Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/05/12 12:0 a.m.28 views

InHand Networks InRouter302 输入验证错误漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version V3.5.4 is vulnerable to an input validation error that originates in the libnvram.so nvramimport function userdefineinit function in the userdefinetimeoutnvram variable has...

9.9CVSS9.1AI score0.03247EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/05/10 12:0 a.m.28 views

Adobe InDesign 缓冲区错误漏洞

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. A code execution vulnerability exists in Adobe InDesign. The vulnerability arises from a networked system or product that does not properly validate data boundaries when performing operations in...

7.8CVSS8.3AI score0.00402EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/03 12:0 a.m.28 views

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a dedicated security operating system for the FortiGate network security platform from Fortinet, Inc. Fortinet FortiOS versions 6.4.8 and earlier and 7.0.3 and earlier are vulnerable to an access control error that could be exploited by an authenticated attacker with a...

6.3CVSS5.7AI score0.00564EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/02 12:0 a.m.28 views

Google Android 安全漏洞

Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android has an elevation of privilege vulnerability that could be exploited by attackers to cause a local privilege escalation that requires the user to execute the privilege...

7.8CVSS7.5AI score0.00215EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/19 12:0 a.m.28 views

FANUC ROBOGUIDE 访问控制错误漏洞

FANUC ROBOGUIDE is a robot simulation software from FANUC Japan.ROBOGUIDE v9.40083.00.05 and earlier versions have an access control error vulnerability that stems from not limiting or incorrectly restricting access to resources by unauthorized participants. An attacker could use this vulnerabili...

7CVSS5.7AI score0.00165EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/14 12:0 a.m.28 views

VMware Cloud Director 输入验证错误漏洞

VMware Cloud Director is a cloud service delivery platform from VMware. The platform supports virtual datacenter creation, multi-site management, datacenter scaling and cloud migration, and cloud-native application development. A security vulnerability exists in VMware Cloud Director that...

7.2CVSS8.1AI score0.0639EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/04/08 12:0 a.m.28 views

AeroCMS 跨站脚本漏洞

AeroCMS is a content management system from AeroCMS, Inc. A cross-site scripting vulnerability exists in AeroCMS v0.0.1, which can be exploited by attackers to execute arbitrary Web script or HTML by injecting a specially crafted payload into the post title text field...

4.8CVSS5.6AI score0.01082EPSS
Exploits3References5
CNNVD
CNNVD
added 2022/04/01 12:0 a.m.28 views

simple-git-hooks 参数注入漏洞

simple-git-hooks is an application. A simple git hooks manager for small projects. simple-git-hooks versions prior to 3.5.0 have security vulnerabilities that attackers exploit for command injection...

9.8CVSS5.6AI score0.04067EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/02/17 12:0 a.m.28 views

snapd 安全漏洞

Snapd is an open source, cross-platform package management tool. A security vulnerability exists in snapd 2.54.2 and earlier versions, which stems from the software creating the snap directory in a user's home directory without specifying owner-only permissions. This may allow a local attacker to...

5.5CVSS5.7AI score0.0026EPSS
Exploits0References9
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.28 views

Wecon Technologies LeviStudioU 缓冲区错误漏洞

Wecon Technologies LeviStudioU is a suite of HMI programming software from China's Wecon Technologies. A security vulnerability exists in WECON LeviStudioU, which can be exploited by attackers to remotely execute code...

7.8CVSS7.4AI score0.09285EPSS
Exploits0References18
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.28 views

Schneider Electric Rack PDU 信息泄露漏洞

Schneider Electric Rack PDUs are APC switched rack power distribution units PDUs from Schneider-electric in France that support advanced, user-customizable power control and active monitoring. An information disclosure vulnerability exists in the Schneider Electric Rack PDU, which can be exploite...

8CVSS7.7AI score0.00774EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.28 views

Microsoft Windows 权限许可和访问控制问题漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A vulnerability exists in Microsoft Windows Encrypting File System EFS with privilege permission and access control issues. The following products and editions are affected:Windows Server...

7.5CVSS7.7AI score0.06615EPSS
Exploits3References7
CNNVD
CNNVD
added 2021/12/06 12:0 a.m.29 views

WordPress 插件 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress WPS Hide Login plugin has an authorization issue vulnerability in versions prior to 1.9.1, which ste...

7.5CVSS5.6AI score0.71532EPSS
Exploits5References2
CNNVD
CNNVD
added 2021/10/27 12:0 a.m.28 views

Adobe XMP Toolkit SDK 缓冲区错误漏洞

Adobe XMP Toolkit SDK is a tagging technology from Adobe that allows you to embed data about a file called metadata into the file itself.Adobe XMP Toolkit SDK 2021.07 and earlier versions are vulnerable to a stack buffer overflow. An attacker could exploit this vulnerability to execute arbitrary...

9.3CVSS6.5AI score0.036EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/08/31 12:0 a.m.28 views

Solarwinds Orion Platform SQL注入漏洞

SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and profiling of network devices and supports custom web interfaces, multiple user opinions, and map-based browsing of the entire network. The...

9CVSS5.6AI score0.01642EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/08/29 12:0 a.m.28 views

ZOHO ManageEngine Log360 跨站请求伪造漏洞

ZOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. The solution helps you mitigate security threats, detect persistent attack attempts, detect suspicious user activity and comply with regulatory requirements.A code injection...

8.8CVSS5.8AI score0.00994EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.28 views

Netgear NETGEAR 安全漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. NETGEAR has a security vulnerability that stems from some NETGEAR devices being affected by privilege escalation...

8.8CVSS7.9AI score0.00822EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/07/23 12:0 a.m.28 views

gitlogplus 命令注入漏洞

gitlogplus is a package that displays commit logs. A command injection vulnerability exists in gitlogplus that stems from option attributes being appended to commands to be executed without processing...

9.8CVSS8.3AI score0.04025EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/07/19 12:0 a.m.28 views

Japan Total System GroupSession 跨站脚本漏洞

Japan Total System GroupSession is a groupware project from Japan Total System, Inc. that facilitates business and organizational communication and is designed to promote information sharing. A cross-site scripting vulnerability exists in Total System GroupSession, which can be triggered by an...

4.8CVSS5.1AI score0.0064EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/06/28 12:0 a.m.28 views

Pivotal Software RabbitMQ 跨站脚本漏洞

RabbitMQ is a multi-protocol message broker. A cross-site scripting vulnerability exists in RabbitMQ versions prior to RabbitMQ 3.8.18 for rabbitmq-server. The vulnerability stems from the program not properly filtering the tag. An attacker can exploit this vulnerability to execute JavaScript cod...

4.8CVSS5.4AI score0.01416EPSS
Exploits1References9
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.28 views

Ubuntu Apport 后置链接漏洞

Apport is a toolkit for collecting and feeding back error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Ubuntu Apport that stems from incorrect handling of certain information gathering operations, which can be exploite...

7.3CVSS6.6AI score0.00289EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.28 views

Ubuntu Apport 后置链接漏洞

Apport is a toolkit for collecting and feeding back error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Ubuntu Apport that stems from Apport incorrectly handling certain information-gathering operations, which can be...

7.3CVSS6.6AI score0.00322EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/04/07 12:0 a.m.28 views

Grav 安全漏洞

Grav is a scalable CMS Content Management System for personal blogs, small content publishing platforms, and one-page product displays. A security vulnerability exists in Grav that stems from the fact that an unauthenticated user can execute some methods of the administrator controller without...

9.8CVSS8.4AI score0.806EPSS
Exploits12References9
CNNVD
CNNVD
added 2021/03/25 12:0 a.m.28 views

Michael Stepankin OpenID-Connect-Java-Spring-Server 代码问题漏洞

Michael Stepankin OpenID-Connect-Java-Spring-Server is a GlobalMichael Stepankin open source application system provides OpenID Connect identity provider and generic OAuth 2.0 authorization server Michael Stepankin OpenID-Connect-Java-Spring-Server suffers from a server-side request forgery...

9.1CVSS5.7AI score0.01494EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/03/25 12:0 a.m.28 views

Esri 多款产品缓冲区错误漏洞

ESRI ArcGIS Enterprise and others are products of Environmental Systems Research Institute ESRI, Inc.ArcGIS Enterprise is a GIS Geographic Information System base software system.Esri Arcgis Server is a Web-oriented enterprise software platform that can be used to provide geolocation services. Es...

7.8CVSS6.5AI score0.02412EPSS
Exploits0References11
CNNVD
CNNVD
added 2021/03/10 12:0 a.m.28 views

HugoMario swagger-codegen 信息泄露漏洞

HugoMario swagger-codegen is an application from HugoMario. It is used to automatically generate API client libraries generate SDKs, server stubs and documentation given an OpenAPI Spec. An information disclosure vulnerability exists in Swagger-codegen version 2.4.19. The vulnerability stems from...

5.5CVSS6.6AI score0.00282EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/03/08 12:0 a.m.28 views

GLPI 安全漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

7.5CVSS5.6AI score0.02252EPSS
Exploits4References5
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.27 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a resource management vulnerability. This vulnerability stemmed from a problem with the reuse of resources after their release, which could allow remote attackers to execute a sandb...

8.3CVSS5.5AI score0.00229EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.27 views

QNAP qts 缓冲区错误漏洞

QNAP Systems QTS and QNAP Systems QuTS are both products of QNAP Systems Corporation. QNAP Systems QTS is an entry-level operating system. QNAP Systems QuTS hero is a software with data storage and management capabilities. Both QNAP Systems QTS and QNAP Systems QuTS hero have security...

7.2CVSS6AI score0.00435EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.27 views

ConnectWise ScreenConnect 安全漏洞

ConnectWise ScreenConnect is a self-hosted remote desktop software application developed by ConnectWise. Versions of ConnectWise ScreenConnect prior to version 26.2 contained a security vulnerability. This vulnerability stemmed from the lack of input validation for the token expiration duration...

4.7CVSS5.4AI score0.00221EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.27 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-50 and 7.1.2-25 contained security vulnerabilities. These vulnerabilities stemmed...

7.5CVSS5.3AI score0.00346EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.27 views

NVIDIA DALI 输入验证错误漏洞

NVIDIA DALI is a data loading and preprocessing library developed by NVIDIA Corporation in the United States. NVIDIA DALI has a vulnerability related to input validation errors. This vulnerability stems from improper index validation in the components of the library, which can lead to code...

7.3CVSS5.4AI score0.00139EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.27 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability caused by the exposure of Media channel information. This vulnerability could allow remote attackers to exploit the vulnerability through specially crafted...

3.1CVSS5.8AI score0.00145EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.27 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which arises from the issue of excessive out-of-bounds read accesses when the number of dentryhashtable buckets is...

9.1CVSS5.8AI score0.0039EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.27 views

ILM Informatique OpenConcerto 安全漏洞

ILM Informatique OpenConcerto is a business management software suite developed by the French company ILM Informatique. Version 1.7.5 of ILM Informatique OpenConcerto contains a security vulnerability, which stems from improper allocation of permissions for critical resources, potentially leading...

2.4CVSS5.8AI score0.00096EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.27 views

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.1 contained security vulnerabilities. These vulnerabilities stemmed from an issue with the endpoint where administrator...

8.8CVSS5.8AI score0.00562EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.27 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.13 and 9.5.1-alpha.2. These vulnerabilities stemmed from using prototype property...

8.8CVSS5.8AI score0.0049EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.27 views

OpenSIPS SQL注入漏洞

OpenSIPS is an SIP server implementation licensed under the GPL for individual OpenSIPS developers. Versions of OpenSIPS prior to 3.6.4 contained a SQL injection vulnerability. This vulnerability stems from the jwtdbauthorize function in the authjwt module, which allows for SQL injections,...

8.3CVSS5.8AI score0.00318EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.27 views

Sz-Admin 安全漏洞

Sz-Admin is a mid-backend management software developed by INS6+ individuals. Versions of Sz-Admin such as 1.3.2-beta and earlier contained security vulnerabilities. These vulnerabilities were caused by incorrect handling of the parameter messageId in files/api/admin/sys-message/, which could lea...

6.9CVSS6.1AI score0.0044EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.27 views

free5GC 代码问题漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC such as 1.4.1 and earlier contained code vulnerabilities. These vulnerabilities resulted from the risk of leaking detailed internal error messages when processing invalid pduSessionId inputs. This...

8.7CVSS5.9AI score0.00398EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.27 views

LibreNMS 跨站脚本漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 26.1.1 contained a cross-site scripting vulnerability. This...

5.1CVSS5.7AI score0.00216EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/16 12:0 a.m.27 views

Markdown Preview Enhanced 安全漏洞

Markdown Preview Enhanced is a highly powerful markup extension developed by Yiyi Wang. Version 0.8.18 of Markdown Preview Enhanced contains a security vulnerability; this vulnerability arises from uploading specially crafted .md files, potentially allowing for the execution of arbitrary code...

8.8CVSS6.2AI score0.00639EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.27 views

WordPress plugin Vireo 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

8.8CVSS6.4AI score0.00181EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.27 views

Beward N100 安全漏洞

Beward N100 is an IP video codec from the Russian open source Beward. A security vulnerability exists in Beward N100 H.264 VGA IP Camera version M2.1.6, which stems from insufficient validation of the READ.filePath parameter and could lead to the disclosure of arbitrary files...

8.8CVSS6.7AI score0.17393EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.27 views

Mitrastar GPT-2741GNAC-N2 安全漏洞

Mitrastar GPT-2741GNAC-N2 is a home gateway device from China-based Allied Technology Mitrastar. A security vulnerability exists in the Mitrastar GPT-2741GNAC-N2 that originates from a root shell that can be obtained via specific command parameters...

8.4CVSS6.9AI score0.00143EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.27 views

Microsoft Office 资源管理错误漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which is caused due to a post-release usage...

8.4CVSS7.8AI score0.00499EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/11 12:0 a.m.27 views

Juniper Networks Junos OS和Juniper Networks Junos OS Evolved 资源管理错误漏洞

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, Inc.Juniper Networks Junos OS is a set of network operating systems dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK...

8.7CVSS6.5AI score0.00441EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/20 12:0 a.m.27 views

VMware ESXi和VMware vCenter Server 安全漏洞

VMware ESXi and VMware vCenter Server are both products of VMware, Inc.VMware ESXi is a server virtualization platform that can be installed directly on physical servers.VMware vCenter Server is a suite of server and virtualization management software. The software provides a centralized platform...

4.3CVSS5.5AI score0.00785EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.27 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not cleaning up the cxlregion target, which could lead to a memory leak...

5.5CVSS5.1AI score0.0014EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.27 views

Growatt Cloud Applications 安全漏洞

Growatt Cloud Applications is a monitoring platform from Growatt, a Chinese company. A security vulnerability exists in Growatt Cloud Applications version 3.6.0 and earlier, which stems from a verified attacker being able to obtain arbitrary plant names via plant IDs...

6.9CVSS6.7AI score0.00264EPSS
Exploits0References1
Total number of security vulnerabilities5000