Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2024/11/15 12:0 a.m.27 views

LibreNMS 跨站脚本漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. LibreNMS suffers from a cross-site scripting vulnerability that stems from a reflected...

5.4CVSS5.9AI score0.00403EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.27 views

Intel DSA 安全漏洞

Intel DSA is a driver update tool from Intel Intel. It can detect user drivers, update the installed drivers to the latest version, support intel series of graphics cards, audio, network cards and chipset drivers, a must for i-card users. A security vulnerability exists in versions prior to Intel...

7.8CVSS6.5AI score0.00139EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/01 12:0 a.m.27 views

WordPress plugin Advanced Custom Fields PRO 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS6.7AI score0.00297EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/24 12:0 a.m.27 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

6.5CVSS6.2AI score0.00531EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/08/13 12:0 a.m.27 views

Microsoft Windows Update Stack 访问控制错误漏洞

Microsoft Windows Update Stack is part of Microsoft Corporation USA for managing updates. An access control error vulnerability exists in Microsoft Windows Update Stack. An attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected:Windows...

7.8CVSS6.3AI score0.00651EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/23 12:0 a.m.28 views

WordPress plugin Redux Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.2CVSS5.8AI score0.01028EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/07/08 12:0 a.m.27 views

IPWorks SSH Security Vulnerability

IPWorks SSH is a library from nsoftware that integrates SSH Secure Shell security features, allowing developers to easily integrate SSH security into Internet applications. A security vulnerability exists in IPWorks SSH that stems from the possibility of being induced to issue unintended file...

9.8CVSS6.8AI score0.75812EPSS
Exploits3References2
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.27 views

Pytorch-Lightning Security Vulnerability

Pytorch-Lightning is an open source lightweight PyTorch wrapper. It is used for high performance Ai research. A security vulnerability exists in Pytorch-Lightning version 2.2.1, which stems from mishandling of deserialized user input and mismanagement of the dunder attribute, leading to a remote...

9.8CVSS7.9AI score0.26488EPSS
Exploits3References2
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.27 views

NVIDIA ChatRTX 安全漏洞

NVIDIA ChatRTX is a content personalization chatbot from NVIDIA, USA. A security vulnerability exists in NVIDIA ChatRTX. An attacker exploited the vulnerability to alter the execution process by sending user input, which could lead to mismanagement of privileges issues...

7.5CVSS6.7AI score0.00191EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.27 views

NVIDIA ChatRTX 安全漏洞

NVIDIA ChatRTX is a content personalization chatbot from NVIDIA Corporation. A security vulnerability exists in NVIDIA ChatRTX that stems from sensitive information being transmitted in clear text...

5.5CVSS6.4AI score0.00151EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.27 views

D-Link DAP-1325 安全漏洞

D-Link DAP-1325 is a wireless network extender made by D-Link, which is mainly used to extend the wireless network coverage, support the conversion of wired network and wireless network or connect to different wireless networks. The D-Link DAP-1325 suffers from a command injection remote code...

8.8CVSS9AI score0.01187EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.27 views

Microsoft ODBC Driver 安全漏洞

Microsoft ODBC Driver is a driver from Microsoft Corporation USA. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in Microsoft ODBC Driver. An attacker could exploit the vulnerability to...

8.8CVSS9AI score0.02356EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.27 views

Apache Zeppelin 跨站请求伪造漏洞

Apache Zeppelin is an open source web-based laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. A cross-site request forgery vulnerability exists in Apache Zeppelin version 0.9.0 and earlier, which stems from a...

5.4CVSS5.6AI score0.00482EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/08 12:0 a.m.27 views

pyload injection vulnerability

pyload is a free and open source download manager written in Python, designed to be extremely lightweight, easily extensible and fully manageable over the Web. An injection vulnerability exists in versions prior to pyLoad 0.5.0b3.dev76, which stems from the presence of a log injection vulnerabili...

5.3CVSS7.2AI score0.24513EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/12/04 12:0 a.m.27 views

JBoss Enterprise Application Platform Security Vulnerability

Red Hat JBoss Enterprise Application Platform JBoss Eap is a subscription-based/open source Java Ee-based application server runtime platform from Red Hat, Inc. It is used to build, deploy, and host highly transactional Java applications and services developed and maintained by Red Hat. A securit...

7.5CVSS6.8AI score0.0072EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/11/06 12:0 a.m.27 views

WordPress Plugin Templately Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

4.8CVSS6AI score0.0062EPSS
Exploits2References3
CNNVD
CNNVD
added 2023/10/20 12:0 a.m.27 views

Atlassian Sourcetree Remote Code Execution Vulnerability

Atlassian Sourcetree is a free Git and Mercurial client tool from Atlassian Australia that manages repositories using a visual interface. A remote code execution vulnerability exists in Atlassian Sourcetree version 3.4.14, which stems from a security flaw in a component or feature that allows an...

7.8CVSS8.6AI score0.00378EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/10/14 12:0 a.m.27 views

QPDF Command Injection Vulnerability

QPDF is a software application. A C++ library and a set of programs to inspect and manipulate the structure of PDF files. A security vulnerability exists in all versions of QPDF, which stems from the inability of the encrypt method to filter parameters, resulting in a command injection...

9.8CVSS7.5AI score0.02079EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/10/09 12:0 a.m.27 views

libcue buffer error vulnerability

libcue is a CUE table parser library by the individual developer Ilya Lipnitskiy. A buffer error vulnerability exists in libcue version 2.2.1 and earlier. An attacker can exploit this vulnerability to execute arbitrary code...

8.8CVSS7.6AI score0.1657EPSS
Exploits1References10
CNNVD
CNNVD
added 2023/10/04 12:0 a.m.27 views

WordPress plugin make-paths-relative cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS6.6AI score0.00208EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.27 views

ArgoCD Path Traversal Vulnerability

ArgoCD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...

5CVSS6.7AI score0.005EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/08/23 12:0 a.m.27 views

Apache Airflow 代码问题漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow has a code issue vulnerability that can be exploited by an attacker ...

8.1CVSS7AI score0.01488EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/07/18 12:0 a.m.27 views

WordPress Plugin YARPP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

6.4CVSS6.4AI score0.00423EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.27 views

WordPress Plugin SMTP Mail 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.2CVSS6.6AI score0.00491EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/05/03 12:0 a.m.27 views

Acronis Cyber Backup和Acronis Cyber Protect 安全漏洞

Acronis Cyber Backup and Acronis Cyber Protect are both products of Singapore Acronis Acronis.Acronis Cyber Backup is a data backup product. You can backup virtual machines and hosts, support for windows, linux backup, using AcronisInstantRestore to provide extremely fast recovery performance, an...

9.3CVSS8.2AI score0.05325EPSS
Exploits5References3
CNNVD
CNNVD
added 2023/04/26 12:0 a.m.27 views

Drupal core 输入验证错误漏洞

Drupal core is a free, open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal core that stems from incorrect input validation. An attacker exploiting the vulnerability could alter sensitive data...

7.5CVSS7.3AI score0.00568EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/15 12:0 a.m.27 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that originates from obtaining...

5.3CVSS5.7AI score0.00518EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.27 views

Siemens SICAM A8000 命令注入漏洞

The Siemens SICAM A8000 is a protection and interval control unit device for relay protection and substation environments from Siemens, Germany. A command injection vulnerability exists in the Siemens SICAM A8000. The vulnerability stems from the device's failure to properly filter constructed...

9.8CVSS8.2AI score0.02836EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/03/30 12:0 a.m.27 views

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud iOS versions prior to 4.7.0, which stems from the ability to bypass the app password of an iOS app...

6.8CVSS6.5AI score0.00278EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.27 views

Rocket Software UniData 和 UniVerse 安全漏洞

Rocket Software UniVerse and Rocket Software UniData are both products of Rocket Software, Inc. Rocket Software UniVerse is a suite of database management and support software now owned by Rocket Software. Software UniData is a MultiValue application platform. Rocket Software UniData is a...

8.8CVSS8.7AI score0.0084EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/28 12:0 a.m.27 views

Smarty 跨站脚本漏洞

Smarty is a PHP-based template engine that facilitates the separation of representation HTML/CSS from application logic. A cross-site scripting vulnerability exists in Smarty versions prior to 4.3.1 and 3.1.48, which stems from not properly escaping javascript code. An attacker can exploit this...

7.1CVSS7AI score0.01025EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/03/24 12:0 a.m.27 views

WordPress plugin Calculated Fields Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

4.8CVSS6.6AI score0.00473EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/03/22 12:0 a.m.27 views

Aruba Networks AOS-CX Network Analytics Engine 安全漏洞

The Aruba Networks AOS-CX is a modern programmable network from Aruba Networks. A security vulnerability exists in the Aruba Networks AOS-CX Network Analytics Engine that can be exploited by an attacker to execute arbitrary code on the underlying operating system as a privileged user, resulting i...

8.8CVSS8.5AI score0.01141EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/18 12:0 a.m.27 views

Simple Food Ordering System 跨站脚本漏洞

Simple Food Ordering System is a simple food ordering system by the individual developer Carlo Montero. A cross-site scripting vulnerability exists in Simple Food Ordering System version 1.0, which stems from cross-site scripting due to misuse of the parameter order...

5.4CVSS4.9AI score0.02693EPSS
Exploits9References6
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.27 views

F5 BIG-IP 格式化字符串错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An elevation of privilege vulnerability exists in F5 iControl SOAP, which can be exploited by an authenticated attacker to...

8.5CVSS7.5AI score0.72646EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/17 12:0 a.m.27 views

SCS Library Client 安全漏洞

SCS Library Client is a Golang client for Singularity Container Services SCS. A security vulnerability exists in SCS Library Client. An attacker can exploit the vulnerability to perform a multi-part concurrent download...

7.6CVSS5.6AI score0.00709EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/01/15 12:0 a.m.27 views

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.1.10, which stems from the presence of stored cross-site scripting XSS. No details of the vulnerability are provided at this time...

5.4CVSS4.7AI score0.00401EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/12 12:0 a.m.27 views

Cisco TelePresence Collaboration Endpoint Software 安全漏洞

Cisco TelePresence Collaboration Endpoint Software is a suite of collaboration endpoint software from Cisco USA. A security vulnerability exists in Cisco TelePresence Collaboration Endpoint and RoomOS Software. An attacker could exploit the vulnerability to overwrite arbitrary files on the system...

7.1CVSS7.3AI score0.00194EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/02 12:0 a.m.27 views

ansible-ntp 安全漏洞

ansible-ntp is managing time synchronization, NTP servers and time zones. A security vulnerability exists in ansible-ntp that stems from insufficient control over the amount of network messages...

4.3CVSS4.8AI score0.00399EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.27 views

Amazon efs-utils 竞争条件问题漏洞

Amazon efs-utils is an EFS tool for Amazon by Amazon.com. A competing conditions vulnerability exists in Amazon efs-utils prior to v1.34.4, which stems from a potential competing conditions issue where concurrent mount operations may allocate the same local port, resulting in a failed mount...

4.2CVSS5.1AI score0.0059EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/12/22 12:0 a.m.27 views

Rdiffweb 输入验证错误漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. Provides quick access to your archives through an efficient web interface. An input validation error vulnerability exists in rdiffweb versions prior to 2.5.4, which stems from redirection...

6.1CVSS5.9AI score0.00599EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/20 12:0 a.m.27 views

Apache Airflow 命令注入漏洞

Apache Airflow is an open source platform for creating, managing and monitoring workflows from the Apache Foundation. Apache Airflow is vulnerable to a command injection vulnerability that could be exploited by remote attackers to submit ad hoc requests that could execute arbitrary commands in th...

9.8CVSS8.1AI score0.0322EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/07 12:0 a.m.27 views

Jenkins Custom Build Properties Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site scripting...

5.4CVSS5.5AI score0.00456EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.27 views

PortlandLabs Concrete CMS 跨站请求伪造漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. Concrete CMS suffers from a security vulnerability that stems from a lack of state parameters in the external authentication service, which makes it susceptible to CSRF...

8.8CVSS7.9AI score0.0044EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/10/17 12:0 a.m.27 views

Secuever reverseWall-MDS 授权问题漏洞

Secuever reverseWall-MDS is a device that connects to the reverseWall-MDS flow product from Secuever Korea. It is used to relay packets between other non-secure areas and existing secure areas. A security vulnerability exists in Secuever reverseWall-MDS that stems from insufficient user privilege...

9.8CVSS9.1AI score0.0089EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/16 12:0 a.m.27 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel. An attacker exploiting this vulnerability could cause a memory leak...

7.5CVSS6.6AI score0.00914EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.27 views

Bytebase 安全漏洞

Bytebase is an open source web-based, zero-configuration, dependency-free database schema change and version control management tool for DevOps teams.Bytebase versions 0.1.0 through 1.0.4 are vulnerable to an access control error that stems from unrestricted low privilege user access, which can b...

4.3CVSS6.8AI score0.00542EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.27 views

Apache Pulsar 输入验证错误漏洞

Apache Pulsar is an Apache Foundation distributed messaging platform for cloud environments that integrates messaging, storage, and lightweight functional computing. The software supports multi-tenancy, persistent storage, multi-room cross-regional data replication, with strong consistency, high...

6.5CVSS6.8AI score0.01253EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.27 views

WordPress plugin Max Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS6.2AI score0.00424EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.27 views

WordPress plugin Migration, Backup, Staging 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in th...

4.9CVSS5.4AI score0.18147EPSS
Exploits3References5
Total number of security vulnerabilities5000