Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2023/11/22 12:0 a.m.22 views

WordPress Plugin WooCommerce Product Carousel Slider Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6AI score0.0039EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/11/14 12:0 a.m.22 views

Intel Simics Simulator Security Vulnerability

Intel Simics Simulator is a full-system simulator from Intel Corporation USA. A security vulnerability exists in Intel Simics Simulator. An attacker exploiting this vulnerability could cause an elevation of privilege...

7.8CVSS6.7AI score0.00177EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/20 12:0 a.m.22 views

VMware Workstation Buffer Error Vulnerability

VMware Workstation is a set of virtual machine software from VMware. The software provides the ability to run multiple virtual machines with different operating systems at the same time. A security vulnerability exists in VMware Workstation version 17.x prior to 17.5, which stems from an...

7.1CVSS6.2AI score0.00204EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.22 views

WordPress Plugin Stout Google Calendar Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Stout Goog...

8.8CVSS6.6AI score0.00214EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.22 views

WordPress Plugin sis-handball Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS6.5AI score0.00201EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/03 12:0 a.m.22 views

WordPress Plugin wp-tell-a-friend-popup-form Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS6.5AI score0.00208EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/21 12:0 a.m.22 views

EVE OS Security Vulnerability

EVE OS is a general-purpose, open Linux-based operating system for distributed edge computing open-sourced by IF Edge. EVE OS suffers from a security vulnerability that stems from the Pillar eve container allowing an attacker to add their own key and gain full control of the system...

8.8CVSS6.9AI score0.00159EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/20 12:0 a.m.22 views

EVE OS Data Forgery Issue Vulnerability

EVE OS is a general-purpose, open Linux-based operating system for distributed edge computing open-sourced by IF Edge. EVE OS suffers from a security vulnerability that stems from the fact that the MEASURED boot mechanism does not validate the entire rootfs, leading to an attacker being able to...

8.8CVSS6.9AI score0.00125EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/19 12:0 a.m.22 views

NVIDIA DGX Security Vulnerability

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A security vulnerability exists in the NVIDIA DGX H100 BMC, which stems from a security flaw in IPMI that can be exploited by attackers to cause code execution, denial of service, privilege escalation, and...

9.8CVSS7AI score0.00444EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/23 12:0 a.m.22 views

WordPress plugin Easy Hide Login 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS6.4AI score0.00396EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/10 12:0 a.m.22 views

WordPress plugin Leyka cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS6AI score0.00338EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/17 12:0 a.m.22 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from allowing low-privileged users to access out-of-privilege content...

4.3CVSS5.2AI score0.00297EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/13 12:0 a.m.22 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in Gitlab CE/EE that stems from allowing...

4.3CVSS5.1AI score0.00473EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.22 views

UNISOC Chipsets 安全漏洞

UNISOC Chipsets are chipsets from China's Zilight Spreadtrum UNISOC. A security vulnerability exists in some unisoc products, which stems from a lack of privilege checking in the fastDial service, leading to local information leakage. The following products are affected:...

5.5CVSS5.7AI score0.00099EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/04 12:0 a.m.22 views

部分MediaTek芯片 缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in some of the MediaTek chips, which stems from an out-of-bounds write due to an integer overflow in the keyinstall that may result in a local privilege escalation...

6.7CVSS6.6AI score0.00108EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.22 views

WordPress plugin Brizy Page Builder 数据伪造问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.8AI score0.00295EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/08 12:0 a.m.22 views

Mozilla Firefox 输入验证错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 114, which stems from a site isolation bypass that allows open redirects to data on the site...

6.1CVSS7.7AI score0.00413EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/05/19 12:0 a.m.22 views

Mitsubishi Electric Corporation MELSEC WS 安全漏洞

The Mitsubishi Electric Corporation MELSEC WS Series is a programmable logic controller from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric Corporation MELSEC WS WS0-GETH00200, which originates from a vulnerability that could allow an unauthenticated, remote...

8.6CVSS8AI score0.01132EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/05/12 12:0 a.m.22 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost. An attacker exploited the vulnerability to elevate privileges to system administrator privileges...

8.8CVSS8AI score0.00469EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/10 12:0 a.m.22 views

Western Digital My Cloud OS 代码问题漏洞

Western Digital My Cloud is a personal cloud storage device from Western Digital. A code issue vulnerability exists in Western Digital My Cloud OS 5 prior to version 5.26.202, which stems from the presence of a server-side request forgery SSRF vulnerability...

5.5CVSS5.8AI score0.00142EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/05/03 12:0 a.m.22 views

Django 输入验证错误漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. Django has a security vulnerability that stems from the ability to bypass authentication when...

9.8CVSS6.9AI score0.0138EPSS
Exploits0References13
CNNVD
CNNVD
added 2023/05/02 12:0 a.m.22 views

Wordpress Plugin Mail Subscribe List 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.1CVSS4.8AI score0.00571EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/26 12:0 a.m.22 views

Bare Metal Operator 信息泄露漏洞

Bare Metal Operator is an open source application from Metal³ that uses the Kubernetes API to manage bare metal hosts. An information disclosure vulnerability exists in Bare Metal Operator versions prior to 0.3.0, which stems from the presence of plaintext username and hashed password disclosure...

6CVSS5.8AI score0.00191EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.22 views

Oracle MySQL 安全漏洞

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized MySQL connector hangs or frequent and repeated crashes, as well as unauthorized update, insert, or delete acces...

5.3CVSS5.6AI score0.01286EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.22 views

Siemens Mendix 安全漏洞

Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment and iteration. An information disclosure vulnerability exists in the Siemens Mendix Forgot Password module. The vulnerability stems from the fact that the...

5.3CVSS6.1AI score0.00458EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.22 views

Foreman 代码注入漏洞

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides service provisioning, configuration management, and status reporting. A security vulnerability exists in Foreman that originates from allowing an administrator user to set global parameters...

9.1CVSS8.7AI score0.00961EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/03/17 12:0 a.m.22 views

Medicine Tracker System 跨站脚本漏洞

Medicine Tracker System is a drug tracking system by the individual developer Carlo Montero. A cross-site scripting vulnerability exists in Medicine Tracker System. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this...

6.1CVSS4.9AI score0.00388EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/13 12:0 a.m.22 views

Wondershare Dr.Fone 安全漏洞

Wondershare Dr. Fone is a mobile device toolkit software from China Wondershare Technology Wondershare. The software provides applications, transfer data, contacts, messages and other auxiliary functions for the device. A security vulnerability exists in Wondershare Dr.Fone v12.9.6. An attacker...

7.8CVSS7.4AI score0.01016EPSS
Exploits4References5
CNNVD
CNNVD
added 2023/03/07 12:0 a.m.22 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from unhidden Google IAP...

6.4CVSS5.6AI score0.0069EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/03/06 12:0 a.m.22 views

Directus 跨站脚本漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A cross-site scripting vulnerability exists in Directus versions prior to 9.23.0 that stems from vulnerability to HTML injection attacks...

8CVSS6.3AI score0.00531EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/03/02 12:0 a.m.22 views

GitHub Enterprise Server 代码注入漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.8.0...

8.8CVSS8.1AI score0.00839EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/02/25 12:0 a.m.22 views

ZoneMinder 安全漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, among others. A security vulnerability exists in ZoneMinder versions prior to 1.36.33 and prior to 1.37.33, which stems from the presence of an unauthenticated remote code execution vi...

9.8CVSS9AI score0.80462EPSS
Exploits11References3
CNNVD
CNNVD
added 2023/02/16 12:0 a.m.22 views

Ricoh MP C4504ex 安全漏洞

The Ricoh MP C4504ex is a printer from Ricoh Japan. A security vulnerability exists in the Ricoh MP C4504ex version 1.06, which stems from an incorrect processing credentials flow...

9.1CVSS8.2AI score0.00536EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/15 12:0 a.m.22 views

Adobe FrameMaker 缓冲区错误漏洞

Adobe Framemaker is a set of page layout software for writing and editing large or complex documents including structured documents from Adobe. Adobe FrameMaker has an out-of-bounds write vulnerability that can be exploited by attackers to cause arbitrary code execution...

7.8CVSS7.9AI score0.00302EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.22 views

Microsoft .NET Framework 安全漏洞

Microsoft .NET Framework is a comprehensive and consistent programming model from Microsoft Corporation USA and a development platform. The platform includes the C and Visual Basic programming languages, a public language runtime library, and an extensive class library. A security vulnerability...

5CVSS6.7AI score0.00917EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.22 views

WordPress plugin WP TripAdvisor Review Slider SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists i...

8.8CVSS8.2AI score0.04356EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/02/10 12:0 a.m.22 views

modoboa 安全漏洞

modoboa is an email hosting and management platform for individual developers. A security vulnerability exists in versions prior to modoboa 2.0.4. An attacker can bypass authentication by exploiting the vulnerability...

9.8CVSS8AI score0.15088EPSS
Exploits4References5
CNNVD
CNNVD
added 2023/01/28 12:0 a.m.22 views

OpenMage Magento Lts 安全漏洞

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A security vulnerability exists in OpenMage LTS versions prior to 19.4.22, 20.0.19 and prior to 20.0.19, which stems from the inclusion of an infinite loop in the malicious code filter...

7.5CVSS7.3AI score0.00986EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/01/09 12:0 a.m.22 views

debug 安全漏洞

debug is a small JavaScript debugging utility open-sourced by Debug.js and modeled on core Node.js debugging techniques. A security vulnerability exists in debug versions prior to 3.1.0, which stems from the function useColors in file src/node.js, where manipulation of the parameter str leads to...

7.5CVSS5.6AI score0.02046EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/12/23 12:0 a.m.22 views

ThinkPHP 路径遍历漏洞

ThinkPHP is a PHP-based, open source, lightweight web application development framework from China's Top Thinking Information Technology Company. A security vulnerability exists in ThinkPHP Framework versions prior to 6.0.14, which originates from allowing local files to be included via the lang...

9.8CVSS8.3AI score0.15505EPSS
Exploits2References4
CNNVD
CNNVD
added 2022/12/05 12:0 a.m.22 views

MikroTik RouterOS 缓冲区错误漏洞

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in PCs to enable them to provide router functionality. A buffer error vulnerability exists in MikroTik RouterOS versions prior to v7.6, which stems from the inclusion o...

9.8CVSS9AI score0.01255EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/11/28 12:0 a.m.22 views

Discourse 输入验证错误漏洞

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. An input validation error vulnerability exists in versions prior to Discourse 2.9.0.beta13, which stems from the ability for users to post chat messages of unlimited...

4.3CVSS5.1AI score0.00503EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/21 12:0 a.m.22 views

WordPress plugin login-block-ips 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.5CVSS6.8AI score0.00664EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/11/09 12:0 a.m.22 views

VMware Workspace ONE Assist 授权问题漏洞

VMware Workspace ONE Assist is a real-time remote support solution from VMware, Inc. It allows VMware Workspace ONE UEM administrators to remotely access and troubleshoot devices in real-time while respecting end-user privacy. A security vulnerability exists in VMware Workspace ONE Assist prior t...

9.8CVSS8.6AI score0.00929EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/20 12:0 a.m.22 views

Abode Iota 格式化字符串错误漏洞

Abode Iota is a reliable Diy home security system from Abode. A formatting string error vulnerability exists in Abode Iota versions 6.9X and 6.9Z, which stems from the fact that an attacker can send an authenticated, malicious HTTP request to its web interface/action/wirelessConnect functionality...

8.8CVSS7.7AI score0.01252EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/10/17 12:0 a.m.22 views

WordPress Plugin Passster 加密问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

5.9CVSS6AI score0.00452EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/10/14 12:0 a.m.23 views

OpenHarmony 安全漏洞

OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation Foundation. A security vulnerability exists in OpenHarmony v3.1.2 and earlier and 3.0.6 and earlier, which stems from a kernel memory pool overwriting issue in its /dev/mmzuserdev device driver...

7.8CVSS7.8AI score0.00185EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/06 12:0 a.m.22 views

Apache Commons JXPath 缓冲区错误漏洞

Apache Commons JXPath is a Java-based implementation of XPath 1.0 from the Apache Foundation, U.S.A. A buffer overflow vulnerability exists in Apache Commons JXPath, which is caused by a stack buffer overflow when parsing XPath. A remote attacker could exploit this vulnerability to cause a denial...

6.5CVSS7.2AI score0.01188EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/09/27 12:0 a.m.22 views

Wazuh 安全漏洞

Wazuh is an Wazuh open source application. Wazuh 3.6.1 and later, 3.13.5 and earlier, 4.0.0 and later, 4.2.7 and earlier, and 4.3.0 and later, 4.3.7 and earlier are vulnerable to a code execution vulnerability that stems from Active Response endpoint fails to properly filter the special elements ...

8.8CVSS7.8AI score0.0128EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.22 views

Rockwell Automation ThinManager 缓冲区错误漏洞

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. A security vulnerability exists in Rockwell Automation ThinManager versions 11.0.0 through 13.0.0, which stems fr...

9.8CVSS8.9AI score0.21829EPSS
Exploits0References3
Total number of security vulnerabilities5000