Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2023/05/09 12:0 a.m.23 views

Ivanti Avalanche 代码问题漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A code issue vulnerability exists in Ivanti Avalanche version 6.3.x and prior versions, which stems from a failure ...

7.2CVSS7.2AI score0.84697EPSS
Exploits3References4
CNNVD
CNNVD
added 2023/05/05 12:0 a.m.23 views

Apache Ranger 安全漏洞

Apache Ranger is a set of architectures from the U.S.-based Apache Foundation that implements comprehensive security measures for Hadoop clusters. The product provides centralized security policy management for core enterprise security requirements such as authorization, billing and data...

8.1CVSS7.7AI score0.00918EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/23 12:0 a.m.23 views

WordPress Plugin Electric Studio Client Login 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/23 12:0 a.m.23 views

WordPress Plugin Sitemap Index 1.2.3及 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

5.9CVSS6.4AI score0.00397EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.23 views

Microsoft PostScript Printer Driver 安全漏洞

Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft.Microsoft PCL6 Class Printer Driver is a printer driver from Microsoft. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft. A remote code execution...

8.8CVSS9.6AI score0.0164EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.23 views

svelte 跨站请求伪造漏洞

svelte is a new way to build web applications from Svelte Open Source. A security vulnerability exists in svelte Kit versions prior to 1.15.1, which originates from bypassing protection by specifying a different "Content-Type" header value. An attacker could exploit the vulnerability to perform...

8.8CVSS8AI score0.00557EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.23 views

WordPress Plugin AI ChatBot 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS5AI score0.00421EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/23 12:0 a.m.23 views

Cisco SD-WAN vManage Software 跨站请求伪造漏洞

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A security vulnerability exists in Cisco SD-WAN vManage Software due to insufficient CSRF protection in the web-based management interface on affected systems...

8.1CVSS7.7AI score0.00261EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.23 views

MGT-COMMERCE CloudPanel 信任管理问题漏洞

MGT-COMMERCE CloudPanel is a free solution from MGT-COMMERCE Open Source. It is designed to ease the burden of managing self-hosted Linux servers. A security vulnerability exists in MGT-COMMERCE CloudPanel version 2.2.0, which stems from the fact that the system comes with a static SSL certificat...

8.1CVSS7.6AI score0.00599EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/14 12:0 a.m.23 views

WordPress Plugin DH – Anti AdBlocker 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin DH - Anti AdBlocker A...

8.8CVSS7.8AI score0.00276EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/28 12:0 a.m.23 views

WordPress plugin Participants Database 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS5.1AI score0.00231EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/23 12:0 a.m.23 views

Opennms Group OpenNMS 跨站脚本漏洞

Opennms Group OpenNMS is an open source, enterprise-class network monitoring and network management platform from Opennms Group, Inc. A security vulnerability exists in Opennms Group OpenNMS Meridian, Horizon, which stems from a cross-site scripting XSS vulnerability in graph results that can be...

6.7CVSS5.9AI score0.00442EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.23 views

Microsoft 3D Builder 安全漏洞

Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...

7.8CVSS6.8AI score0.00657EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.23 views

ownCloud 路径遍历漏洞

ownCloud is a personal cloud storage solution from the US-based company ownCloud. A security vulnerability exists in ownCloud Android versions prior to 3.0, which stems from an information leak when uploading internal files...

5CVSS5AI score0.00524EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/02/07 12:0 a.m.23 views

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from TYPO3 Association in Switzerland. A cross-site scripting vulnerability exists in TYPO3. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement...

8.8CVSS6.6AI score0.00831EPSS
Exploits1References8
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.23 views

RushBet 跨站脚本漏洞

RushBet is a suite of betting sites from RushBet, Inc. A security vulnerability exists in RushBet version 2022.23.1-b490616d that stems from not properly validating incoming data. An attacker exploited the vulnerability to steal customer accounts through the use of a malicious application...

5.4CVSS5.8AI score0.00566EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/01/01 12:0 a.m.23 views

Twake 跨站脚本漏洞

Twake is a secure open source collaboration platform open sourced by LINAGORA that improves organizational productivity. Twake suffers from a cross-site scripting vulnerability that originates from the presence of XSS in the integration URL in linagora/twake, which allows javascript to be execute...

5.7CVSS5.2AI score0.40916EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.23 views

Alpine 安全漏洞

Alpine is an email program. A security vulnerability exists in versions of Alpine prior to 1.10.4, which stems from a vulnerability that allows bypassing URL access filters...

7.5CVSS7.2AI score0.0084EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/18 12:0 a.m.23 views

luckyshot CRMx SQL注入漏洞

CRMx is a super flexible micro CRM system from the individual developer Xavi Esteve. A security vulnerability exists in luckyshot CRMx that stems from an incorrect operation leading to sql injection...

9.8CVSS8.3AI score0.00468EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.23 views

Microsoft Azure 安全漏洞

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Azure. No information about this vulnerability is available at this time, so stay tuned to CNNVD or vendor announcements...

5.5CVSS7AI score0.00449EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/28 12:0 a.m.23 views

SAML 授权问题漏洞

SAML is a library for Ross Kinder individual developers that contains a partial implementation of the saml standard in golang. That is, it allows third parties to authenticate your users, or allows third parties to rely on us to authenticate their users. There is an authorization issue...

9.8CVSS7.5AI score0.02179EPSS
Exploits0References13
CNNVD
CNNVD
added 2022/10/27 12:0 a.m.23 views

Advantech R-SeeNet 缓冲区错误漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet 2.4.17 and previous versions have a security vulnerability that can be exploited to...

9.8CVSS7.9AI score0.01202EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/05 12:0 a.m.23 views

Cisco Enterprise NFV Infrastructure Software 数据伪造问题漏洞

Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from Cisco. The platform enables full lifecycle management of virtualized services through a central orchestrator and controller. Cisco Enterprise NFV Infrastructure Software is vulnerable to a...

7.8CVSS7.4AI score0.00188EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/30 12:0 a.m.23 views

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel version 5.19.12 and earlier versions, which stems from the presence of a race condition in...

4.2CVSS6.3AI score0.0025EPSS
Exploits0References11
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.23 views

SAMSUNG TizenRT 安全漏洞

TizenRT is an application system. A lightweight RTOS-based platform that supports low-end IoT devices. SAMSUNG TizenRT suffers from a security vulnerability that originates in l2packetreceivetimeout in wpasupplicant/src/l2packet/l2packetpcap.c Missing checking of the return value of pcapdispatch,...

7.5CVSS7.3AI score0.01168EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/09/27 12:0 a.m.23 views

dlt-daemon 缓冲区错误漏洞

Dlt-daemon is the DLT communication interface for Genivia's ECU. It collects and buffers log messages from one or more DLT users running on the ECU and makes them available to DLT clients upon request. A buffer overflow vulnerability exists in Genivia Dlt-daemon 2.18.8 and prior versions, which...

5.5CVSS7.2AI score0.00417EPSS
Exploits3References6
CNNVD
CNNVD
added 2022/09/02 12:0 a.m.23 views

Binary 资源管理错误漏洞

Binary is a library by the individual developers of gagliardetto. It is used for encoding/decoding Borsh and other formats. A security vulnerability exists in Binary versions prior to 0.7.1. An attacker exploited the vulnerability to allocate slices in memory with arbitrarily oversized values,...

8.8CVSS7.5AI score0.00941EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/08/10 12:0 a.m.23 views

Intel Active Management Technology 安全漏洞

Intel Active Management Technology AMT is a suite of hardware-based remote active management technology software for computers from Intel Corporation. Intel Active Management Technology , Standard Manageability A security vulnerability exists in versions prior to August 9, 2022, which stems from...

9.8CVSS8.3AI score0.00779EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/05 12:0 a.m.23 views

Michlol Solutions rashim web interface 操作系统命令注入漏洞

Michlol Solutions rashim web interface is a web interface from Michlol Solutions. An operating system command injection vulnerability exists in the Michlol Solutions rashim web interface prior to version 187.4392, which stems from an insecure direct object reference IDOR in the web interface that...

6.3CVSS5.9AI score0.00321EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/28 12:0 a.m.23 views

Automattic Mongoose 安全漏洞

Automattic Mongoose is a MongoDB object modeling tool for asynchronous environments. A security vulnerability exists in Automattic Mongoose versions prior to 6.4.6, which stems from the Schema.path function being susceptible to prototype contamination when setting up schema objects, which can be...

9.8CVSS7.1AI score0.32676EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.23 views

Jenkins Plugin Deployer Framework 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.00486EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/22 12:0 a.m.23 views

TZInfo 安全漏洞

TZInfo is a Ruby timezone library. A security vulnerability exists in TZInfo that stems from its susceptibility to relative path traversal causing TZInfo::Timezone.get to load arbitrary files. The following versions are affected: 0.3.60 and earlier, 1.0.0 through 1.2.9 only when used with the Rub...

8.1CVSS7.1AI score0.01786EPSS
Exploits1References16
CNNVD
CNNVD
added 2022/07/07 12:0 a.m.23 views

Hyperledger Fabric 输入验证错误漏洞

Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used to develop solutions and applications. Hyperledger Fabric suffers from an input validation error vulnerability that stems from incorrect validation of inputs in a consensus request, which could be exploited by a...

7.5CVSS7.2AI score0.01937EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/06 12:0 a.m.23 views

MediaTek 芯片缓冲区错误漏洞

MediaTek Inc. is the world's fourth largest fab-based semiconductor company and a leader in the markets of mobile terminals, smart home applications, wireless connectivity and Internet of Things IoT products, with approximately 1.5 billion units of end products with built-in MediaTek chips hittin...

6.7CVSS5.6AI score0.00106EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/29 12:0 a.m.23 views

KDDI HOME SPOT CUBE2 操作系统命令注入漏洞

KDDI HOME SPOT CUBE2 is a home wireless router from KDDI Japan. KDDI HOME SPOT CUBE2 is vulnerable to an operating system command injection vulnerability, which stems from data received from a DHCP server not being processed properly. An attacker could use this vulnerability to execute arbitrary...

8.8CVSS6.2AI score0.00939EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.23 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...

6.5CVSS7.7AI score0.00248EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.23 views

Advantech iView SQL注入漏洞

Advantech Iview is a Simple Network Protocol SNMP based software from Advantech, China, for managing B B SmartWorx devices. information...

8.1CVSS5.4AI score0.00758EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.23 views

semver-regex 安全漏洞

npm semver-regex is a regular expression used to match semver versions. semver-regex versions prior to 3.1.4 and versions 4.0.0 inclusive through 4.0.2 have a denial of service vulnerability that stems from not properly handling incoming error messages, which can be exploited to cause a denial of...

7.5CVSS5.7AI score0.01455EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/05/25 12:0 a.m.23 views

HashiCorp go-getter 命令注入漏洞

HashiCorp go-getter is a library for Go golang from HashiCorp, Inc. that is used to download files or directories from various sources using URLs as the primary form of input. A command injection vulnerability exists in HashiCorp go-getter version 2.0.2 and prior versions, which stems from the...

8.6CVSS7AI score0.03054EPSS
Exploits0References24
CNNVD
CNNVD
added 2022/05/19 12:0 a.m.23 views

Arm Mali GPU Kernel Driver 资源管理错误漏洞

Arm Mali GPU Kernel Driver is a driver for a graphics processor unit from Arm UK. A security vulnerability exists in the Arm Mali GPU Kernel Driver, which can be exploited by an attacker to perform incorrect CPU memory operations, resulting in reuse after release. The following products and...

10CVSS8.2AI score0.01357EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/11 12:0 a.m.23 views

Siemens Teamcenter 代码问题漏洞

Siemens Teamcenter is a product lifecycle management computer software application from Siemens, Germany. Siemens Teamcenter contains a security vulnerability that could be exploited by attackers to view files on the application server file system...

7.5CVSS7.3AI score0.00964EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/04 12:0 a.m.23 views

F5 BIG-IP 资源管理错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. F5 BIG-IP is vulnerable to resource management errors, which can be exploited by attackers to cause service degradation,...

5.3CVSS5.8AI score0.0083EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/05/01 12:0 a.m.23 views

yii-helpers 安全漏洞

yii-helpers is a set of helper classes for the Yii framework, used as LUYA helpers. A security vulnerability exists in the GitHub library luyadev/yii-helpers prior to version 1.2.1, which can be exploited by an attacker to cause effects such as client-side command injection, code execution, or...

8CVSS7.6AI score0.0234EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/05/01 12:0 a.m.23 views

CSV-Safe gem 安全漏洞

The CSV-Safe gem is a library to prevent CSV injection attacks. A security vulnerability exists in versions of the CSV-Safe gem prior to 3.0.0 that stems from not however filtering out special characters that could trigger CSV injection...

9.8CVSS7.7AI score0.01679EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/04/29 12:0 a.m.23 views

Libmobi 缓冲区错误漏洞

Libmobi is a C library . It is used to process documents in the Mobipocket/Kindle MOBI e-book format. A security vulnerability exists in Libmobi versions prior to 0.11, which stems from a buffer error that can be exploited by an attacker to cause arbitrary code execution...

7.8CVSS7.4AI score0.00395EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/04/18 12:0 a.m.23 views

WordPress plugin Caldera Forms跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. cross-site scripting vulnerability exists in versions prior to WordPress plugin Caldera Forms 1.9.7. The vulnerability stems from the plugin's failure to validate and escape cf-api parameters before outputting them back to the...

6.1CVSS4.8AI score0.01195EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/04/18 12:0 a.m.23 views

WordPress和WordPress plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Easy Digital Downloads plugin is vulnerable to cross-site request forgery, which originates from Ea...

4.3CVSS5.7AI score0.00469EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.23 views

Micro Focus Operations Bridge Manager 安全漏洞

Micro Focus Operations Bridge Manager is a software application from Micro Focus UK. It provides a monitoring function. A security vulnerability exists in Micro Focus Operations Bridge containerized, which can be exploited by unauthenticated attackers to conduct remote code execution...

9.8CVSS8.8AI score0.01882EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.23 views

WordPress plugin Anti-Malware Security and Brute-Force Firewall 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. WordPress plugin Anti-Malware Security and Brute-Force Firewall is vulnerable to cross-site scripting. The...

6.1CVSS4.5AI score0.03013EPSS
Exploits4References5
CNNVD
CNNVD
added 2022/03/25 12:0 a.m.23 views

Maccms 跨站脚本漏洞

Maccms is a PHP-based film and television content management system CMS. v10 version of Maccms contains a cross-site scripting vulnerability, which originates from the lack of user-supplied data and output data validation filtering in the select and input parameters in...

6.1CVSS5.1AI score0.00557EPSS
Exploits1References3
Total number of security vulnerabilities5000