Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2023/02/12 12:0 a.m.26 views

Qualcomm 芯片安全漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and often fabricated on the surface of semiconductor wafers. A security vulnerability exists in the Qualcomm chip wlan driver, which stems fro...

6.4CVSS5.8AI score0.00089EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/30 12:0 a.m.26 views

WordPress plugin Icon Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/12/21 12:0 a.m.26 views

Dust.js 安全漏洞

Dust.js is a LinkedIn open source asynchronous Javascript template for browsers and servers. A security vulnerability exists in Dust.js version 3.0.0, which stems from some unknown functionality that manipulates to cause improperly controlled modification of object prototype properties "prototype...

8.8CVSS6.9AI score0.01071EPSS
Exploits1References8
CNNVD
CNNVD
added 2022/11/21 12:0 a.m.26 views

Appsmith 代码问题漏洞

Appsmith is an open source platform for building, deploying and maintaining in-house applications from Appsmith Open Source. A server-side request forgery vulnerability exists in Appsmith versions prior to 1.8.2, which can be exploited by an attacker to perform authenticated server-side request...

8.8CVSS6.7AI score0.01435EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.26 views

Apache Jena 代码问题漏洞

Apache Jena is the United States Apache Apache Foundation of a Java Semantic Web framework. It is used to build semantic Web and linked data applications. A code issue vulnerability exists in Apache Jena SDB 3.17.0 and earlier versions, which stems from vulnerability to JDBC deserialization attac...

9.8CVSS8.4AI score0.01525EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/02 12:0 a.m.26 views

Apache Airflow 输入验证错误漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An input validation error vulnerability exists in Apache Airflow versions prior to...

6.1CVSS7.3AI score0.01494EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/26 12:0 a.m.27 views

Feathers SQL注入漏洞

Feathers is Feathers open source a lightweight Web framework. Used to create APIs and real-time applications using TypeScript or JavaScript . Feathers has a security vulnerability , the vulnerability stems from incorrect validation of user input...

10CVSS8.2AI score0.00729EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/10/26 12:0 a.m.26 views

Socket.IO SQL注入漏洞

Socket.IO is a JavaScript library for real-time web applications from Socket.IO. A security vulnerability exists in Socket.IO that stems from incorrect type validation when an attachment parses the Socket.io js library...

10CVSS8.2AI score0.01121EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.26 views

Jenkins Compuware Topaz Utilities Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.3CVSS5.8AI score0.00666EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/10/17 12:0 a.m.26 views

WordPress Plugin WP Custom Cursors SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists i...

7.2CVSS7.2AI score0.00921EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/10/17 12:0 a.m.26 views

WordPress Plugin WP Custom Cursors 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS6AI score0.00251EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.26 views

Nextcloud 代码问题漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platforms from Nextcloud, Germany. A code issue vulnerability exists in Nextcloud server and Nextcloud Enterprise Server that stems from a locally running web service that can be discovered...

5.3CVSS5.8AI score0.00739EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/29 12:0 a.m.26 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a security vulnerability that stems from a flaw in its netrdsallocsgs that allows unprivileged local users to crash their computers...

6.2CVSS6.7AI score0.00346EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/08/28 12:0 a.m.26 views

Froxlor 跨站请求伪造漏洞

Froxlor is a lightweight server management software from the Froxlor team. A cross-site request forgery vulnerability exists in Froxlor versions prior to 0.10.38. An attacker could exploit this vulnerability to perform cross-site request forgery attacks...

6.5CVSS6.7AI score0.00371EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/08/25 12:0 a.m.26 views

WordPress plugin Web Application Firewall 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

5.3CVSS6.7AI score0.00628EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/08 12:0 a.m.26 views

WordPress plugin WP DS Blog Map 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

4.8CVSS5AI score0.00493EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/08/01 12:0 a.m.26 views

shescape 注入漏洞

shescape is open source a simple shell escaping program package for JavaScript . Use it to escape user-controlled input to shell commands to prevent shell injection. An injection vulnerability exists in versions prior to Shescape 1.5.8, which can be exploited by an attacker to omit all arguments...

9.8CVSS8.4AI score0.011EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/07/29 12:0 a.m.26 views

GitLab CE/EE 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE that originates from an email...

8.1CVSS7.7AI score0.00705EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.26 views

Ping Identity Windows PingId 安全漏洞

Ping Identity Windows PingId is a software from Ping Identity USA that provides security for applications. A security vulnerability exists in Ping Identity Windows PingId versions prior to 2.8 that stems from an offline security key being used as part of authentication...

5.5CVSS5.8AI score0.00232EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/15 12:0 a.m.26 views

Intel Processors 输入验证错误漏洞

Intel Processors Intel processors are American Intel Intel companies that provide interpretation of computer instructions and processing of data in computer software. A denial of service vulnerability exists in Intel Processors that originates from incorrect input authentication. An authenticated...

5.5CVSS5.6AI score0.0032EPSS
Exploits0References13
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.26 views

Adobe InDesign 缓冲区错误漏洞

Adobe InDesign is a set of typesetting and editing applications from Adobe, Inc. An out-of-bounds write vulnerability exists in Adobe InDesign, which could be exploited by an attacker to execute arbitrary code in the context of the current user...

9.3CVSS6.2AI score0.01934EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/13 12:0 a.m.26 views

WordPress plugin Useful Banner Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Useful Banner Manager plugin version 1.6.1 and earlier versions are vulnerable to cross-site reques...

6.5CVSS5.5AI score0.00513EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/06/10 12:0 a.m.26 views

IBM Spectrum Copy Data Management 授权问题漏洞

IBM Spectrum Copy Data Management, an IBM company that modernizes, simplifies, and automates data center copy management processes, has an access control error in IBM Spectrum Copy Data Management Admin versions 2.2.0.0 through 2.2.15.0. vulnerability, which stems from a lack of proper session...

3.3CVSS5.6AI score0.0023EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.26 views

Illumina Local Run Manager 访问控制错误漏洞

Illumina Local Run Manager is an integrated solution from Illumina, Inc. Designed to create sequencing runs, monitor run status, analyze sequencing data, and view results, Illumina Local Run Manager is vulnerable to an access control error that could be exploited by remote attackers to gain...

9.1CVSS5.6AI score0.01031EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/13 12:0 a.m.26 views

Mattermost 资源管理错误漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. A resource management error vulnerability exists in Mattermost 6.4.1 and earlier versions, which stems from an image proxy component that allocates memory for multiple copies of a proxy image and can be exploited by an...

6.5CVSS6.4AI score0.00882EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.26 views

Strapi 代码问题漏洞

Strapi is an open source headless content management system CMS. A security vulnerability exists in Strapi v4.1.5 that allows an attacker to execute arbitrary code via a crafted file...

9.8CVSS8.8AI score0.03018EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/03/18 12:0 a.m.26 views

Digital Bazaar Forge 数据伪造问题漏洞

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. A data forgery issue vulnerability exists in versions prior to Digital Bazaar Forge 1.3.0, which originated in...

5.3CVSS5.8AI score0.00875EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/03/16 12:0 a.m.26 views

node-ipc 安全漏洞

node-ipc is a node.js module from the individual developer Brandon Nozaki Miller in the United States. It is used for local and remote inter-process communication and fully supports Linux, Mac and Windows. A security vulnerability exists in node-ipc version 10.1.1 up to and including 10.1.3. The...

10CVSS8.6AI score0.04194EPSS
Exploits1References8
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.26 views

Yokogawa Exaopc 安全漏洞

Yokogawa Electric is a server of Yokogawa Electric Yokogawa, Japan. A security vulnerability exists in CAMS for HIS Log Server in Yokogawa Electric. The vulnerability stems from CAMS for HIS Log Server not properly enabling log output. The following products and versions are affected: CENTUM CS...

8.1CVSS7.7AI score0.00792EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/03/09 12:0 a.m.26 views

Shopware 跨站脚本漏洞

Shopware is a set of open source e-commerce software from the German company Shopware.Shopware suffers from a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied and output data. An attacker could exploit this vulnerability to inject...

6.1CVSS5.4AI score0.00831EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/03/04 12:0 a.m.26 views

Tp-link Archer C2 操作系统命令注入漏洞

TP-Link Archer C2 is a wireless router from Tp-link.TP-Link Archer C20i version 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n is vulnerable due to a security flaw in the device's HTTP parameter XTP ExternalIPv6Address. ExternalIPv6Address in the device lacks filtering and escaping of user data, which...

9CVSS5.9AI score0.53956EPSS
Exploits2References4
CNNVD
CNNVD
added 2022/02/19 12:0 a.m.26 views

microweber 安全漏洞

Microweber is an online store management system from the US Microweber community that provides drag-and-drop functionality. The system includes modules for adding products, images, etc. Microweber has a security vulnerability, and no details of the vulnerability are available at this time...

5.3CVSS5.5AI score0.01049EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.26 views

XWiki Platform 安全漏洞

Xwiki Platform is a Wiki platform used to create Web collaboration applications from the French company Xwiki. XWiki Platform has an access control error vulnerability that stems from the application not properly restricting access to resources from unauthorized roles, which could be exploited by...

5.5CVSS5.6AI score0.00684EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/10/21 12:0 a.m.26 views

stb 安全漏洞

stb is a single-file public domain library for C/C. stbimage.h is one of the image loaders. stb stbimage.h is vulnerable, and an attacker could use stbimage to crash the service or read up to 1024 bytes of non-contiguous heap data without controlling where it is read...

7.1CVSS5.5AI score0.0136EPSS
Exploits1References15
CNNVD
CNNVD
added 2021/09/27 12:0 a.m.26 views

ZOOM Zoom Client 后置链接漏洞

ZOOM Zoom Client is a video conferencing client application from Zoom ZOOM USA that supports multiple platforms. A security vulnerability exists in Zoom Client for Meetings for Windows, which stems from the fact that all versions of the Zoom for Meetings for Windows client prior to version 5.3.2...

7.8CVSS7.3AI score0.00443EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.26 views

Google TensorFlow数字错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A denial of service vulnerability exists in Google TensorFlow. A local attacker could exploit this vulnerability to cause a denial of service condition...

5.5CVSS5.2AI score0.00152EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.26 views

Microsoft Office 代码注入漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and others. A code injection vulnerability exists in Microsoft Microsoft Office. The following products...

7.8CVSS7.4AI score0.54383EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/06/15 12:0 a.m.26 views

CLICK PLC CPU Modules 安全漏洞

CLICK PLC CPU Modules are Automation Direct's network devices A single CLICK CPU Module can be connected to up to eight I/O modules to expand the amount of system I/O and meet the needs of a specific application. Automation Direct CLICK PLC CPU Modules have a security vulnerability that allows an...

7.5CVSS7.3AI score0.00971EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/06/04 12:0 a.m.26 views

Auth0 跨站脚本漏洞

Auth0 is is an authentication agent that supports social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. Auth0-lock suffers from a cross-site scripting vulnerability in versions prior to 11.30.0 that can be exploited by an attacker to execute...

8.1CVSS5.7AI score0.01539EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/05/19 12:0 a.m.26 views

Cisco Finesse 输入验证错误漏洞

Cisco Finesse is a next-generation seat and supervisor desktop designed to provide a collaborative experience for the diverse communities that interact with your customer service organization. An open redirection vulnerability exists in the Web management interface of Cisco Finesse 12.61 and...

6.1CVSS5.7AI score0.00783EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/05/17 12:0 a.m.26 views

Moodle 输入验证错误漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. Moodle suffers from an input validation error vulnerability that stems from insufficient innocent handling of user-supplied data in th...

6.1CVSS7.2AI score0.01157EPSS
Exploits0References4
CNNVD
CNNVD
added 2020/12/18 12:0 a.m.26 views

MediaWiki 信息泄露漏洞

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. An information disclosure vulnerability exists in versions of MediaWiki prior...

5.3CVSS6.4AI score0.01516EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.25 views

Cloud Foundry UAA和CloudFoundry CF Deployment 数据伪造问题漏洞

Cloud Foundry UAA is an identity verification and management service terminal developed by the Cloud Foundry Foundation in the United States, and it is used on the CloudFoundry platform. CloudFoundry CF Deployment is a code deployment component provided by the Cloud Foundry Foundation. Versions o...

9CVSS5.4AI score0.00131EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.25 views

dracut project dracut 命令注入漏洞

Dracut is an event-driven initramfs generation tool developed by Dracutdevs. Dracut has a vulnerability related to operating system command injection. This vulnerability arises when remote attackers provide custom DHCP options, which are improperly processed and written into temporary shell...

7.5CVSS6.1AI score0.01131EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.25 views

Splunk Enterprise 权限许可和访问控制问题漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an access control...

5.5CVSS5.9AI score0.00189EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.25 views

VMware Spring Data MongoDB 安全漏洞

VMware Spring Data MongoDB is a MongoDB data access framework developed by the American company VMware. There is a security vulnerability in VMware Spring Data MongoDB, which stems from insufficient validation of bound parameters in repository query methods using the @Query annotation and regular...

5.9CVSS5.3AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.25 views

Broadcom Symantec Endpoint Protection CleanWipe Removal Tool 权限许可和访问控制问题漏洞

The Broadcom CleanWipe Removal Tool is an enterprise-level security software uninstallation tool developed by Broadcom Corporation. Versions of the Broadcom CleanWipe Removal Tool prior to version 16.0.0.65 contained security vulnerabilities. These vulnerabilities could allow attackers with limit...

5.4CVSS5.8AI score0.00107EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.25 views

SolarWinds Observability Self-Hosted 输入验证错误漏洞

SolarWinds Observability Self-Hosted is an observability platform developed by the American company SolarWinds. SolarWinds Observability Self-Hosted has a vulnerability related to input validation errors. This vulnerability arises when attackers can provide a specially crafted external URL,...

4.8CVSS5.3AI score0.0021EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.25 views

Microsoft Windows Telephony Server 竞争条件问题漏洞

Microsoft Windows Telephony Server is a component of the American company Microsoft. It supports the Telephone Application Programming Interface TAPI, allowing computer programs to communicate with shared telephone services. There are vulnerabilities related to competition conditions in Microsoft...

7CVSS5.3AI score0.00205EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.25 views

md-fileserver 安全漏洞

md-fileserver is a local Markdown file browser and rendering server developed by Commenthol as an individual project. Versions of md-fileserver prior to 1.10.3 contained security vulnerabilities. These vulnerabilities stemmed from the Markdown rendering logic’s failure to clean up the embedded...

7.2CVSS4.9AI score0.00213EPSS
Exploits0References2
Total number of security vulnerabilities5000