Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2024/12/19 12:0 a.m.23 views

Xen 安全漏洞

Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. A security vulnerability exists in Xen that stems from th...

5.5CVSS5.9AI score0.00294EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/11 12:0 a.m.23 views

WordPress plugin Notibar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.3CVSS8.4AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/08 12:0 a.m.23 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a potential error problem caused by misuse of the smpprocessorid function...

5.5CVSS6.5AI score0.00189EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/19 12:0 a.m.23 views

RAGFlow 命令注入漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A command injection vulnerability exists in RAGFlow version 0.11.0, which stems from a lack of comprehensive input validation or cleanup, causing the addllm function in llmapp.py to contain a...

8.8CVSS9.3AI score0.01112EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/10/15 12:0 a.m.23 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in versions prior to Google Chrome 130.0.6723.58, which can be exploited by remote attackers to execute arbitrary code via a crafted HTML page...

8.8CVSS7.5AI score0.00413EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.23 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab versions 17.1 through 17.1.7, 17.2...

3.5CVSS6.7AI score0.00383EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.23 views

WordPress plugin LearnPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

10CVSS8.5AI score0.63134EPSS
Exploits6References6
CNNVD
CNNVD
added 2024/07/31 12:0 a.m.23 views

Homebrew 安全漏洞

Homebrew is a package manager in the Homebrew open source. A security vulnerability exists in Homebrew versions prior to 4.2.20, which stems from os/linux/elf.rb's use of ldd to load ELF files obtained from untrusted sources. An attacker can achieve code execution via an ELF file with a custom...

8.3CVSS7.3AI score0.00647EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/07/29 12:0 a.m.23 views

ImageMagick 安全漏洞

ImageMagick is a suite of open source image processing software from ImageMagick Open Source. It can read, convert or write images in many formats. A security vulnerability exists in ImageMagick version 7.11-35 and earlier versions. An attacker can execute arbitrary code by exploiting the...

7.8CVSS7.2AI score0.00926EPSS
Exploits2References7
CNNVD
CNNVD
added 2024/07/23 12:0 a.m.23 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that originates from memory reuse after release in User Education. An attacker can exploit the vulnerability to execute arbitrary code on the system...

8.8CVSS8AI score0.00517EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/07/15 12:0 a.m.23 views

Openfind Mail2000 Cross-Site Scripting Vulnerability

Openfind Mail2000 is a Web-based email system from China's Openfind. A cross-site scripting vulnerability exists in Openfind Mail2000, which originates from not properly validating email attachments, allowing an unauthenticated, remote attacker to inject JavaScript code into the attachments and...

6.1CVSS6.2AI score0.00502EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/06/14 12:0 a.m.23 views

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from a directory traversal vulnerability that could overwrite or place new files on the multifunction device if the multifunction device...

8.8CVSS7AI score0.0074EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.23 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the use of kfree to free memory instead of kvfree...

5.5CVSS5.1AI score0.0018EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.23 views

GitLab CE/EE 资源管理错误漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community edition of GitLab. A resource management error vulnerability exists in GitLab CE/EE. An attacker could u...

6.5CVSS6.2AI score0.00768EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/06 12:0 a.m.23 views

HSC Cybersecurity HC Mailinspector 路径遍历漏洞

HSC Cybersecurity HC Mailinspector is a cloud email security solution from HSC Cybersecurity. A path traversal vulnerability exists in HSC Cybersecurity HC Mailinspector versions 5.2.17-3 through v.5.2.18, which stems from an unauthenticated path traversal vulnerability in /public/loader.php, whe...

8.6CVSS9AI score0.06699EPSS
Exploits5References2
CNNVD
CNNVD
added 2024/04/26 12:0 a.m.23 views

Veritas Technologies Backup Exec 安全漏洞

Veritas Technologies Backup Exec is a powerful suite of data backup recovery tools from Veritas Technologies, USA. With a web-based management console and an intuitive graphical user interface with easy-to-use wizards, the software simplifies the installation process and improves manageability...

7.7CVSS6.7AI score0.00167EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/12 12:0 a.m.23 views

WordPress Plugin Post Views Counter 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

4.3CVSS8.4AI score0.002EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.23 views

Honeywell MPA2 Access Panel Security Vulnerability

The Honeywell MPA2 Access Panel is a hardware device for access control systems from Honeywell USA. A security vulnerability exists in Honeywell MPA2 Access Panel versions prior to R1.00.08.05 that stems from a cross-site scripting vulnerability that allows the use of invalid characters...

8.1CVSS6.1AI score0.00372EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/14 12:0 a.m.23 views

F5 Nginx Resource Management Error Vulnerability

F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5, Inc. distributed under the BSD-like protocol. A security vulnerability exists in F5 Nginx Plus versions R30 and R31, which stems from an undisclosed request that could cause an NGINX worker process...

7.5CVSS8.4AI score0.00914EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/01/04 12:0 a.m.23 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a heap buffer overflow vulnerability that is caused by incorrect boundary checking in ANGLE. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause the application to...

8.8CVSS8AI score0.10114EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/12/18 12:0 a.m.23 views

WordPress Plugin Quantity Plus Minus Button for WooCommerce by CodeAstrology Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Quantity Plus Minus Button...

8.8CVSS6.5AI score0.00288EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.23 views

Zoom VDI Client Security Vulnerability

Zoom VDI Client is a server-based computing model client from Zoom USA that allows you to deliver desktop images to endpoint devices over a network. A security vulnerability exists in Zoom. An attacker has exploited the vulnerability to perform privilege escalation via network access. The followi...

8.8CVSS7AI score0.00991EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.23 views

Microsoft XAML Diagnostics Security Vulnerability

Microsoft XAML Diagnostics is a set of tools from Microsoft Corporation USA that help developers analyze and debug the user interface of XAML-based applications. A security vulnerability exists in Microsoft XAML Diagnostics. An attacker could exploit the vulnerability to elevate privileges. The...

7.3CVSS8.9AI score0.02822EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.23 views

Searchor Security Breach

Searchor is an all-in-one PyPi Python library by Arjun Sharda, an individual developer. It simplifies web crawling, fetching topic information, and generating search query URLs. A security vulnerability exists in Searchor prior to version 2.4.2, which is caused by a code execution vulnerability i...

9.8CVSS7.4AI score0.02565EPSS
Exploits3References6
CNNVD
CNNVD
added 2023/12/11 12:0 a.m.23 views

Apple macOS Sonoma Security Vulnerability

Apple macOS Sonoma is a desktop operating system by Apple Inc. A security vulnerability exists in Apple macOS Sonoma version 14.2, which can be exploited to display secure text fields via a secondary keyboard when using a physical keyboard...

2.4CVSS4.4AI score0.00327EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.23 views

Mitsubishi Electric GX Works2 输入验证错误漏洞

The Mitsubishi Electric GX Works2 is a programmable controller from Mitsubishi Electric Japan. The Mitsubishi Electric GX Works2 suffers from an input validation error vulnerability that can be exploited by an attacker to cause a denial of service for certain functions by sending specially crafte...

4.7CVSS6.6AI score0.00271EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/16 12:0 a.m.23 views

Adobe Acrobat Reader 安全漏洞

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. A security vulnerability exists in Adobe Acrobat Reader version 23.006.20360 and earlier and version 20.005.30524 and earlier, which can be exploited by an attacker ...

7.8CVSS7AI score0.04907EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/07 12:0 a.m.23 views

WordPress Plugin UpdraftPlus Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

5.4CVSS6.7AI score0.00218EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/10/19 12:0 a.m.23 views

WordPress plugin Booster for WooCommerce cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6.7AI score0.00478EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/10/17 12:0 a.m.23 views

Open Journal Systems Cross-Site Request Forgery Vulnerability

Open Journal Systems OJS is an open source system for managing peer-reviewed academic journals. A cross-site request forgery vulnerability exists in Open Journal Systems versions prior to 3.3.0-16 that stems from the presence of a cross-site request forgery CSRF vulnerability...

8.8CVSS6.7AI score0.00264EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.23 views

WordPress plugin Popup Builder Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...

5.3CVSS6.2AI score0.03862EPSS
Exploits4References4
CNNVD
CNNVD
added 2023/10/03 12:0 a.m.23 views

IDM Sistemas QSige SQL Injection Vulnerability

IDM Sistemas QSige is a communication management system from IDM Sistemas. A security vulnerability exists in IDM Sistemas QSige that stems from a web application that does not properly filter input parameters, resulting in SQL injection, DoS, or information disclosure...

8.8CVSS7.2AI score0.00493EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/03 12:0 a.m.23 views

WordPress Plugin Banner Management For WooCommerce Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

6.5CVSS6.5AI score0.00191EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.23 views

WordPress plugin bridge-core cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.1CVSS6AI score0.00323EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.23 views

Jumpserver Code Injection Vulnerability

Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. JumpServer suffers from a code injection vulnerability that originates from an authenticated user who can execute arbitrary commands using a vulnerability in a MongoDB session, leading to...

9.9CVSS8.6AI score0.01716EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.23 views

pimcore Security Vulnerabilities

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A security vulnerability exists in pimcore dem...

6.5CVSS6.5AI score0.00783EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/09/22 12:0 a.m.23 views

JeecgBoot SQL Injection Vulnerability

JeecgBoot is a Chinese Java low-code platform for enterprise web applications. JeecgBoot jeecg-boot versions 3.0 and 3.5.3 are vulnerable to a SQL injection vulnerability that stems from the presence of a SQL injection vulnerability. An attacker can exploit this vulnerability to execute arbitrary...

9.8CVSS8.6AI score0.01841EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/06 12:0 a.m.23 views

Electron Code Issues Vulnerabilities

Electron is a personal developer of a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium and can be used to write cross-platform desktop applications using HTML, CSS. A code issue vulnerability exists in Electron. An attacker can...

8.5CVSS7AI score0.0049EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/29 12:0 a.m.23 views

SpringBlade SQL注入漏洞

Breed Network Technology SpringBlade is a set of microservice development platform from China Breed Network Technology. A security vulnerability exists in SpringBlade version V3.6.0, which stems from a SQL injection when executing a SQL query, where the parameters submitted by the user are not...

9.8CVSS8.6AI score0.19377EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/08/24 12:0 a.m.23 views

Gerbv 缓冲区错误漏洞

Gerbv is a Gerber file Rs-274X only viewer. It is used to view Rs-274X Gerber files, Excellon drill files and Pick-N-Place files. A security vulnerability exists in Gerbv versions 2.4.0 and 2.10.0, which originated when a user with control over file input could cause a crash and denial of service...

5.5CVSS7.2AI score0.00308EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/08/23 12:0 a.m.23 views

Hitachi EH-VIEW 缓冲区错误漏洞

Hitachi EH-VIEW is a data visualization and analytics platform from Hitachi, Japan, focused on helping organizations turn data into actionable insights. The goal of this platform is to help organizations better understand their data through visualization, analytics, and reporting tools to make mo...

7.8CVSS7.9AI score0.00182EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/04 12:0 a.m.23 views

Omeka S Cross-Site Scripting Vulnerability

Omeka S is an open source web content management system CMS from Omeka, Inc. that specializes in creating and managing digital exhibitions and online digital archives. It is a new version of the Omeka project, and unlike the traditional Omeka Classic, Omeka S emphasizes multi-user collaboration a...

6.4CVSS6AI score0.00402EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/07/27 12:0 a.m.23 views

WordPress Plugin WpStream – Live Streaming, Video on Demand, Pay Per View 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WpStream -...

8.8CVSS7.8AI score0.00209EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/20 12:0 a.m.23 views

OpenAM 授权问题漏洞

OpenAM is an all-in-one access management solution organized by the OpenAM Consortium. It provides authentication, authorization, delegation and federation capabilities. An authorization issue vulnerability exists in Open Access Management OpenAM versions 14.7.2 and earlier, which stems from an...

9.8CVSS8.4AI score0.01022EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/07/13 12:0 a.m.23 views

Unitronics Vision1210 安全漏洞

The Unitronics Vision1210 is a PLC controller with an embedded HMI panel from Unitronics. A security vulnerability exists in the Unitronics Vision1210 that stems from the presence of an embedded malicious code vulnerability that could allow a remote attacker to store malicious code in the device'...

9.8CVSS8.4AI score0.00907EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/27 12:0 a.m.23 views

WordPress plugin KiviCare Management System 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS6.4AI score0.00247EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/06/23 12:0 a.m.23 views

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform. An attacker could use this vulnerability to inject Javascript code into a page by forging a URL and trigger a cross-site...

9.6CVSS6AI score0.02081EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/06/22 12:0 a.m.23 views

Livebook 操作系统命令注入漏洞

Livebook is a web application for writing interactive and collaborative code notebooks. Livebook suffers from an operating system command injection vulnerability that originates from allowing an attacker to execute arbitrary commands using Desktop's protocol handler. Affected products and version...

9.8CVSS9AI score0.00979EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/06/13 12:0 a.m.23 views

Siemens CP-8031 安全漏洞

The SICAM A8000 RTUs Remote Terminal Units series is a modular device family for remote control and automation applications in all areas of energy supply. A security vulnerability exists in the Siemens SICAM A8000 Devices CPCI85 Firmware, which can be exploited by an attacker to attempt to...

6.8CVSS7AI score0.00394EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/05/22 12:0 a.m.23 views

GPAC 安全漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in GPAC versions prior to 2.2.2 that stems from the presence of a stack-based buffer overflow...

5.5CVSS7.4AI score0.00387EPSS
Exploits1References5
Total number of security vulnerabilities5000