Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2024/09/25 12:0 a.m.24 views

Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software that originates from...

8.6CVSS7AI score0.0063EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/12 12:0 a.m.24 views

Solara Security Breach

Solara is a pure Python, React style framework open sourced by widgetti. It is used to extend Jupyter and web applications. A security vulnerability exists in Solara versions prior to 1.35.1, which stems from a failure to properly validate a URI fragment for a directory traversal sequence, which...

8.6CVSS6.5AI score0.02884EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.24 views

Red Hat Keycloak Information Disclosure Vulnerability

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. An information disclosure vulnerability exists in Red Hat Keycloak. An attacker could exploit the vulnerability to cause a data leak or system...

8.1CVSS6.4AI score0.02837EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.24 views

Microsoft SharePoint 代码问题漏洞

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code...

7.8CVSS8.2AI score0.01187EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/06/09 12:0 a.m.24 views

WordPress plugin MainWP UpdraftPlus Extension Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6.7AI score0.00293EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.24 views

Submariner Operator 安全漏洞

Submariner Operator is a Submariner open source for installing Submariner components on Kubernetes clusters. A security vulnerability exists in Submariner Operator, which stems from unnecessary role-based access control privileges that allow a privileged attacker to steal service account tokens a...

6.6CVSS6.4AI score0.00504EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/17 12:0 a.m.24 views

Red Hat Keycloak 路径遍历漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A path traversal vulnerability exists in Red Hat Keycloak that stems from an inability to properly validate the inclusion of a URL in a redirec...

8.1CVSS7.9AI score0.01552EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.24 views

Microsoft OLE DB Provider for SQL Server 安全漏洞

Microsoft OLE DB Driver for SQL Server is a standalone data access application programming interface API for OLE DB. A remote code execution vulnerability exists in Microsoft OLE DB Driver for SQL Server, which can be exploited by an attacker to execute arbitrary code on the system...

7.5CVSS8.8AI score0.01777EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.24 views

Microsoft ODBC Driver 安全漏洞

Microsoft ODBC Driver is a driver from Microsoft Corporation USA. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in the Microsoft ODBC Driver. The following products and editions are...

8.8CVSS8.9AI score0.02351EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/04 12:0 a.m.24 views

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS 11.1 and prior versions that stems from vulnerability to...

6.1CVSS6AI score0.0047EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/12 12:0 a.m.24 views

Microsoft Open Management Infrastructure Security Vulnerability

Microsoft Open Management Infrastructure is a free, open source Common Information Model CIM management server from Microsoft. A security vulnerability exists in Microsoft Open Management Infrastructure. An attacker could exploit the vulnerability to remotely execute code. The following products...

9.8CVSS6.7AI score0.20157EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/14 12:0 a.m.25 views

F5 Nginx Code Issues Vulnerabilities

F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 Inc. distributed under the BSD-like protocol. A security vulnerability exists in F5 Nginx Plus version R31, which stems from an undisclosed request that could cause an NGINX worker process to...

7.5CVSS8.4AI score0.01061EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.24 views

Drupal Security Vulnerabilities

Drupal is an open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal version 9.3.6, which stems from the presence of a Denial of Service DoS vulnerability...

7.5CVSS6.9AI score0.00791EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/01/08 12:0 a.m.24 views

WordPress Plugin Wholesale Suite Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS6.6AI score0.0046EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/15 12:0 a.m.24 views

XWiki Platform Security Vulnerability

XWiki Platform is the XWiki Foundation's suite of wiki platforms for creating collaborative web applications. A security vulnerability exists in XWiki Platform that stems from the fact that in the administration interface, anyone who can edit any wiki page in an XWiki installation can gain...

9.9CVSS7.1AI score0.01188EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.24 views

quiche security breach

quiche is a Cloudflare open source implementation of the IETF-designated QUIC transport protocol and HTTP/3. A security vulnerability exists in quiche versions v0.15.0 through 0.19.0, which stems from a QUIC path authentication requirement that the recipient of a PATHCHALLENGE frame responds by...

5.3CVSS7AI score0.00763EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/29 12:0 a.m.24 views

Google Chrome Security Vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome version 119.0.6045.199 and prior versions, which stems from a memory reuse after release issue in the libavif module...

8.8CVSS6.6AI score0.01118EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/11/10 12:0 a.m.24 views

Mobileiron Sentry Security Vulnerability

Mobileiron Sentry is a Smart Gateway product from Mobileiron, Inc. A security vulnerability exists in Mobileiron Sentry Sentry-javascript prior to version 7.77.0, which arises from unpurified input that allows HTTP requests to be sent to arbitrary URLs and responses to be reflected back to the us...

9.3CVSS6.8AI score0.00631EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.24 views

light-oauth2 Trust Management Issue Vulnerability

light-oauth2 is networknt open source a light-4j based fast , lightweight cloud-native OAuth 2.0 authorization microservice . light-oauth2 version 2.1.27 before the existence of a security vulnerability , the vulnerability stems from obtaining the public key without any validation , allowing an...

5.9CVSS6.7AI score0.0055EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/10/20 12:0 a.m.24 views

Number withdrawn

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. This CVE number has been withdrawn...

6.9AI score
Exploits2References4
CNNVD
CNNVD
added 2023/10/12 12:0 a.m.24 views

WordPress plugin Contact Form by Supsystic Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS6.6AI score0.00208EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/06 12:0 a.m.24 views

WordPress Plugin authLdap Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS6.5AI score0.00204EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/05 12:0 a.m.24 views

Mganss HtmlSanitizer Cross-Site Scripting Vulnerability

Mganss HtmlSanitizer is a C, AngleSharp based software from Mganss Individual Developers for use in clearing HTML code and documents from source code that could lead to XSS attacks. Mganss HtmlSanitizer suffers from a cross-site scripting vulnerability that stems from the presence of a cross-site...

6.1CVSS5.5AI score0.00363EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/02 12:0 a.m.24 views

free5GC Cross-Site Request Forgery Vulnerability

free5GC is a 5th Generation 5G mobile core network open source project by free5GC open source. free5GC suffers from a cross-site request forgery vulnerability that stems from the presence of a cross-site request forgery CSRF vulnerability. An attacker can exploit this vulnerability to create,...

9.8CVSS6.7AI score0.0033EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/06 12:0 a.m.24 views

Snappy Code Issue Vulnerability

Snappy is a PHP library from KNP Labs Individual Developers that allows thumbnails, snapshots, or PDFs to be generated from url or html pages. Snappy is vulnerable to a code issue. An attacker can exploit this vulnerability to remotely execute code...

9.8CVSS7.3AI score0.01877EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/08/22 12:0 a.m.24 views

QEMU 代码问题漏洞

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A code issue vulnerability exists in QEMU rocker device model 7.0.0 and earlier versions, which stems from a null pointer dereference issue in...

10CVSS6.7AI score0.01401EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/18 12:0 a.m.24 views

WordPress plugin WOLF 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS6.9AI score0.00211EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/19 12:0 a.m.24 views

Matthäus G. Chajdas pygments 代码问题漏洞

Matthäus G. Chajdas pygments is a Matthäus G. Chajdas open source application. It provides generic syntax highlighting tool functionality. A security vulnerability exists in pygments 2.15.0 and earlier versions, which stems from a regular expression denial of service ReDoS vulnerability in...

5.5CVSS6.2AI score0.00503EPSS
Exploits1References7
CNNVD
CNNVD
added 2023/07/18 12:0 a.m.24 views

WordPress Plugin Smart YouTube PRO 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS7.9AI score0.00253EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.24 views

Apache Airflow 路径遍历漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A path traversal vulnerability exists in Apache Airflow versions prior to 2.6.3,...

6.5CVSS6.8AI score0.01787EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.24 views

WordPress Plugin PHP Compatibility Checker 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS8AI score0.00271EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/19 12:0 a.m.24 views

WordPress plugin WP Custom Cursors SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...

7.2CVSS7.3AI score0.00945EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/06/05 12:0 a.m.24 views

KylinSoft youker-assistant 安全漏洞

KylinSoft youker-assistant is a system management and configuration tool from China's Kylin Software KylinSoft. A security vulnerability exists in KylinSoft youker-assistant versions prior to 3.0.2-0kylin6k70-23, which stems from incorrect access control...

7.1CVSS5.5AI score0.00306EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/05/23 12:0 a.m.24 views

Yank Note 安全漏洞

Yank Note is a highly extensible Markdown editor by purocean individual developers in China. A security vulnerability exists in Yank Note v3.52.1, which allows users to execute arbitrary code by opening a specially crafted file...

8.8CVSS8.4AI score0.04898EPSS
Exploits3References5
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.24 views

Jenkins Plugin Ansible 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.1AI score0.00377EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.24 views

Wordpress plugin Surbma | GDPR Proof Cookie Consent & Notice Bar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

6.5CVSS6.4AI score0.00361EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.24 views

Campcodes Advanced Online Voting System SQL注入漏洞

Campcodes Advanced Online Voting System is an online voting system. Campcodes Advanced Online Voting System v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of external input SQL statements in the parameter voter of the file login.php, which can be exploite...

8.8CVSS7.9AI score0.0074EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/04/12 12:0 a.m.24 views

WordPress plugin WP Data Access 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS8.2AI score0.02726EPSS
Exploits3References6
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.24 views

Microsoft PostScript Printer Driver安全漏洞

Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft.Microsoft PCL6 Class Printer Driver is a printer driver from Microsoft. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft. A remote code execution...

8.8CVSS9.6AI score0.0164EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/31 12:0 a.m.24 views

Jeecg-Boot 授权问题漏洞

Jeecg-Boot is a code generator based low-code platform from the JeecgBoot community. An authorization issue vulnerability exists in Jeecg-Boot version 3.5.0 that stems from incorrect authentication...

9.8CVSS6.5AI score0.00997EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/03/23 12:0 a.m.24 views

3s-smart Software Solutions CODESYS 路径遍历漏洞

3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. A path traversal vulnerability exists in 3s-smart Software Solutions CODESYS that could be exploited by a remote, low-privilege attacker to access and modify all system files and...

8.8CVSS7.9AI score0.01022EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.24 views

Cloudflare cloudflared 后置链接漏洞

Cloudflare cloudflared is a cloud server security management platform from American company Cloudflare. The platform provides firewall analysis, cache control, role-based access, and more. A security vulnerability exists in Cloudflare cloudflared Windows 32-bit version 2023.3.0 and earlier, which...

7.8CVSS7.3AI score0.00259EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/17 12:0 a.m.24 views

Miniflux 跨站脚本漏洞

Miniflux is a minimalist synopsis reader. A cross-site scripting vulnerability exists in Miniflux version v2.0.25 and later. An attacker exploits this vulnerability to force a victim to open a corrupted image, which could result in JavaScript being executed on an instance of Miniflux...

5.4CVSS5.4AI score0.00586EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/03/06 12:0 a.m.24 views

dot-lens 安全漏洞

dot-lens is a JavaScript library. A security vulnerability exists in dot-lens that stems from prototype contamination of the set function in the index.js file...

7.5CVSS7.2AI score0.00947EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/02/28 12:0 a.m.24 views

WordPress plugin GN Publisher 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.1CVSS6.7AI score0.0126EPSS
Exploits3References3
CNNVD
CNNVD
added 2023/02/25 12:0 a.m.24 views

Gogs 操作系统命令注入漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service from the GOGS team that supports creating and migrating public/private repositories, adding and removing repository collaborators, and more. An operating system command injection vulnerability exists in Gogs versions prior to...

9.8CVSS8.7AI score0.97839EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/02/16 12:0 a.m.24 views

Intel QATzip softwar 安全漏洞

Intel QATzip is a userspace library from Intel Corporation USA. Built on top of the Intel QuickAssist Technology userspace library, it provides extended accelerated compression. A security vulnerability exists in IntelR QATzip softwar versions prior to 1.0.9, which stems from incorrect access...

7.8CVSS7.3AI score0.00251EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.24 views

Microsoft PostScript Printer Driver 安全漏洞

Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft.Microsoft PCL6 Class Printer Driver is a printer driver from Microsoft. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft. A remote code execution...

8.8CVSS8AI score0.01289EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.24 views

Microsoft SQL Server 安全漏洞

Microsoft SQL Server is a large-scale commercial database system from Microsoft that is used on Microsoft Windows systems. A security vulnerability exists in Microsoft SQL Server. The following products and editions are affected:Microsoft SQL Server 2017 for x64-based Systems GDR,Microsoft SQL...

7.8CVSS7.8AI score0.00393EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/07 12:0 a.m.24 views

Dompdf 安全漏洞

Dompdf is an HTML to PDF converter. A security vulnerability exists in Dompdf, which stems from the fact that Dompdf does not filter for special input...

10CVSS8.3AI score0.0249EPSS
Exploits3References4
Total number of security vulnerabilities5000