Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/12/19 12:0 a.m.29 views

Apiman 安全漏洞

Apiman is Apiman Open Source, a flexible open source API management platform for enterprise users. A security vulnerability exists in Apiman versions 1.5.7 through 2.2.3.Final, which stems from insufficient checking of read permissions in the Apiman Manager REST API...

6.5CVSS6.4AI score0.00604EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/19 12:0 a.m.29 views

NVIDIA GPU Display Driver 代码问题漏洞

NVIDIA GPU Display Driver is a driver from NVIDIA Corporation that is used for interactive support of graphics card display modules in operating systems. A security vulnerability exists in NVIDIA GPU Display Driver that stems from a null pointer dereference issue at the kernel schema level, which...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.29 views

F5 BIG-IP 命令注入漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A security vulnerability exists in F5 BIG-IP. An attacker can bypass the restrictions of F5 BIG-IP via iControl REST to elevat...

8.7CVSS8.2AI score0.62406EPSS
Exploits8References6
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.29 views

PortlandLabs Concrete CMS 资源管理错误漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A security vulnerability exists in Concrete CMS formerly concrete5 versions prior to 8.5.10 and versions 9.0.0 through 9.1.2, which stems from the fact that its...

6.5CVSS6.4AI score0.00989EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.29 views

WordPress plugin Retain Live Chat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ghost is a plugin used to import/export WordPress data. wordpress plugin is an...

4.8CVSS6AI score0.00554EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/10/11 12:0 a.m.29 views

SAP Customer Data Cloud 加密问题漏洞

SAP Customer Data Cloud is a tool from SAP Germany that provides digital customer identity and access management. It enables companies to collect, aggregate and manage customer data across multiple touch points and applications. An encryption issue vulnerability exists in SAP Customer Data Cloud...

5.2CVSS6.9AI score0.00162EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.29 views

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A security vulnerability exists in Google TensorFlow that stems from TensorListScatter and TensorListScatterV2 failing to give an assertion when they receive an elementsha...

7.5CVSS7.4AI score0.00441EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/07 12:0 a.m.29 views

Poetry 代码问题漏洞

Poetry is a tool for dependency management and packaging in Python. It allows you to declare the libraries on which your project depends and will manage install/update them for you. A code issue vulnerability exists in Poetry versions prior to 1.1.9 and prior to 1.2.0b1 that stems from the...

7.3CVSS7.6AI score0.00341EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/10 12:0 a.m.29 views

Intel Ethernet Controllers 安全漏洞

Intel Ethernet Controllers is an Ethernet controller from Intel Corporation. A security vulnerability exists in IntelR 700 Series Ethernet Controllers and Adapters prior to version 8.5 and IntelR 722 Series Ethernet Controllers and Adapters prior to version 1.5.5, which stems from improper access...

4.4CVSS5.2AI score0.00191EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/02 12:0 a.m.29 views

Arm Mali GPU Kernel Driver 安全漏洞

The Arm Mali GPU Kernel Driver is a driver for a graphics processor unit from Arm UK. A security vulnerability exists in the Arm Mali GPU Kernel Driver Valhall versions r29p0 through r38p0, which arises from incorrect processing operations on the GPU...

5.5CVSS6AI score0.0041EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.29 views

Jenkins Openstack Heat Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.00505EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/07/22 12:0 a.m.29 views

Ambit Technologies Itech Movie Portal Script SQL注入漏洞

Ambit Technologies Itech Movie Portal Script is a movie portal script from Ambit Technologies, Inc. Ambit Technologies Itech Movie Portal Script 7.36 suffers from a SQL injection vulnerability that stems from some unknown handling of film-rating.php, where manipulation of the parameter v can lead...

9.8CVSS8.4AI score0.00719EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.29 views

Laminas Project diactoros 环境问题漏洞

Laminas Project diactoros is a PSR HTTP message implementation of Laminas Project. An environment issue vulnerability exists in Laminas Project diactoros, which can be exploited by an attacker to add a new header to laminas-dictoros via Security/x Forwarded Header...

7.2CVSS6.6AI score0.00615EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/15 12:0 a.m.29 views

Adobe InCopy 安全漏洞

Adobe Incopy 2021 is a powerful document article editing software. A heap overflow vulnerability exists in Adobe InCopy Font parsing, which can be exploited by a remote attacker to submit a special file request and trick the user into parsing it, which can crash the application or execute arbitra...

7.8CVSS6.2AI score0.00495EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/15 12:0 a.m.29 views

WordPress plugin Google Maps 跨站请求伪造漏洞

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Google Maps 1.2.1 and previous versions have a cross-site request forgery vulnerability, which can be exploited by attacke...

5.4CVSS5.5AI score0.00415EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/09 12:0 a.m.29 views

Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in all...

7.2CVSS6.6AI score0.00494EPSS
Exploits3References23
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.29 views

elitecms SQL注入漏洞

Elitecms is a web content management from elitecms India. elitecms version 1.01 is vulnerable to SQL injection, which originates from admin/editsidebar.php?page=2 & sidebar The page sidebar parameter lacks validation for external input SQL statements, and an attacker could exploit the vulnerabili...

9.8CVSS6AI score0.01081EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/04/27 12:0 a.m.29 views

Nextcloud Android app 信息泄露漏洞

Nextcloud Android app is an Android-based mobile application for accessing Nextcloud servers from the German company Nextcloud. nextcloud Android app versions prior to 3.19.0 are vulnerable to an information disclosure vulnerability that stems from insufficient privilege restrictions. An attacker...

3.8CVSS5.6AI score0.00373EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/04/13 12:0 a.m.29 views

Pimcore SQL注入漏洞

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications.A SQL injection vulnerability exists in...

8.8CVSS8.1AI score0.05455EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/03/28 12:0 a.m.29 views

WordPress plugin Narnoo Distributor 路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A path traversal vulnerability exists in WordPress Narnoo...

9.8CVSS5.8AI score0.4783EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.29 views

libcaca 数字错误漏洞

libcaca is an open source software library that converts images to color ASCII artwork. libcaca suffers from a denial of service vulnerability that stems from not properly handling incoming error messages, which can be exploited by remote attackers to cause a denial of service...

6.5CVSS5.8AI score0.02752EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/02/08 12:0 a.m.29 views

WordPress plugin CP Blocks 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. A cross-site scripting vulnerability exists in versions of the WordPress CP Blocks plugin prior to 1.0.15, which stems from the plugin's failu...

4.8CVSS5.2AI score0.0632EPSS
Exploits5References4
CNNVD
CNNVD
added 2021/12/27 12:0 a.m.29 views

Rust actix-web crate 缓冲区错误漏洞

Rust actix-web crate is a Rust web framework. a security vulnerability exists in versions of Rust actix-web crate prior to 0.7.15, which stems from the fact that it can unreasonably prolong the life cycle of a string, which can be exploited by an attacker to cause memory corruption...

9.8CVSS5.6AI score0.01288EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/27 12:0 a.m.29 views

Rust actix-web crate 缓冲区错误漏洞

Rust actix-web crate is a Rust web framework. security vulnerability exists in Mozilla Rust actix-web crate versions prior to 0.7.15, which can be exploited by attackers to cause memory corruption...

9.8CVSS5.6AI score0.01324EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/17 12:0 a.m.29 views

ARM mbed TLS 资源管理错误漏洞

ARM mbed TLS is a product from ARM UK that provides secure communication and encryption capabilities for mbed products. A resource management error vulnerability exists in mbed TLS, which can be exploited by a remote attacker to send a specially crafted request to an application to trigger a doub...

9.8CVSS8.6AI score0.02569EPSS
Exploits1References10
CNNVD
CNNVD
added 2021/10/19 12:0 a.m.29 views

Oracle Virtualization和Oracle VM VirtualBox 安全漏洞

Oracle VM VirtualBox is a virtual machine management software from Oracle. An unspecified vulnerability in the Core component of Oracle VM VirtualBox versions prior to 6.1.28 can be exploited by an attacker to compromise Oracle VM VirtualBox by logging on to the Oracle VM VirtualBox execution...

6.7CVSS5.8AI score0.0039EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/10/18 12:0 a.m.29 views

Best Practical Request Tracker 信息泄露漏洞

Best Practical Request Tracker is an event tracking system written in Perl. An information disclosure vulnerability exists in Best Practical Request Tracker because the product does not securely manage the lib/RT/REST2/Middleware/Auth.pm file. An attacker can cause sensitive information to be...

7.5CVSS7.2AI score0.01707EPSS
Exploits0References9
CNNVD
CNNVD
added 2021/10/15 12:0 a.m.29 views

Foxit PDF Editor 缓冲区错误漏洞

Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A buffer error vulnerability exists in Foxit PDF Reader because the product's printing method does not properly validate user-entered formatting descriptors. The vulnerability can be exploited to cause malicious code to be executed ...

5.5CVSS5.9AI score0.00331EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/09/14 12:0 a.m.29 views

SINEMA Server 访问控制错误漏洞

Siemens SINEMA Server is a software developed for industrial applications by Siemens, Germany. It enables you to fully visualize and monitor your network. Siemens SINEMA Server has a security vulnerability that could be exploited by an attacker to obtain encoded system configuration backup files...

5.3CVSS5.6AI score0.00831EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/09/02 12:0 a.m.29 views

WordPress 插件安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in WordPress...

5.3CVSS5.6AI score0.28961EPSS
Exploits6References3
CNNVD
CNNVD
added 2021/09/01 12:0 a.m.29 views

OpenEMR 日志信息泄露漏洞

OpenEMR is an open source medical management system from the OpenEMR Openemr community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing requests. A security vulnerability exists in OpenEMR 6.0.0 that originates from an...

6.5CVSS6.6AI score0.09709EPSS
Exploits4References5
CNNVD
CNNVD
added 2021/08/17 12:0 a.m.29 views

ThroughTek Kalay Platform 访问控制错误漏洞

throughtek ThroughTek Kalay Platform is an application from China IOT Intelligence Corporation throughtek Inc. The Kalay Cloud Platform service is enabled using P2P technology. An Access Control Error vulnerability exists in ThroughTek Kalay Platform that originates in the product network that...

8.3CVSS8AI score0.02575EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.29 views

Ubuntu Apport 后置链接漏洞

Canonical Ubuntu is a GNU/Linux operating system from the British company Canonical that focuses on desktop applications. A security vulnerability exists in Ubuntu Apport that stems from the incorrect handling of certain information gathering operations, which can be exploited by an attacker who...

7.3CVSS6.6AI score0.00295EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.29 views

Ubuntu Apport 后置链接漏洞

Apport is a toolkit for collecting and giving feedback on error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Ubuntu Apport that stems from Apport incorrectly handling certain information-gathering operations, which can...

7.3CVSS6AI score0.00289EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/04/23 12:0 a.m.29 views

SaltStack Salt 操作系统命令注入漏洞

Saltstack SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions 2016.9 through 3002.6, which stems from a comma...

7.8CVSS5.7AI score0.03808EPSS
Exploits1References17
CNNVD
CNNVD
added 2021/04/15 12:0 a.m.29 views

Apache Tapestry 代码问题漏洞

Apache Tapestry is the United States Apache Apache Foundation of a Web application framework written in the Java language . Apache Tapestry has a security vulnerability that can be exploited by an attacker to download the file "AppModule.class" by requesting the URL "http: localhost: 8080 assets...

10CVSS5.6AI score0.94089EPSS
Exploits5References4
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.29 views

Microsoft Office 代码注入漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code injection vulnerability exists in Microsoft Office. The following products and edition...

7.8CVSS7.7AI score0.02471EPSS
Exploits0References5
CNNVD
CNNVD
added 2020/12/23 12:0 a.m.29 views

Advanced Comment System Path Traversal Vulnerability

Advanced Comment System is an advanced comment system. ACS Advanced Comment System 1.0 suffers from a path traversal vulnerability that originates in index.php, an advanced component system...

7.5CVSS7.1AI score0.21EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.28 views

VMware Spring Web Services 代码问题漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are code vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the defaul...

8.2CVSS5.5AI score0.00352EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.28 views

Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.28 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a security vulnerability caused by an ANGLE component heap buffer overflow. This vulnerability could allow remote attackers to exploit a compromised rendering process through a...

8.3CVSS6.1AI score0.00246EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.28 views

libsolv 安全漏洞

Libsolv is a library in OpenSUSE that is used for checking software package dependencies. Libsolv has a security vulnerability, which stems from insufficient input validation when decompressing compressed data controlled by an attacker. This leads to a heap buffer overflow, potentially causing...

7.8CVSS5.9AI score0.00205EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.28 views

TP-Link多款产品 安全漏洞

TP-Link Archer RE650, among others, are products of the Chinese company TP-Link. The TP-Link Archer RE650 is a dual-band Gigabit wireless signal extender. The TP-Link Archer RE305 is also a dual-band Gigabit wireless signal extender. The TP-Link Archer RE360 is a wireless repeater that supports...

8.8CVSS5.8AI score0.00398EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.28 views

FeehiCMS 安全漏洞

FeehiCMS is a PHP-based CMS website building system developed by Liufee’s individual developers. The FeehiCMS v2.1.1 version contains a security vulnerability. This vulnerability stems from a storage-type cross-site scripting issue with the Group, Category, or Description parameters in the...

5.4CVSS5.9AI score0.00211EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.28 views

Salesforce Marketing Cloud Engagement 安全漏洞

Salesforce Marketing Cloud Engagement is a digital marketing automation platform offered by the American company Salesforce. A security vulnerability exists in versions of Salesforce Marketing Cloud Engagement prior to January 30, 2026. This vulnerability stems from improper parameter separators ...

9.4CVSS5.7AI score0.00413EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.28 views

Xlinesoft ASPRunner.NET 安全漏洞

XLineSoft Xlinesoft ASPRunner.NET is a web application development tool provided by the American company XLineSoft. Version 10.1 of Xlinesoft ASPRunner.NET contains a security vulnerability. This vulnerability stems from a denial-of-service vulnerability in table name fields, which could allow...

6.9CVSS5.8AI score0.00133EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.28 views

Delinea Secret Server On-Prem Security Vulnerability

Delinea Secret Server On-Prem is a privileged access management platform provided by the American company Delinea. Versions 11.8.1, 11.9.6, and 11.9.25 of Delinea Secret Server On-Prem contain security vulnerabilities. These vulnerabilities stem from improper authentication procedures, which may...

6.5CVSS5.8AI score0.00401EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.28 views

WordPress plugin Advanced Custom Fields Extended 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...

9.8CVSS8.2AI score0.73557EPSS
Exploits10References3
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.28 views

Linux kernel 安全漏洞

Linux kernel is a product of the Linux Foundation of the United States, etc. Linux kernel is the kernel used by the open-source operating system Linux. aaron update, etc. is a product of the Aaron Individual Developer. update is a library. clickHouse ch, etc. is an open-source product of...

6.2AI score0.00241EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.28 views

Redis 代码注入漏洞

Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis, Inc. that provides APIs in multiple languages. A code injection vulnerability exists in Redis 8.2.1 and earlier versions, which originates from allowing an...

7.3CVSS9.2AI score0.00701EPSS
Exploits0References4
Total number of security vulnerabilities5000