Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2025/03/27 12:0 a.m.28 views

WordPress plugin Saso Serial Codes Generator and Validator with WooCommerce Support 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

4.3CVSS8.5AI score0.00158EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.28 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the amtrcv function not releasing an incoming skb when a socket is not found, potentially leading to a memor...

5.5CVSS5.1AI score0.00243EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.28 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the dmamask and dmaparms of the device object in the vmbusdeviceregister function not being properly...

5.5CVSS5.5AI score0.00197EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.28 views

WordPress plugin Hash Elements 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Hash...

6.5CVSS6.8AI score0.00241EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/24 12:0 a.m.28 views

Hanwha Vision NVR 安全漏洞

Hanwha Vision NVR is a series of network video recorder devices from Hanwha Vision, a South Korean company. A security vulnerability exists in Hanwha Vision NVR that stems from a NULL pointer reference issue when handling specific URL parameters, which can cause the NVR to reboot when an attacker...

6.9CVSS6.3AI score0.0078EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/22 12:0 a.m.28 views

WordPress plugin Element Pack Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

4.3CVSS8.1AI score0.00345EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.28 views

Citrix Systems NetScaler Gateway和NetScaler ADC 缓冲区错误漏洞

Citrix Systems NetScaler Gateway Citrix Systems Gateway and Citrix Systems NetScaler ADC are both products of Citrix Systems, Inc.Citrix Systems NetScaler Gateway is a secure remote access solution. The solution provides administrators with application-level and data-level controls to enable user...

8.4CVSS6.5AI score0.00562EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/20 12:0 a.m.28 views

WordPress plugin Social Auto Poster 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

8.8CVSS6.7AI score0.00193EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/14 12:0 a.m.28 views

H2O 代码问题漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A code issue vulnerability exists in H2O-3 version 3.46.0.4, which stems from the fact that incorrect manipulation of the parameter query can lead to deserialization...

9.8CVSS7.3AI score0.01328EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/08/27 12:0 a.m.28 views

Flowise 安全漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.8.2. An attacker exploited the vulnerability to access the API endpoint as an administrator...

9.8CVSS6.4AI score0.42783EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.28 views

Fortinet FortiProxy Security Vulnerability

Fortinet FortiProxy is a secure network proxy from Fortinet that protects employees from cyberattacks by combining a variety of detection technologies such as Web filtering, DNS filtering, DLP, anti-virus, intrusion prevention, and advanced threat protection.FortiProxy helps reduce bandwidth...

4.7CVSS6.7AI score0.00467EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/18 12:0 a.m.28 views

WordPress plugin Divi security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/22 12:0 a.m.28 views

WordPress plugin WPZOOM Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS6.4AI score0.01005EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.28 views

WordPress plugin The Plus Addons for Elementor Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

9.8CVSS8.7AI score0.00567EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.28 views

Apollo Router 安全漏洞

Apollo Router is a configurable, high-performance graphical router written in Rust. A security vulnerability exists in Apollo Router versions prior to 1.45.1, which stems from an error in the cache retrieval logic and could result in the execution of unexpected operations...

9CVSS6.6AI score0.00727EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.28 views

Xpdf 缓冲区错误漏洞

Xpdf is a free PDF viewer and toolkit from Xpdf, Inc. that includes a text extractor, image converter, HTML converter, and more. A security vulnerability exists in Xpdf versions 4.05 and earlier, which stems from a vulnerability that allows an attacker to trigger an out-of-bounds array write...

5.5CVSS6.9AI score0.0018EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/29 12:0 a.m.28 views

WordPress Plugin Zotpress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Zotpress is vulnerabl...

8.8CVSS8.7AI score0.00594EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/15 12:0 a.m.28 views

WordPress Plugin Estatik Real Estate Plugin Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. The WordPress Plugin Estatik Real Estate...

6.5CVSS6.4AI score0.0061EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/11/14 12:0 a.m.28 views

AsyncSSH Security Vulnerability

AsyncSSH is a Python package that provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. A security vulnerability exists in AsyncSSH v2.14.0 and earlier versions, which stems from a vulnerability that allows an attacker to take...

6.8CVSS6.9AI score0.00867EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.28 views

Fiber Security Breach

Fiber is an open source web framework written in the Go language. A security vulnerability exists in Fiber that stems from the presence of a cross-site request forgery CSRF vulnerability. The vulnerability can be exploited by an attacker to obtain a token instead of the user and forge malicious...

8.8CVSS6.8AI score0.00265EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.29 views

Graylog 数据伪造问题漏洞

Graylog is a centralized log management solution from Graylog USA. The product supports capturing, storing, and analyzing logs in real time, among other things. Graylog suffers from a data forgery issue vulnerability that stems from vulnerability to DNS cache poisoning attacks...

5.3CVSS5.7AI score0.00295EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/08/28 12:0 a.m.28 views

Spinnaker 日志信息泄露漏洞

Spinnaker is a continuous delivery platform. It is used to release software changes with high speed and confidence. Spinnaker suffers from a log information disclosure vulnerability that stems from the possibility of granting elevated access to an uncontrolled repository...

5.3CVSS5.7AI score0.00324EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/07 12:0 a.m.28 views

ScanCode Command Injection Vulnerability

ScanCode is an open source tool for analyzing and scanning source code for open source license information and potential intellectual property issues. A command injection vulnerability exists in ScanCode.io versions prior to 32.5.1, which stems from a command injection vulnerability in the...

8.8CVSS7.5AI score0.02437EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/07/31 12:0 a.m.28 views

Ruijie Networks Product 代码注入漏洞

Ruijie Networks Product is a series of Ruijie wireless products from China-based Ruijie Networks. A security vulnerability exists in the Ruijie Networks Product that originates from an API privilege that allows a remote attacker to escalate via a POST request to /cgi-bin/luci/ and affects the...

9.8CVSS8.4AI score0.01523EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/21 12:0 a.m.28 views

Microsoft Edge 安全漏洞

Microsoft Edge is a web browser from Microsoft Corporation USA that comes with systems after Windows 10. Microsoft Edge has a security vulnerability that stems from the presence of a spoofing vulnerability...

4.7CVSS5.1AI score0.00721EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/03 12:0 a.m.28 views

Django 安全漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper , view system , template system and so on. A security vulnerability exists in Django versions prior to 3.2.20, 4.1.10, and 4.2.3, which...

7.5CVSS7.3AI score0.02978EPSS
Exploits0References14
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.28 views

Jenkins Code Dx Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.00409EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/02 12:0 a.m.28 views

Qualcomm 芯片安全漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuitry mainly semiconductor devices, but also passive components, etc. and is manufactured from time to time on the surface of semiconductor wafers. A security vulnerability exists in some Qualcomm products that ste...

8.4CVSS7.5AI score0.0018EPSS
Exploits2References3
CNNVD
CNNVD
added 2023/04/19 12:0 a.m.28 views

Cloud hypervisor 资源管理错误漏洞

Cloud hypervisor is Cloud hypervisor's virtual machine monitor for modern cloud workloads. Cloud hypervisor suffers from an access control error vulnerability that originates from allowing a user to send a malicious HTTP request via an HTTP API socket, which can be exploited by an attacker to cau...

4.9CVSS5.4AI score0.0036EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/04/17 12:0 a.m.29 views

OpenZeppelin 安全漏洞

OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts prior to version 4.8.3, which stems from the fact that if conflicting functions have different signatures and incompatible ABI encodings, an agent may...

5.3CVSS5.7AI score0.00812EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.28 views

vm2 安全漏洞

vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. A security vulnerability exists in vm2 version 3.9.15 and earlier. An attacker exploits this vulnerability to bypass...

10CVSS9.2AI score0.03852EPSS
Exploits1References8
CNNVD
CNNVD
added 2023/03/19 12:0 a.m.28 views

imgproxy 跨站脚本漏洞

imgproxy is imgproxy individual developer's fast and secure standalone server for tweaking and converting remote mirrors. A cross-site scripting vulnerability exists in imgproxy versions prior to 3.14.0, which stems from the presence of reflected cross-site scripting XSS...

6.5CVSS5.8AI score0.01585EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/17 12:0 a.m.28 views

Online Pizza Ordering System 授权问题漏洞

Online Pizza Ordering System is an online pizza ordering system by Carlo Montero, an individual developer. An authorization issue vulnerability exists in version 1.0 of the SourceCodester Online Pizza Ordering System, which stems from a security issue in admin/ajax.php?action=saveuser in the...

9.8CVSS6.9AI score0.00971EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/17 12:0 a.m.28 views

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in Discourse. An attacker logged in as an administrator could make multiple requests for backups, which would exhaust all connection...

4.9CVSS5.4AI score0.00652EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.28 views

WordPress Plugin Rextheme WP VR – 360 Panorama and Virtual Tour Builde 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress Plugin Rextheme ...

8.8CVSS8.2AI score0.00256EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/21 12:0 a.m.28 views

answer 跨站脚本漏洞

answer is an open source knowledge-based community software. A cross-site scripting vulnerability exists in versions of answer prior to 1.0.5. The vulnerability stems from a lack of effective filtering and escaping of user-supplied data, which can be exploited by attackers to cause cross-site...

6.3CVSS6.1AI score0.00393EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.28 views

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blogging system from the FlatPress community that does not require database support. A cross-site scripting vulnerability exists in FlatPress, which stems from a problem with an unknown part of the admin/panels/entry/admin.entry.list.php file in the Admin Area component...

6.1CVSS5.9AI score0.00518EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/12/27 12:0 a.m.28 views

OpenMRS 跨站脚本漏洞

OpenMRS is an open source electronic medical record system from OpenMRS, Inc. in the United States. OpenMRS version 1.17.0 before the security vulnerability , the vulnerability stems from the component Notes Handler in the...

6.1CVSS5.7AI score0.00879EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/12/19 12:0 a.m.28 views

Silverware Games SilverwareGames.io 跨站脚本漏洞

Silverware Games SilverwareGames.io is an online gaming website from Silverware Games, Inc. Silverware Games SilverwareGames.io suffers from a cross-site scripting vulnerability that originates from allowing custom HTML attributes to be added to iframe tags...

6.3CVSS5.4AI score0.00334EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/06 12:0 a.m.28 views

Fortinet FortiOS授权问题漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...

9.8CVSS8.5AI score0.00889EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/09 12:0 a.m.28 views

Xfce 参数注入漏洞

Xfce is a desktop environment by the individual developer Olivier Fourdan for Unix and Unix-like operating systems such as Linux and FreeBSD. Xfce A parameter injection vulnerability exists in Xfce xfce4-settings versions prior to 4.16.4, 4.17.x through 4.17.1, which stems from escaping character...

9.8CVSS8.2AI score0.01406EPSS
Exploits0References11
CNNVD
CNNVD
added 2022/10/26 12:0 a.m.29 views

Delta Electronics InfraSuite Device Master 路径遍历漏洞

Delta Electronics InfraSuite Device Master is a device used to simplify and automate the monitoring of critical equipment from Delta Electronics Taiwan, China. A path traversal vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.01a and prior versions, which stems from allowi...

9.8CVSS8.6AI score0.20898EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/26 12:0 a.m.28 views

Honeywell Saia Burgess PG5 PCD 授权问题漏洞

Honeywell Saia Burgess PG5 PCD is a Honeywell USA solution that includes SBC Instrumentation, Control and Automation ICA devices for implementation and operational automation. A security vulnerability exists in all versions of the Honeywell Saia Burgess PG5 PCD, which stems from the use of the...

8.1CVSS7.6AI score0.00655EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.28 views

Nucleus CMS 代码问题漏洞

Nucleus CMS is a website builder. A security vulnerability exists in Nucleus CMS version v3.71, which stems from the presence of a file upload vulnerability. An attacker can exploit this vulnerability to obtain sensitive information from a website...

7.2CVSS7.1AI score0.01237EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.28 views

Advantech iView 命令注入漏洞

Advantech iView, a Simple Network Protocol SNMP based software from Advantech, China, for managing B B SmartWorx devices, is vulnerable to a command injection vulnerability in versions prior to Advantech iView 5.7.04.6469, which stems from the use of a special element in a command that is not...

9.8CVSS6.2AI score0.59184EPSS
Exploits4References7
CNNVD
CNNVD
added 2022/06/22 12:0 a.m.28 views

Jenkins Plugin ThreadFix 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. An authorization issue...

6.5CVSS5.7AI score0.00574EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/15 12:0 a.m.28 views

Splunk 信任管理问题漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

9.1CVSS8.2AI score0.00743EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/05/19 12:0 a.m.28 views

Cisco Common Services Platform Collector 跨站脚本漏洞

Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...

6.1CVSS6.4AI score0.00685EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/05/12 12:0 a.m.28 views

InHand Networks InRouter302 输入验证错误漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version V3.5.4 is vulnerable to an input validation error that originates in the libnvram.so nvramimport function userdefineinit function in the userdefinetimeoutnvram variable has...

9.9CVSS9.1AI score0.03247EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/05/10 12:0 a.m.28 views

Adobe InDesign 缓冲区错误漏洞

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. A code execution vulnerability exists in Adobe InDesign. The vulnerability arises from a networked system or product that does not properly validate data boundaries when performing operations in...

7.8CVSS8.3AI score0.00402EPSS
Exploits0References4
Total number of security vulnerabilities5000