerability exists in the Arm Mali GPU Kernel Driver Valhall versions r29p0 through r38p0, which arises from incorrect processing operations on the GPU...

5.5CVSS6AI score0.0041EPSS
Exploits0References4
Total number of security vulnerabilities5000