Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2024/05/03 12:0 a.m.25 views

Sante DICOM Viewer Pro 安全漏洞

Santesoft Sante DICOM Viewer Pro is a powerful viewer, anonymizer, converter and PACS client from Santesoft Cyprus. Works with DICOM files of all models and manufacturers. A security vulnerability exists in Sante DICOM Viewer Pro, which stems from a lack of proper validation of user-supplied data...

8.8CVSS8AI score0.00916EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/01 12:0 a.m.25 views

Cisco IP Phone 安全漏洞

The Cisco IP Phone is a hardware device from the American company Cisco, Inc. IP Phone that provides calling capabilities. A security vulnerability exists in the Cisco IP Phone that stems from a lack of authentication to a specific endpoint, which could allow an unauthenticated remote attacker to...

7.5CVSS6.7AI score0.00803EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/12 12:0 a.m.25 views

WordPress Plugin No-Bot Registration 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

4.3CVSS6.4AI score0.002EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/05 12:0 a.m.25 views

WordPress plugin Gutenberg Blocks by Kadence Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

6.5CVSS8.2AI score0.00427EPSS
Exploits3References3
CNNVD
CNNVD
added 2024/03/12 12:0 a.m.25 views

s::can moni::tools SQL Injection Vulnerability

s::can moni::tools is a platform from s::can for managing a virtually unlimited number of sites, online probes, analyzers, and parameters. A SQL injection vulnerability exists in s::can moni::tools version 4.6.3, which originates from the ability to send a specially crafted SQL query to the serve...

9.8CVSS7.6AI score0.02165EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.25 views

GitLab Access Control Error Vulnerability

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from an Access Control Error vulnerability that stems from the...

7.7CVSS7.1AI score0.00455EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/31 12:0 a.m.25 views

stereoscope path traversal vulnerability

stereoscope is a library for working with container image contents, layer file trees, and compressed file trees. A path traversal vulnerability exists in stereoscope versions prior to 0.0.1, which stems from an attempt by Stereoscope to unarchive content that will result in writing to a path...

9.8CVSS6.8AI score0.00393EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/11 12:0 a.m.25 views

Google Chromecast Security Breach

Google Chromecast is a technology from the American company Google Google. It allows you to stream your favorite entertainment and apps from your phone, tablet or laptop directly to your TV or speakers. Google Chromecast has a security vulnerability that stems from the presence of a code executio...

9.8CVSS7.5AI score0.00372EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/14 12:0 a.m.25 views

Microsoft ASP.NET Core Security Vulnerability

Microsoft ASP.NET Core is a framework of cross-platform open source framework from Microsoft. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. A security vulnerability exists in Microsoft ASP.NET Core. An...

8.2CVSS6.5AI score0.02777EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/12 12:0 a.m.25 views

Microsoft Windows Codecs Library Security Vulnerability

The Microsoft Windows Codecs Library is a library of features for the Microsoft Windows system from Microsoft Corporation. A security vulnerability exists in the Microsoft Windows Codecs Library. An attacker can exploit this vulnerability to remotely execute code. The following products and...

8.8CVSS6.9AI score0.01009EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.25 views

Diebold Nixdorf Vynamic View Console Code Issue Vulnerability

The Diebold Nixdorf Vynamic View Console is a system from Diebold Nixdorf that allows remote changes to all PC-based devices via Intel Active Management Technology AMT BIOS management. A security vulnerability exists in Diebold Nixdorf Vynamic View Console v.5.3.1 and prior versions, which...

7.8CVSS7.5AI score0.00395EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.25 views

Microsoft Service Fabric 安全漏洞

Microsoft Service Fabric is a set of distributed system platform from Microsoft. The platform is primarily used for packaging, deploying, and managing microservices and containers. A security vulnerability exists in Microsoft Service Fabric. An attacker could exploit this vulnerability to obtain...

6.5CVSS7.2AI score0.00695EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/06/19 12:0 a.m.25 views

WordPress plugin qubotchat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

4.8CVSS6.4AI score0.00442EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/06/06 12:0 a.m.25 views

WordPress plugin ReviewX 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS8.3AI score0.1748EPSS
Exploits4References6
CNNVD
CNNVD
added 2023/06/05 12:0 a.m.25 views

WordPress Plugin WooFramework Tweaks 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

6.1CVSS5.1AI score0.00459EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/27 12:0 a.m.25 views

GitLab 资源管理错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab suffers from a Resource Management Error vulnerability that stems from ...

7.5CVSS7.3AI score0.00787EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/25 12:0 a.m.25 views

NFine Rapid Development Platform 安全漏洞

NFine Rapid Development Platform is a C language based, very fast WEB + ORM framework for NFine individual developers. A security vulnerability exists in NFine Rapid Development Platform, which stems from systemManage/Organize/GetTreeGridJson?search=false&nd=1681813520783&rows=10000&page=1&...

6.5CVSS5.3AI score0.00678EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/05/24 12:0 a.m.26 views

Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is the entry controller for Cloud Native Computing Foundation's Kubernetes, using NGINX as a reverse proxy and load balancer. A security vulnerability exists in Kubernetes ingress-nginx. An attacker can exploit this vulnerability to obtain the credentials of the...

7.6CVSS6.8AI score0.00694EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/27 12:0 a.m.25 views

Trust Wallet Core 安全特征问题漏洞

Trust Wallet Core is an open source, cross-platform, mobile-centric library from Trust Wallet, Inc. A security vulnerability exists in Trust Wallet Core versions prior to 3.1.1, Trust Wallet browser extension prior to 0.0.183, which stems from mt19937 Mersenne Twister uses a single 32-bit value a...

5.9CVSS5.9AI score0.00983EPSS
Exploits2References6
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.25 views

SolarWinds Database Performance Analyzer 路径遍历漏洞

SolarWinds Database Performance Analyzer is a set of database performance analyzers from SolarWinds Inc. in the United States. The product is used for SQL query performance monitoring, analysis and tuning, etc. A security vulnerability exists in SolarWinds Database Performance Analyzer version...

6.5CVSS6.8AI score0.01272EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/20 12:0 a.m.25 views

Spring Framework 安全漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. Spring Boot has a security vulnerability that stems from a security bypass using wildcard pattern matching...

9.8CVSS8AI score0.01122EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/04/10 12:0 a.m.25 views

WordPress plugin Stylish Cost Calculator Premium 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS6.3AI score0.00458EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/04/10 12:0 a.m.25 views

Apache Linkis 代码问题漏洞

Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. A code execution vulnerability exists in Apache Linkis 1.3.1 and earlier versions, which stems from a lack of valid filtered parameters, and can be exploited by an...

9.8CVSS8.4AI score0.0212EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.25 views

VISAM VBASE 代码问题漏洞

VISAM VBASE is a data acquisition and monitoring system from VISAM Germany. A code issue vulnerability exists in VISAM VBASE Automation Base versions prior to 11.7.5 that stems from the presence of an information leak...

5.5CVSS5.7AI score0.00255EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/27 12:0 a.m.25 views

多款Tenda产品 命令注入漏洞

Tenda CP7 and others are a smart camera from Tenda China. Tenda has a security vulnerability that stems from the susceptibility of certain products to command injection attacks, the following products and versions are affected: Tenda CP7 Tenda CP7 V11.10.00.2211041403 and prior versions, Tenda CP...

9.8CVSS8.3AI score0.02456EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.25 views

Microsoft SQL Server 安全漏洞

Microsoft ODBC Driver is a driver from Microsoft. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in Microsoft SQL Server. The following products and editions are affected:Microsoft SQL Server...

7.8CVSS7.9AI score0.0074EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/13 12:0 a.m.25 views

Siemens Teamcenter Visualization 和 JT2Go 缓冲区错误漏洞

Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. Siemens JT2GO is a JT file viewer. Siemens Teamcenter Visualization and JT2Go are vulnerable to a heap buffer overflow vulnerability that could be exploited by an attacker ...

7.8CVSS7.6AI score0.00436EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/20 12:0 a.m.25 views

Open vSwitch 缓冲区错误漏洞

Open vSwitch is an open source virtual switch. Open vSwitch suffers from a buffer error vulnerability that stems from allowing an attacker to achieve integer underflow in its specific TLV...

9.8CVSS8.4AI score0.01324EPSS
Exploits0References14
CNNVD
CNNVD
added 2022/12/19 12:0 a.m.25 views

WordPress plugin SMSA Shipping for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.5CVSS6.5AI score0.00382EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/12/16 12:0 a.m.25 views

FFmpeg 代码问题漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. FFmpeg has a code issue vulnerability that stems from the vp3decodeframe function in its libavcodec/vp3.c file that does not reasonably check the return result of the avmalloc function, whi...

7.5CVSS7AI score0.0142EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.25 views

Apple iOS 安全漏洞

Apple iOS is a set of operating systems developed for mobile devices by the American company Apple. A security vulnerability exists in Apple iOS and macOS. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the manufacturer's bulletin...

5.5CVSS5.7AI score0.00294EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/12/06 12:0 a.m.25 views

Proofpoint Enterprise Protection 跨站脚本漏洞

Proofpoint Enterprise Protection is an application from Proofpoint USA. It provides functionality to protect e-mail. A security vulnerability exists in Proofpoint Enterprise Protection PPS/PoD version 8.19.0 and prior versions, which stems from the Administrator Smart Search feature containing a...

9.6CVSS8.1AI score0.00612EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/05 12:0 a.m.25 views

AMI MegaRAC 安全漏洞

AMI MegaRAC is a family of service processor products from AMI. Complete out-of-band or unlit remote management of computer systems independent of operating system state or location is available to troubleshoot computers and ensure service continuity. A security vulnerability exists in AMI MegaRA...

7.5CVSS8.2AI score0.0171EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/28 12:0 a.m.25 views

FusionAuth 路径遍历漏洞

FusionAuth is FusionAuth open source a best-of-breed authentication solution built for developers. A security vulnerability exists in versions prior to FusionAuth 1.41.3 that stems from allowing files outside of the application root directory to be viewed or retrieved using HTTP requests...

7.5CVSS7.2AI score0.00667EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/13 12:0 a.m.25 views

OpenKM 安全漏洞

OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, file history and file sharing. A security vulnerability exists in OpenKM versions prior to 6.3.11, which originates from an unknown function getFileExtension in the...

5.5CVSS5.7AI score0.00526EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/11/09 12:0 a.m.25 views

VMware Workspace ONE Assist 跨站脚本漏洞

VMware Workspace ONE Assist is a real-time remote support solution from VMware, Inc. Allows VMware Workspace ONE UEM administrators to remotely access and troubleshoot devices in real-time while respecting end-user privacy. A security vulnerability exists in VMware Workspace ONE Assist prior to...

6.1CVSS7.5AI score0.00434EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/04 12:0 a.m.25 views

Palantir 日志信息泄露漏洞

Palantir is a data platform from US-based Palantir that reimagines how people use data by removing the barriers between back-end data management and front-end data analysis. A security vulnerability exists in Palantir Foundry Magritte plugin osisoft-pi-web-connector prior to version 0.44.0, which...

4.2CVSS5.1AI score0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/01 12:0 a.m.25 views

Apache Spark 注入漏洞

Apache Spark, a large-scale data processing engine from the Apache Foundation that supports acyclic data streaming and in-memory computing, is vulnerable to injection. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in a user's web browser...

5.4CVSS7.5AI score0.01473EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/16 12:0 a.m.25 views

Gitea 参数注入漏洞

Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in versions of Gitea prior to 1.17.3, which stems from its failure to clean up and escape references in the git backend resulting in incorrectly handled arguments to git commands...

9.8CVSS5.7AI score0.01051EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/10/07 12:0 a.m.25 views

Apache Airflow 代码问题漏洞

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. Apache Airflow 2.4.1 and earlier versions have a code issue vulnerability that stems from the failure of deactivated users to prevent authenticated users from continuing to use t...

8.1CVSS6.9AI score0.01197EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/30 12:0 a.m.25 views

Bento4 安全漏洞

Bento4 is an open source C++ library for reading and writing MP4 files. A denial of service vulnerability exists in Bento4 version 1.6.0-639, which stems from excessive memory consumption in the AP4Array ::EnsureCapacity function in Core/Ap4Array.h. The vulnerability can be exploited to cause a...

5.5CVSS6.7AI score0.00341EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.25 views

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. Google TensorFlow suffers from a security vulnerability that stems from FractionalMaxPoolGrad validating its inputs by asserting a failure instead of returning an error. T...

7.5CVSS7.6AI score0.00396EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.25 views

Microsoft .NET Framework 安全漏洞

Microsoft .NET Framework is a comprehensive and consistent programming model from Microsoft Corporation USA and a development platform. The platform includes the C and Visual Basic programming languages, a public language runtime library, and an extensive class library. A security vulnerability...

7.8CVSS7.6AI score0.01319EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/07 12:0 a.m.25 views

FPT G-97RG6M和FPT G-97RG3 操作系统命令注入漏洞

The FPT G-97RG6M and FPT G-97RG3 are both modems from FPT Vietnam. An operating system command injection vulnerability exists in the FPT G-97RG6M version R4.2.98.035, and the G-97RG3 version R4.2.43.078, which stems from vulnerability to remote command execution in the ping function...

8.8CVSS8.2AI score0.0188EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/08/29 12:0 a.m.25 views

libmodbus 缓冲区错误漏洞

libmodbus is a library written in C that can send/receive data according to the Modbus protocol. A security vulnerability exists in libmodbus, which stems from a heap-based buffer overflow flaw found in the function modbusreply in src/modbus.c. The vulnerability is caused by a heap-based buffer...

7.8CVSS7.2AI score0.00432EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/07/25 12:0 a.m.25 views

Patlite 缓冲区错误漏洞

Patlite is a network monitoring indicator from Patlite Japan. It is used to detect network anomalies with instant notification by light, sound and email. A buffer error vulnerability exists in Patlite versions 1.45 and earlier, which stems from the fact that it allows an attacker to implement a...

7.5CVSS7.7AI score0.02045EPSS
Exploits2References6
CNNVD
CNNVD
added 2022/07/11 12:0 a.m.25 views

WordPress plugin Sharebar 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. versions of the WordPress Sharebar plugin prior to 1.4.1 are vulnerable to cross-site request...

5.4CVSS5.3AI score0.00292EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/07/06 12:0 a.m.25 views

IBM App Connect Enterprise 信任管理问题漏洞

IBM App Connect Enterprise is an operating system from IBM Corporation of the U.S.A. IBM App Connect Enterprise combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native technologies to IBM App Connect Enterprise combines existing...

6.5CVSS7AI score0.0044EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/07/01 12:0 a.m.25 views

OpenSSL 缓冲区错误漏洞

OpenSSL is an open source Openssl team's general-purpose cryptographic library capable of implementing Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports multiple encryption algorithms, including symmetric ciphers, hashing algorithms, secure hashing...

10CVSS6.6AI score0.44881EPSS
Exploits3References7
CNNVD
CNNVD
added 2022/06/01 12:0 a.m.25 views

Dell BSAFE Micro Edition Suite 缓冲区错误漏洞

Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificate, and transport layer security for c/c applications, devices, and systems.Dell BSAFE Micro Edition Suite is vulnerable to a buffer overflow vulnerability that could be exploited by remote attackers to submit ...

7.5CVSS6.1AI score0.01031EPSS
Exploits0References4
Total number of security vulnerabilities5000