Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/05/14 12:0 a.m.25 views

PlantUML 代码问题漏洞

PlantUML is a component that allows rapid authoring. for generating diagrams from textual descriptions. A security vulnerability exists in PlantUML versions prior to 1.2022.5, which can be exploited by an attacker to bypass URL restrictions and enable server-side request forgery SSRF...

9.1CVSS7.3AI score0.01547EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/05/13 12:0 a.m.25 views

MicroStrategy Web SDK 代码问题漏洞

The MicroStrategy Web SDK is a JavaScript library from MicroStrategy, Inc. Interact with different CARTO APIs to build custom applications on top of deck.gl that utilize vector rendering. A security vulnerability exists in MicroStrategy Web SDK version 11.1 and prior versions, which stems from a...

8.1CVSS7.7AI score0.02359EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/05/10 12:0 a.m.25 views

Siemens Desigo PXC4 安全漏洞

The Desigo PXC4 building automation controller is designed for HVAC system control. It is a compact device with built-in IOs that can be expanded to meet your needs with additional TX-IO modules.The Desigo PXC5 is a freely programmable controller for BACnet system-level functions such as alarm...

9CVSS9AI score0.01856EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/05/06 12:0 a.m.25 views

ThinkPHP 代码问题漏洞

Top Think Information Technology ThinkPHP is a PHP-based, open source, lightweight web application development framework from China's Top Think Information Technology Company. A security vulnerability exists in ThinkPHP framework versions prior to 6.0.12, which stems from unsafe deserialization i...

9.8CVSS8.3AI score0.01603EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/05 12:0 a.m.25 views

Eufy Anker Eufy Homebase 安全漏洞

Anker Eufy Homebase is a wireless home security camera system from Eufy USA. A security vulnerability exists in Anker Eufy Homebase 2 2.1.8.5h, which stems from an authentication bypass in libxmav.so getpeermac, which can be exploited by an attacker to bypass authentication via specially crafted...

8.8CVSS7.3AI score0.00989EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/04/29 12:0 a.m.25 views

NVIDIA Omniverse 安全漏洞

Nvidia Omniverse Nucleus is the database and collaboration engine for Nvidia's Omniverse. A security vulnerability exists in NVIDIA Omniverse Nucleus and Omniverse Cache that stems from a vulnerability contained in the OpenSSL configuration. An attacker could exploit this vulnerability to cause...

6.8CVSS7AI score0.0026EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/04/26 12:0 a.m.25 views

NVIDIA Jetson 缓冲区错误漏洞

NVIDIA Jetson is an embedded system development module from NVIDIA Corporation. The NVIDIA Jetson Linux Driver Package suffers from a buffer error vulnerability that stems from insufficient validation of untrusted data, which could be exploited by a local attacker to cause a memory buffer overflo...

5.6CVSS6.4AI score0.00255EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/26 12:0 a.m.26 views

ZoneMinder 路径遍历漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A remote code execution vulnerability exists in versions prior to ZoneMinder 1.36.13, which can be exploited by attackers to cause arbitrary code execution...

9.8CVSS9.4AI score0.66317EPSS
Exploits6References7
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.25 views

OWASP ESAPI 路径遍历漏洞

OWASP ESAPI is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. A path traversal vulnerability exists in ESAPI versions prior to 2.3.0.0, which stems from the default implementation of...

9.8CVSS7.2AI score0.02829EPSS
Exploits2References11
CNNVD
CNNVD
added 2022/04/23 12:0 a.m.25 views

mruby 缓冲区错误漏洞

mruby is a lightweight implementation of the Ruby language. A security vulnerability exists in mruby before 3.2, which stems from reading mrbobjiskindof out of bounds...

7.8CVSS7.2AI score0.00446EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/04/14 12:0 a.m.25 views

Juniper Networks Junos OS 缓冲区错误漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS SIP ALG, which is caused by an uninitialized pointer access...

7.5CVSS7.4AI score0.00884EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/05 12:0 a.m.25 views

ImpressCMS SQL注入漏洞

A SQL injection vulnerability exists in ImpressCMS, a database MySQL-driven, modular content management system, which can be exploited by attackers to read and modify sensitive information from the database used by the application...

8.5CVSS5.9AI score0.04146EPSS
Exploits4References5
CNNVD
CNNVD
added 2022/04/04 12:0 a.m.25 views

WordPress plugin FV Flowplayer Video Player 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress FV Flowplayer Video Player 7.5.18.727 and previous versions have a cross-site scripting vulnerability tha...

5.4CVSS5.4AI score0.00549EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/04 12:0 a.m.25 views

多款Qualcomm产品安全漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. a way of miniaturizing circuits including primarily semiconductor devices, but also passive components, etc. and is often fabricated on the surface of semiconductor wafers. A security vulnerability exists in multiple Qualcomm products that...

10CVSS8.5AI score0.00748EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/03/29 12:0 a.m.25 views

Jenkins Pipeline Phoenix AutoTest Plugin 路径遍历漏洞

Jenkins Pipeline is a set of plug-ins that support the implementation and integration of continuous delivery pipelines into Jenkins.Jenkins Pipeline Phoenix AutoTest Plugi 1.3 and earlier is vulnerable to a path traversal vulnerability that could be exploited by an attacker with Item/Configure...

6.5CVSS5.8AI score0.01519EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.25 views

Microweber 跨站脚本漏洞

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in Microweber 1.2.11 and earlier versions, which stems from a lack of filterin...

6.8CVSS5.8AI score0.02389EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.25 views

Yokogawa Exaopc 资源管理错误漏洞

Yokogawa Electric is a server of Yokogawa Electric Yokogawa, Japan. A security vulnerability exists in CAMS of the HIS Log Server in Yokogawa Electric. The vulnerability stems from uncontrolled consumption of resources by CAMS. The following products and versions are affected: CENTUM CS 3000...

8.1CVSS7.7AI score0.00792EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.25 views

Yokogawa Electric 信任管理问题漏洞

Yokogawa Electric is a server of Yokogawa Electric Yokogawa, a Japanese company. A security vulnerability exists in Yokogawa Electric. The following products and versions are affected: CENTUM VP versions R5.01.00 through R5.04.20 and R6.01.00 through R6.08.00, Exaopc versions R3.72.00 through...

9.8CVSS8.3AI score0.00981EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/03/09 12:0 a.m.25 views

Stripe CLI 操作系统命令注入漏洞

Stripe CLI is a command line tool for the Stripe e-commerce platform from Stripe Ireland. Stripe CLI suffers from an operating system command injection vulnerability that can be exploited by an attacker to run arbitrary code in the current user's environment...

7.7CVSS7.5AI score0.00329EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/03/07 12:0 a.m.25 views

Autodesk AutoCAD 资源管理错误漏洞

Autodesk AutoCAD is a suite of professional 3D drawing software from Autodesk, Inc. Autodesk AutoCAD suffers from a Resource Management Error vulnerability that can be exploited by a remote attacker to execute arbitrary code on an affected Autodesk AutoCAD installation. Exploitation of the...

7.8CVSS7.8AI score0.01538EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/03/04 12:0 a.m.25 views

Github liquibase 代码问题漏洞

Github liquibase is used to track, version, and deploy database architecture changes. A security vulnerability exists in liquibase that stems from improperly restricted XML external entity references...

9.8CVSS7.5AI score0.02921EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/03/03 12:0 a.m.25 views

Medialize URI.js 安全漏洞

Medialize URI.js is a Javascript-based code library for efficient URL stitching from the Medialize team. correctly parsed. No details of the vulnerability are currently available...

5.3CVSS5.6AI score0.01995EPSS
Exploits1References10
CNNVD
CNNVD
added 2022/03/02 12:0 a.m.25 views

Kofax Printix Secure Cloud Print Management 代码注入漏洞

Kofax Printix Secure Cloud Print Management is a cloud-based print management software from Kofax USA that is flexible, scalable and easy to use. Manage and maintain complex print environments anytime, anywhere with all the modern printing features users and organizations need. A code injection...

9.8CVSS8.4AI score0.18235EPSS
Exploits4References11
CNNVD
CNNVD
added 2022/02/24 12:0 a.m.25 views

seatd-launch 权限许可和访问控制问题漏洞

Seatd is an administrative daemon. It is used to mediate access to shared devices graphics, input. seatd-launch A security vulnerability exists in seatd versions 0.6.x through 0.6.4, which stems from a lack of privilege restrictions in the software that allow files with escalated privileges to be...

9.8CVSS7.9AI score0.02076EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/02/11 12:0 a.m.25 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in Google Android, which stems from allowing untrusted applications to load arbitrary URLs and local files. No details of the vulnerability are currently available...

4CVSS5.8AI score0.00218EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.25 views

Cybele Software Thinfinity VirtualUI 信息泄露漏洞

Cybele Software Thinfinity VirtualUI is a solution from Cybele Software, Inc. that supports embedding remote Windows applications into standard web applications to allow two-way interaction with Javascript programming. Cybele Software Thinfinity VirtualUI suffers from an information disclosure...

7.5CVSS7.5AI score0.12785EPSS
Exploits3References7
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.25 views

Google TensorFlow 代码问题漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a code issue vulnerability that can be exploited by an attacker to cause a process to crash because it encounters an incorrect StatusOr value and force it to extra...

7.5CVSS5.8AI score0.00973EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/01/03 12:0 a.m.25 views

WordPress plugin 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress plugin LiteSpeed Cache versions prior to 4.4.4. The vulnerability stems from the program...

4.8CVSS5.3AI score0.00654EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/12/23 12:0 a.m.25 views

cve-search 安全漏洞

Cve-Search is a tool that performs local searches for known vulnerabilities. It is used for searching, indexing, correlating and managing software vulnerabilities. cve-search versions prior to 4.1.0 have a security vulnerability that stems from lib/DatabaseLayer.py allowing regular expression...

7.5CVSS5.6AI score0.01874EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.25 views

Microsoft Windows Codecs Library 代码注入漏洞

The Web Media Extensions package extends Microsoft Edge and Windows 10 to support open source formats commonly found on the Web.A remote code execution vulnerability exists in Microsoft Web Media Extensions. An attacker could exploit this vulnerability to execute code on the target host...

9.8CVSS6.7AI score0.01732EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.25 views

WordPress 插件跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. Pixel Cat Plugin is a WordPress open source application plugin. WordPress Pixel Cat Plugins has a cross-site reques...

9CVSS5.6AI score0.00535EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/12/07 12:0 a.m.25 views

Raspberry Pi Os安全漏洞

Raspberry Pi Os is a minimized image from the UK Raspberry Pi Foundation based on the latest version of Debian. Raspberry Pi Os suffers from a security vulnerability that stems from the fact that operating systems prior to Raspberry Pi 5.10 have default passwords for Raspberry Pi accounts, which...

10CVSS8.3AI score0.15666EPSS
Exploits3References6
CNNVD
CNNVD
added 2021/12/06 12:0 a.m.25 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress WOOCS plugin has a cross-site scripting vulnerability in versions prior to 1.3.7.1, which stems...

6.1CVSS5.6AI score0.00795EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/11/17 12:0 a.m.25 views

WordPress 代码问题漏洞

WordPress is a blogging platform developed using the PHP language, which supports setting up personal blogging sites on PHP and MySQL servers. WordPress plugin Popular Posts 5.3.2 and previous versions are vulnerable to arbitrary file uploads. An attacker could exploit the vulnerability to upload...

8.8CVSS6.4AI score0.79823EPSS
Exploits5References8
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.25 views

Google TensorFlow安全漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow caused by converting a signed integer value to an unsigned integer value and then allocating memory based on that value. No details of the...

5.5CVSS5.3AI score0.00154EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/06/25 12:0 a.m.25 views

IBM AIX 输入验证错误漏洞

IBM AIX is an open standards-based UNIX operating system developed by IBM for the IBM Power architecture. IBM AIX is vulnerable to an input validation error that allows a local user with higher group privileges to exploit a vulnerability in the lpd daemon. No detailed vulnerability details are...

4.9CVSS5.6AI score0.00649EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/06/25 12:0 a.m.25 views

Istio 权限许可和访问控制问题漏洞

Istio is a set of open platforms for connecting, managing, and securing microservices. Istio is vulnerable to a privilege permission and access control issue that arises from an application that does not properly impose security restrictions. This vulnerability could allow an attacker to access...

8.8CVSS7.9AI score0.01972EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/05/11 12:0 a.m.25 views

Microsoft Exchange Server 代码注入漏洞

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voicemail, email filtering and screening, and other features. A code injection vulnerability exists in Microsoft Exchange Server. The followin...

8.8CVSS7.7AI score0.73676EPSS
Exploits3References4
CNNVD
CNNVD
added 2021/05/10 12:0 a.m.25 views

OpenAPI Tools OpenAPI Generator 安全漏洞

OpenAPI Tools OpenAPI Generator is an OpenAPI generator. The product allows automatic generation of API client libraries SDK generation, server stubs, documentation, configuration, etc. for a given OpenAPI specification v2, v3. A security vulnerability exists in Openapi generator. The vulnerabili...

6.2CVSS5.9AI score0.00404EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/04/15 12:0 a.m.25 views

Envoy 代码问题漏洞

Envoy is an open source distributed proxy server. versions prior to Envoy 1.71.1 are vulnerable to a null pointer dereference vulnerability, which can be exploited by attackers to crash the program...

7.5CVSS5.6AI score0.01686EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/03/29 12:0 a.m.25 views

Aruba Access Points 输入验证错误漏洞

Aruba Instant is a cloud-hosted controller-less wireless access point. Aruba Instant suffers from an arbitrary file modification vulnerability that can be exploited by an attacker via the Web UI to overwrite arbitrary files with content under their control...

8.5CVSS5.8AI score0.13312EPSS
Exploits5References9
CNNVD
CNNVD
added 2021/03/11 12:0 a.m.25 views

Wind River VxWorks 缓冲区错误漏洞

Wind River VxWorks is an operating system from Wind River, Inc. the industry-leading real-time operating system for building embedded devices and systems. A buffer overflow vulnerability exists in Wind River VxWorks versions 6.5 through 7, which can be exploited by a remote attacker to submit a...

9.8CVSS6.6AI score0.01894EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.24 views

CyberArk Idira Endpoint Privilege Manager 安全漏洞

CyberArk Idira Endpoint Privilege Manager is a terminal privilege management agent developed by the American company CyberArk. Vulnerabilities existed in versions of CyberArk Idira Endpoint Privilege Manager prior to version 26.5. These vulnerabilities stemmed from improper access control in the...

8.9CVSS5.3AI score0.00124EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.24 views

Netty 访问控制错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.135.Final and 4.2.15.Final contained an access control vulnerability. This vulnerabilit...

8.1CVSS5.3AI score0.00573EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.24 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained security vulnerabilities. These vulnerabilities stemmed...

7.5CVSS5.3AI score0.00441EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.24 views

WordPress plugin Simple Link Directory 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.4CVSS5AI score0.00141EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.24 views

NoMachine 参数注入漏洞

NoMachine is a remote desktop access tool developed by NoMachine Company in Luxembourg. Versions of NoMachine prior to 9.5.7 and 8.23.2 contained a parameter injection vulnerability. This vulnerability stemmed from improper of parameter separators in commands, which could lead to parameter...

7.3CVSS5.5AI score0.00131EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.24 views

Fission 访问控制错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.23.0 contained a access control vulnerability. This vulnerability stemmed from the storagevc component failing to perform any authentication or authorization when registering the archive CR...

8.8CVSS5.3AI score0.00344EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.24 views

Microsoft azure kubernetes service 路径遍历漏洞

Microsoft Azure Kubernetes Service is a service provided by Microsoft Corporation for deploying, managing, and scaling containerized applications. Microsoft Azure Kubernetes Service has a path traversal vulnerability. Attackers can exploit this vulnerability to execute code remotely...

8.8CVSS6AI score0.00336EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.24 views

WordPress plugin rognone 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.1AI score0.00208EPSS
Exploits0References3
Total number of security vulnerabilities5000