Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2025/08/06 12:0 a.m.26 views

Emby MediaBrowser 安全漏洞

Emby MediaBrowser is a media server software from Emby. A security vulnerability exists in Emby MediaBrowser, which can be exploited by an attacker to bypass authorization via a user control key...

8.8CVSS6.7AI score0.00314EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.26 views

WordPress plugin Eventin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS7.3AI score0.0465EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.26 views

Siemens SENTRON 7KT PAC1260 Data Manager 操作系统命令注入漏洞

Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy management from Siemens Germany. The Siemens SENTRON 7KT PAC1260 Data Manager suffers from an OS command injection vulnerability that stems from not cleaning up the language parameter of a specific POST request,...

9.4CVSS8.3AI score0.00864EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/11 12:0 a.m.26 views

Adobe Acrobat Reader 缓冲区错误漏洞

Adobe Acrobat is the United States of America Odo than Adobe company's set of software suite used to create, edit, view and print PDF Portable Document Format files. A security vulnerability exists in Adobe Acrobat, which stems from an out-of-bounds read issue that can be exploited by an attacker...

5.5CVSS6.5AI score0.00417EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/07 12:0 a.m.26 views

WordPress plugin A/B Image Optimizer 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversa...

9.8CVSS8.9AI score0.01966EPSS
Exploits4References1
CNNVD
CNNVD
added 2024/12/24 12:0 a.m.26 views

Hanwha Vision NVR 安全漏洞

Hanwha Vision NVR is a series of network video recorder devices from Hanwha Vision, a South Korean company. A security vulnerability exists in the Hanwha Vision NVR that originates from an attacker being able to create log files in a directory one level higher than the directory where the NVR log...

5.1CVSS7.4AI score0.01116EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.26 views

WordPress plugin Easy Appointments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS8.2AI score0.00341EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/05 12:0 a.m.26 views

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal version 10.0.X prior to 10.2.10, which stems from the presence of an allowed file manipulation vulnerability...

5.9CVSS6.3AI score0.00375EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/11 12:0 a.m.26 views

angular-base64-upload 安全漏洞

angular-base64-upload is a library by the individual developers of Adones Pitogo. A security vulnerability exists in angular-base64-upload prior to version 0.1.21, which stems from vulnerability to an unauthenticated remote code execution attack via demo/server.php...

9.8CVSS7.7AI score0.43683EPSS
Exploits5References5
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.26 views

Microsoft Internet Small Computer Systems Interface 资源管理错误漏洞

Microsoft Internet Small Computer Systems Interface is an IP network-based storage technology from Microsoft that allows computer systems to access remote SCSI storage devices over existing network infrastructures such as Ethernet. A resource management error vulnerability exists in Microsoft...

7.5CVSS6.2AI score0.02227EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/01 12:0 a.m.26 views

uPlot 安全漏洞

uPlot is a fast, memory-efficient Canvas 2D-based chart for drawing time series, lines, areas, ohlc, and bars from leeoniya personal developer. A security vulnerability exists in uPlot versions prior to 1.6.31, which stems from a lack of checking whether attributes resolve to object prototypes...

8.2CVSS7.9AI score0.0063EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/08/26 12:0 a.m.26 views

WordPress plugin Brave Popup Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS6.4AI score0.00172EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.26 views

NATS Server Security Vulnerability

NATS Server is an open source messaging system. The system is primarily used for cloud-native applications, IoT messaging, and microservices architectures. NATS.io A security vulnerability exists in NATS Server versions prior to 2.8.2 and Streaming Server versions prior to 0.24.6, which stems fro...

6.3CVSS6.7AI score0.00478EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.26 views

Number withdrawn

PyTorch is a Python package in the PyTorch open source. This CVE number has been withdrawn...

6.8AI score
Exploits0References2
CNNVD
CNNVD
added 2024/05/28 12:0 a.m.26 views

Foxit Reader 信任管理问题漏洞

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A trust management issue vulnerability exists in Foxit Reader version 2024.2.0.25138, which stems from an elevation of privilege vulnerability. No details of the vulnerability are available at this time...

8.2CVSS6.8AI score0.00464EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.26 views

GLPI 安全漏洞

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...

8.1CVSS6.2AI score0.6296EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.26 views

LG Simple Editor 安全漏洞

LG Simple Editor is a simple editor from Luckin LG Korea that creates new content by simplifying the process and instant playback on signage. LG Simple Editor suffers from an XML External Entity Handling vulnerability due to an improper restriction on XML External Entity XXE references, where a...

7.5CVSS6.5AI score0.01271EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/21 12:0 a.m.26 views

Flowise 安全漏洞

Flowise is a tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.6.5 that stems from the presence of an authentication bypass vulnerability...

7.6CVSS7AI score0.59867EPSS
Exploits4References4
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.26 views

Microsoft OLE DB Provider for SQL Server 安全漏洞

Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation that allows access to data from a variety of sources in a unified way. A security vulnerability exists in Microsoft OLE DB Provider for SQL Server. An attacker could exploit the vulnerability to remotely execute code. T...

8.8CVSS8.8AI score0.024EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.26 views

Microsoft ODBC Driver 安全漏洞

Microsoft ODBC Driver is a driver from Microsoft Corporation USA. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in Microsoft ODBC Driver. An attacker could exploit the vulnerability to...

8.8CVSS8.9AI score0.02415EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/28 12:0 a.m.26 views

WordPress Plugin Avada 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

7.7CVSS8.7AI score0.00462EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.26 views

Microsoft Xbox Gaming Services 安全漏洞

Microsoft Xbox Gaming Services is an Xbox-related gaming service from Microsoft Corporation USA. A security vulnerability exists in Microsoft Xbox Gaming Services that stems from the presence of an elevation of privilege vulnerability...

8.8CVSS8.4AI score0.00652EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/31 12:0 a.m.26 views

WordPress Plugin JetElements Code Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

9CVSS7.2AI score0.00585EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.26 views

Fortinet FortiVoice Security Vulnerability

Fortinet FortiSwitch and others are products of Fortinet, Inc. FortiSwitch is a switch product and Fortinet FortiVoice is a product of tine and others are products of tine, Inc. tine is a team collaboration software. A security vulnerability exists in Fortinet FortiVoiceEnterprise, FortiSwitch,...

8.8CVSS7AI score0.00491EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.26 views

Microsoft ODBC Driver Security Vulnerability

Microsoft ODBC Driver is a driver from Microsoft. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in Microsoft ODBC Driver. An attacker could exploit the vulnerability to remotely execute code...

7.8CVSS7.3AI score0.01034EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/29 12:0 a.m.26 views

GitLab Data Forgery Issue Vulnerability

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab is vulnerable to a data forgery issue. No information about this...

4.3CVSS6.8AI score0.00381EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/28 12:0 a.m.26 views

Jupyter Server 输入验证错误漏洞

Jupyter Server is an application used by the Jupyter organization to provide back-end services for Jupyter Web applications. An input validation error vulnerability exists in versions of Jupyter Server prior to 2.7.2, which stems from the presence of an open redirection vulnerability that could...

6.1CVSS6.2AI score0.00586EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/08/23 12:0 a.m.26 views

WordPress Plugin Donation Forms by Charitable 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

9.8CVSS8.4AI score0.00765EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.26 views

Microsoft ASP.NET Core Security Vulnerability

Microsoft ASP.NET Core is a framework of cross-platform open source framework from Microsoft. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. ASP.NET has a security vulnerability. An attacker could exploit the...

8.8CVSS6.6AI score0.74288EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/07/10 12:0 a.m.26 views

Wrodpress Plugin LionScripts: IP Blocker Lite 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. Wrodpress Plugin LionScripts: IP Blocker Li...

8.8CVSS8.1AI score0.00312EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/06 12:0 a.m.26 views

Milesight UR32L 操作系统命令注入漏洞

The Milesight UR32L is a 4G industrial router from China's Milesight. The Milesight UR32L vtyshubus toolshexcute.constprop.1 feature suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...

8.8CVSS8.2AI score0.036EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/06/19 12:0 a.m.26 views

WordPress plugin Integration for Contact Form 7 and Zoho CRM, Bigin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Integration for Contact Fo...

4.8CVSS6.6AI score0.0044EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.26 views

MinIO 安全漏洞

MinIO is an open source object storage server from US-based MinIO. The product supports building infrastructures for machine learning, analytics, and application data workloads. A security vulnerability exists in Minio Console versions prior to 0.28.0 that stems from Unicode RIGHT-TO-LEFT OVERRID...

5.3CVSS6AI score0.00648EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/29 12:0 a.m.26 views

Tuleap 跨站脚本漏洞

Tuleap is open source an application lifecycle management system that facilitates agile software development, design projects, V-modeling, requirements management and IT service management. A security vulnerability in Tuleap community versions prior to 14.8.99.60, enterprise versions prior to...

4.8CVSS5.4AI score0.00473EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/05/18 12:0 a.m.26 views

WordPress plugin Shoppable Images 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS8.1AI score0.00248EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/19 12:0 a.m.26 views

Netflix Lemur 安全特征问题漏洞

Netflix Lemur is Netflix's tool for managing TLS credential creation. A security vulnerability exists in Netflix Lemur versions prior to 1.3.2, which stems from an insufficiently randomized value used when generating default credentials, and which could be exploited by an attacker to guess...

7.5CVSS7.2AI score0.00784EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/04/16 12:0 a.m.26 views

XWiki Commons 跨站脚本漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from the fact that if the last author of a page's content has scripting privileges, a user without scripting privileges can use the Live Data macro to...

8.9CVSS4.9AI score0.00423EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.26 views

Microsoft SQL Server 安全漏洞

Microsoft SQL Server is a large commercial database system from Microsoft that is used under Microsoft Windows. A security vulnerability exists in Microsoft SQL Server. The following products and editions are affected: Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4 QFE, Microsoft SQL...

7.3CVSS7.7AI score0.00871EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.26 views

etcd 授权问题漏洞

etcd is a key-value storage system for distributed systems written in the Go language. A security vulnerability exists in Etcd-io version v.3.4.10. A remote attacker could exploit the vulnerability to elevate privileges via the debugging feature...

9.8CVSS7AI score0.01605EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/03/31 12:0 a.m.26 views

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ versions prior to 3.1.12. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

8.4CVSS6.5AI score0.00615EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.26 views

FFmpeg 资源管理错误漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg versions prior to 5.1.2. An attacker can exploit this vulnerability to execute arbitrary code...

8.1CVSS7.2AI score0.01512EPSS
Exploits1References9
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.26 views

VISAM VBASE 代码问题漏洞

VISAM VBASE is a data acquisition and monitoring system from VISAM Germany. A code issue vulnerability exists in VISAM VBASE Automation Base prior to version 11.7.5, which stems from an improper restriction on XML external entity references, and can be exploited by an attacker to trick a user int...

5.5CVSS5.8AI score0.01761EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/17 12:0 a.m.26 views

Snappy 代码问题漏洞

Snappy is a PHP library from the individual developers at KNP Labs that allows thumbnails, snapshots or PDFs to be generated from url or html pages. A code issue vulnerability exists in versions of Snappy prior to 1.4.2 that stems from a lack of protocol checks. An attacker can exploit this...

9.8CVSS8.3AI score0.0276EPSS
Exploits1References7
CNNVD
CNNVD
added 2023/03/14 12:0 a.m.26 views

Microsoft PostScript Printer Driver 安全漏洞

Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft USA. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft Corporation. Microsoft PostScript and PCL6 Class Printer Driver contains an elevation of privilege...

8.8CVSS6.9AI score0.01289EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/14 12:0 a.m.26 views

Microsoft Excel 安全漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS8AI score0.02532EPSS
Exploits3References5
CNNVD
CNNVD
added 2023/02/16 12:0 a.m.26 views

Fortinet FortiWeb 路径遍历漏洞

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure Web applications and protect sensitive database content. A security vulnerability exists in Fortinet...

6.5CVSS6.4AI score0.00558EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/12 12:0 a.m.26 views

Qualcomm 芯片安全漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and often fabricated on the surface of semiconductor wafers. A security vulnerability exists in the Qualcomm chip wlan driver, which stems fro...

6.4CVSS5.8AI score0.00089EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/30 12:0 a.m.26 views

WordPress plugin Icon Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/12/21 12:0 a.m.26 views

Dust.js 安全漏洞

Dust.js is a LinkedIn open source asynchronous Javascript template for browsers and servers. A security vulnerability exists in Dust.js version 3.0.0, which stems from some unknown functionality that manipulates to cause improperly controlled modification of object prototype properties "prototype...

8.8CVSS6.9AI score0.01071EPSS
Exploits1References8
CNNVD
CNNVD
added 2022/11/21 12:0 a.m.26 views

Appsmith 代码问题漏洞

Appsmith is an open source platform for building, deploying and maintaining in-house applications from Appsmith Open Source. A server-side request forgery vulnerability exists in Appsmith versions prior to 1.8.2, which can be exploited by an attacker to perform authenticated server-side request...

8.8CVSS6.7AI score0.01435EPSS
Exploits1References3
Total number of security vulnerabilities5000