Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/03/25 12:0 a.m.23 views

Maccms 跨站脚本漏洞

Maccms is a PHP-based film and television content management system CMS. v10 version of Maccms contains a cross-site scripting vulnerability, which originates from the lack of user-supplied data and output data validation filtering in the select and input parameters in...

6.1CVSS5.1AI score0.00557EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/03/23 12:0 a.m.23 views

HP 多款产品跨站脚本漏洞

HP Color LaserJet Pro and others are products of Hewlett-Packard HP in the U.S. HP Color LaserJet Pro is a line of color printers.HP PageWide Pro is a line of multifunction printers.HP LaserJet Printers is a line of... A security vulnerability exists in multiple HP products that stems from a lack...

6.1CVSS7.4AI score0.00695EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.23 views

Jenkins GitLab Authentication Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins GitLab Authentication Plugin ...

6.5CVSS5.7AI score0.00979EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.23 views

Apple macOS Big Sur缓冲区错误漏洞

Apple macOS Big Sur is a mobile application app from Apple USA. macOS Big Sur prior to version 11.6.5 A buffer error vulnerability exists that stems from a boundary error when processing binary files in AppleScript. A malicious application can trigger a buffer overflow and execute arbitrary code ...

7.8CVSS8.1AI score0.01235EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.23 views

DVDFab 路径遍历漏洞

DVDFab is a multimedia solution. A path traversal vulnerability exists in DVDFab 12 PlayerFab. The following products and versions are affected: DVDFab 12 from version 6.2.1.0 to 6.2.1.1, PlayerFab from version 7.0.0.0 to 7.0.0.5...

7.8CVSS7.3AI score0.13835EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.23 views

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google TensorFlow is vulnerable to an input validation error that stems from an integer overflow in the Range implementation, which could be exploited by an attacker to trigger undefined behavior or, in...

8.8CVSS5.7AI score0.00578EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.23 views

Google TensorFlow 资源管理错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google Tensorflow is vulnerable to resource management errors, which can be exploited by attackers to cause mismanagement of resources...

6.5CVSS5.6AI score0.00821EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/01/23 12:0 a.m.23 views

vditor 跨站脚本漏洞

vditor is a browser-based Markdown editor that supports WYSIWYG, on-the-fly rendering similar to Typora, and split-screen preview modes. vditor suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the web application. An attacker...

6.8CVSS5.3AI score0.00664EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/10/27 12:0 a.m.23 views

Adobe Premiere Elements 缓冲区错误漏洞

Adobe Premiere Elements is a video editing software application from Adobe. A memory buffer out-of-bounds access vulnerability exists in Adobe Premiere Elements 2021 build 19.0 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...

9.3CVSS6.4AI score0.0155EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/10/18 12:0 a.m.23 views

Vm2 安全漏洞

Vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. Vm2 suffers from a security vulnerability that stems from a vulnerability in package vm2 prior to 3.9.4. An attacker ca...

10CVSS9AI score0.03476EPSS
Exploits1References7
CNNVD
CNNVD
added 2021/10/15 12:0 a.m.23 views

stb 缓冲区错误漏洞

stb is a single-file public domain library for C/C ++. A buffer error vulnerability exists in stb version 2.26, which stems from a buffer overflow vulnerability in the stbiextendreceive function of the stbimage.h file in the software . An attacker can trigger the vulnerability via a crafted JPEG...

7.8CVSS7.5AI score0.01334EPSS
Exploits1References11
CNNVD
CNNVD
added 2021/10/07 12:0 a.m.23 views

IR615 Router 跨站脚本漏洞

The IR615 Router is a 4G industrial router from Rimu Technologies, China. IR615 Router has a cross-site scripting vulnerability that could be exploited to hijack user sessions connected to the system...

8.7CVSS4.9AI score0.00537EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/10/05 12:0 a.m.23 views

Red Hat Jboss Enterprise Application Platform 7 代码问题漏洞

Red Hat Jboss Enterprise Application Platform 7 Red Hat Jboss Eap 7 is a middleware platform built on open standards and compatible with the Java Ee 7 specification from Red Hat USA. A code issue vulnerability exists in Red Hat JBoss Enterprise Application Platform 7 Artemis that stems from the...

7.2CVSS8AI score0.01701EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/09/27 12:0 a.m.23 views

Nltk 代码问题漏洞

Nltk is a natural language toolkit. It is used to support research and development in natural language processing. A code issue vulnerability exists in nltk that stems from an error in certain regular expressions in the product. An attacker could cause a denial of service via this vulnerability...

7.5CVSS7.3AI score0.01649EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/09/09 12:0 a.m.23 views

GNU Mailman 访问控制错误漏洞

GNU Mailman is a free suite of software from the GNU community for managing e-mail discussions and e-mail lists. The software integrates with web projects to make it easy for users to manage email subscription accounts and provides built-in archiving, automatic forwarding processing, content...

5.5CVSS5.5AI score0.01176EPSS
Exploits1References10
CNNVD
CNNVD
added 2021/09/02 12:0 a.m.23 views

Apache Zeppelin 命令注入漏洞

Apache Zeppelin is a Web-based open source notebook application from the Apache Foundation. The application supports interactive data analysis and collaborative documentation. Apache Zeppelin 0.9.0 and earlier versions contain a command injection vulnerability that could be exploited by an attack...

10CVSS5.8AI score0.05747EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/08/25 12:0 a.m.23 views

GitLab 安全漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab CE/EE that stem...

5CVSS5.2AI score0.00505EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/08/17 12:0 a.m.23 views

Deamon Tools Pro 输入验证错误漏洞

Deamon Tools Pro is a simulation emulation software that facilitates the creation and installation of images. An input validation error vulnerability exists in Deamon Tools Pro. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor...

9.8CVSS7.7AI score0.01153EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.23 views

Huawei Smartphone 输入验证错误漏洞

Huawei Emui is an Android-based mobile operating system. Huawei Magic UI is the operating system for Honor phones. Huawei EMUI/Magic UI is vulnerable to an integer overflow vulnerability, which can be exploited by attackers to cause the execution of certain code...

9.8CVSS6.1AI score0.00787EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/27 12:0 a.m.24 views

OpenStack 输入验证错误漏洞

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA in collaboration with Rackspace in the United States. Openstack Nova suffers from an input validation error vulnerability that allows remote attackers to exploit the vulnerability ...

6.1CVSS7.2AI score0.26792EPSS
Exploits1References17
CNNVD
CNNVD
added 2021/07/20 12:0 a.m.23 views

Oracle Essbase 输入验证错误漏洞

Oracle Hyperion Essbase Administration Services is a robust, cross-platform graphical user interface that makes Essbase administration tasks easy to perform.Oracle Hyperion Essbase Administration Services 11.1.2.4. Release 21.2 contains a security vulnerability in the EAS Console component. An...

7.5CVSS8.3AI score0.01688EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/06/25 12:0 a.m.23 views

SAS Environment Manager 跨站脚本漏洞

SAS Environment Manager is a web-based management solution for SAS environments from SAS, Inc. A security vulnerability exists in SAS Environment Manager that stems from SAS Environment Manager 2.5 allowing XSS to pass through the Name field when creating an edit server. An attacker could exploit...

5.4CVSS5.9AI score0.00945EPSS
Exploits4References4
CNNVD
CNNVD
added 2021/05/24 12:0 a.m.23 views

Shopizer 跨站脚本漏洞

Shopizer is a Java open source e-commerce software. A cross-site scripting vulnerability exists in Shopizer versions prior to 2.17.0. A remote attacker can exploit this vulnerability by using the ref parameter to inject arbitrary Web script or HTML into a page about any product...

4.8CVSS5.5AI score0.02916EPSS
Exploits2References3
CNNVD
CNNVD
added 2021/05/10 12:0 a.m.23 views

NoneCMS 跨站脚本漏洞

NoneCMS is a simple and compact open-source content management system that can be used to quickly build corporate sites, personal blogs, and support mobile. A cross-site scripting vulnerability exists in admin/nav/add.html in NoneCMS version 1.3.0. Attackers can use the name parameter to inject...

5.4CVSS5.4AI score0.00791EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/04/26 12:0 a.m.23 views

LocalFilesEditor 数据伪造问题漏洞

LocalFilesEditor is a software application. Photobooth software for the web, built by an active community of users and developers. A security vulnerability exists in the LocalFilesEditor extension prior to version 11.4.0.1, which stems from a file parameter not being validated by proper regular...

7.5CVSS7.3AI score0.0062EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/04/15 12:0 a.m.23 views

Envoy 安全漏洞

Envoy is an open source distributed proxy server. Envoy suffers from a security vulnerability that can be exploited by attackers to cause a denial of service due to null references...

7.5CVSS5.7AI score0.01738EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/04/14 12:0 a.m.23 views

Pi-hole 操作系统命令注入漏洞

Pi-hole is a network-level ad-blocking application from Pi-hole, Inc. A security vulnerability exists in Pi-hole core 5.2.4, which originates in the Linux network-level ad and Internet tracking blocking application...

7.8CVSS7.4AI score0.01863EPSS
Exploits4References6
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.23 views

Microsoft Visual Studio Code 代码注入漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Visual Studio Code. A remote attacker can exploit this vulnerability to execute arbitrary code...

7.8CVSS7.9AI score0.04075EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/04/07 12:0 a.m.23 views

Fortinet FortiWeb 信息泄露漏洞

American Fita Fortinet was founded in October 2000, is committed to chip design, network communication speed, security and defense. A security vulnerability exists in Fortinet fortiweb, which can be exploited by an attacker to read the password used by the FortiWeb scanner to access devices defin...

6.5CVSS5.6AI score0.00963EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/03/26 12:0 a.m.23 views

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. BuddyPress has a security vulnerability prior to 5.0.0 and 7.2.1 that can be exploited by an attacke...

9CVSS5.7AI score0.13882EPSS
Exploits2References4
CNNVD
CNNVD
added 2021/03/18 12:0 a.m.23 views

Wordpress Modern Events Calendar Lite 代码问题漏洞

Wordpress Modern Events Calendar Lite is an open source application plugin for Wordpress. This plugin is the best tool for managing event websites. A code issue vulnerability exists in the WordPress Modern Events Calendar Lite plugin before 5.16.5, which stems from an arbitrary file upload that...

7.2CVSS7.5AI score0.88158EPSS
Exploits9References8
CNNVD
CNNVD
added 2021/01/07 12:0 a.m.23 views

NVIDIA GPU Display Driver Security Vulnerability

NVIDIA GPU Display Driver is a driver from NVIDIA Corporation that is used to provide interactive support for graphics card display modules in operating systems. A security vulnerability exists in NVIDIA GPU Display Driver that originates from improper access control leading to denial of service...

5.3CVSS6AI score0.00302EPSS
Exploits0References4
CNNVD
CNNVD
added 2020/11/23 12:0 a.m.23 views

MongoDB Security Vulnerabilities

MongoDB is a document-oriented database management system from the American company MongoDB. A security vulnerability exists in MongoDB, which originates from the possibility that a user authorized to perform a database query may issue a special query with a composite index that affects...

6.5CVSS6.2AI score0.01462EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

Vim 注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim prior to 9.2.0495 contained a vulnerability due to the netrw plugin. This vulnerability stemmed from the s:NetrwBookHistSave function in the netrw plugin, which inserted directory names derived from the...

8.8CVSS5.7AI score0.00219EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation for untrusted inputs, which could allow remote attackers to exploit the...

8.3CVSS5.4AI score0.0018EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

Google Chrome 缓冲区错误漏洞

Google Chrome Video is a component that handles video decoding and rendering, primarily used to support video playback in the Chrome browser on ChromeOS. The Google Chrome Video component has a security vulnerability. This vulnerability stems from an improper check of boundaries during video data...

6.5CVSS5.9AI score0.00236EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

WordPress plugin Product Filter by WBW SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.3CVSS5.8AI score0.0039EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios team, based on Promise a solution for asynchronous programming. Versions of Axios prior to 0.32.0 and 1.16.0 contain security vulnerabilities. These vulnerabilities stem from the Node.js HTTP adapter, which may forward the Proxy-Authorization...

8.2CVSS5.3AI score0.00664EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

VMware Spring Web Services 代码问题漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are code vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the use of...

8.6CVSS5.4AI score0.00383EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

VMware Spring Integration 路径遍历漏洞

VMware Spring Integration is an enterprise application integration framework developed by VMware, Inc. Versions 7.0.0 to 7.0.4, 6.5.0 to 6.5.8, 6.4.0 to 6.4.11, 6.3.0 to 6.3.14, and 5.5.0 to 5.5.20 of VMware Spring Integration have a path traversal vulnerability. This vulnerability arises due to...

7.1CVSS5.5AI score0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a resource management vulnerability, which stems from a problem with reusing resources after they are released in the Autofill component. A remote attacker can exploit this vulnerability to destroy the...

5.3CVSS6AI score0.00227EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.22 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities arise from the use of ServiceAccountName: fission-builder in the builder pod, without setting AutomountServiceAccountToken: fals...

4.9CVSS5.3AI score0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.22 views

bit7z 后置链接漏洞

bit7z is a file compression/uncompression tool developed by Riccardo as an individual project. Versions of bit7z prior to 4.0.12 had a post-installation link vulnerability. This vulnerability stemmed from the use of symbolic links during archive updates, allowing for arbitrary file overwriting...

6.1CVSS5.5AI score0.00125EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.22 views

kafka-python 安全漏洞

Kafka-Python is a distributed stream processing engine client library written entirely in Python by Dana Powers. Versions of Kafka-Python prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of boundary validation for the 4-byte frame length value in the...

8.7CVSS5.3AI score0.00348EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.22 views

Fission 路径遍历漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained a path traversal vulnerability. This vulnerability stemmed from the Unarchive function using filepath.Join to concatenate the archive entry name with the target directory,...

7.7CVSS5.3AI score0.00301EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.22 views

Roxy-WI 输入验证错误漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from the EscapedString verifier failing to properly prevent path...

8.1CVSS5.3AI score0.00304EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.22 views

Migration Planner UI SQL注入漏洞

The Migration Planner UI is an open-source migration planning front-end tool developed by KubeV2V. The Migration Planner UI has a SQL injection vulnerability. This vulnerability arises when a remotely authenticated attacker uploads a specially crafted RVTools .xlsx file. Due to improper input...

9.6CVSS5.8AI score0.00298EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.22 views

QNAP qts 异常处理不当漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. There are code-related vulnerabilities in QNAP Systems QTS and QNAP Systems QuTS hero, which stem from null pointer...

7.2CVSS5.9AI score0.00456EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.22 views

VMware Spring AMQP 安全特征问题漏洞

VMware Spring AMQP is a message queue integration framework developed by the American company VMware. There is a security vulnerability in VMware Spring AMQP, which stems from the use of a fixed reply queue ID in the RabbitTemplate.sendAndReceive method, making it predictable due to an internal...

4.4CVSS5.3AI score0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.22 views

Microsoft Visual Studio Code 日志信息泄露漏洞

Microsoft Visual Studio Code is an open-source code editor developed by the American company Microsoft. Microsoft Visual Studio Code has a vulnerability related to information leakage. Attackers can exploit this vulnerability to obtain sensitive information...

6.5CVSS6.6AI score0.00763EPSS
Exploits0References1
Total number of security vulnerabilities5000