Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/09/23 12:0 a.m.22 views

Rockwell Automation ThinManager 缓冲区错误漏洞

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. A security vulnerability exists in Rockwell Automation ThinManager versions 11.0.0 through 13.0.0, which stems fr...

9.8CVSS8.9AI score0.21829EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/20 12:0 a.m.22 views

Microsoft Endpoint Configuration Manager 安全漏洞

Microsoft Endpoint Configuration Manager is a local management solution from Microsoft. It is used to manage networked or Internet-based desktops, servers, and laptops. A security vulnerability exists in Microsoft Endpoint Configuration Manager, which can be exploited by an attacker to gain acces...

7.5CVSS7.3AI score0.01433EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.22 views

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from TYPO3 Association in Switzerland. A cross-site scripting vulnerability exists in TYPO3. An attacker could exploit this vulnerability to perform cross-site scripting attacks...

6.5CVSS5.7AI score0.00722EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.22 views

Microsoft Windows DPAPI 安全漏洞

Microsoft Windows is a suite of operating systems for personal devices from the U.S.-based Microsoft Corporation. A security vulnerability exists in Microsoft Windows DPAPI Data Protection Application Programming Interface. The following products and versions are affected: Windows 11 for x64-base...

5.5CVSS6.8AI score0.00963EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/09/09 12:0 a.m.22 views

tesseract 数字错误漏洞

tesseract is an open source OCR Optical Character Recognition engine. A numeric error vulnerability exists in the Leptonica linked library v1.79.0 in tesseract v5.0.0, which can be exploited by an attacker to cause an arithmetic anomaly via a specially crafted JPEG file, leading to a denial of...

6.5CVSS7.2AI score0.01146EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/09/01 12:0 a.m.22 views

InnoSilicon A10 安全漏洞

The InnoSilicon A10 is a mining machine from InnoSilicon. A security vulnerability exists in the InnoSilicon A10 a1020200924120556 version, which stems from the discovery of a Remote Code Execution RCE vulnerability contained via the setPlatformAPI function...

8.8CVSS8AI score0.01438EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/23 12:0 a.m.22 views

TRENDnet TV-IP572PI 授权问题漏洞

The TRENDnet TV-IP572PI is a megapixel HD PoE day/night network camera from TRENDnet. A security vulnerability exists in TRENDnet TV-IP572PI v1.0, which stems from improper access control. An attacker could exploit the vulnerability to access sensitive system information...

7.2CVSS5.6AI score0.00984EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/18 12:0 a.m.22 views

schroot 安全漏洞

schroot is a software package. It is used to allow users to run commands or log into a shell in a chroot environment. A security vulnerability exists in the Debian schroot package. An attacker has exploited this vulnerability to bypass schroot's restrictions via Session Names in order to elevate...

4.3CVSS5.2AI score0.00815EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/08/15 12:0 a.m.22 views

w3m 缓冲区错误漏洞

w3m is a WWW-enabled pager from the personal developer Tatsuya Kinoshita. A security vulnerability exists in w3m version 0.5.3, which stems from an out-of-bounds write to checkType in etc.c. This can be triggered by sending a crafted HTML file to the w3m binary, allowing attackers to cause a deni...

7.8CVSS7.4AI score0.00441EPSS
Exploits1References9
CNNVD
CNNVD
added 2022/08/10 12:0 a.m.22 views

Intel Active Management Technology 安全漏洞

Intel Active Management Technology AMT is a suite of hardware-based remote active management technology software for computers from Intel Corporation. A security vulnerability exists in Intel Active Management Technology , Standard Manageability versions prior to August 9, 2022, which stems from...

5.5CVSS5.7AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/08 12:0 a.m.22 views

Thingsboard 跨站脚本漏洞

Thingsboard is a Java-based platform for IOT devices for monitoring, management, and data collection from the Thingsboard team. A security vulnerability exists in Thingsboard version 3.3.1, which can be exploited by an attacker to put a script payload into the name of a rule node when creating th...

4.8CVSS5.4AI score0.02331EPSS
Exploits4References5
CNNVD
CNNVD
added 2022/08/05 12:0 a.m.22 views

Electronic Medical Records System SQL注入漏洞

Electronic Medical Records System is an electronic medical records system. Electronic Medical Records System suffers from a SQL injection vulnerability that stems from an unknown function of its POST request handler that operates on the parameter useremail to cause sql injection. The attack metho...

9.8CVSS8.4AI score0.00625EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/08/05 12:0 a.m.22 views

TCL LinkHub Mesh Wi-Fi 安全漏洞

TCL LinkHub Mesh Wi-Fi is a router from TCL Corporation. A security vulnerability exists in TCL LinkHub Mesh Wi-Fi version MS1G0001.0014, which stems from a buffer overflow vulnerability in the GetValue function, where a specially crafted configured value may cause a buffer overflow...

9.8CVSS8.9AI score0.01109EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/01 12:0 a.m.22 views

Realtek AP-Router SDK 输入验证错误漏洞

The Realtek AP-Router SDK is a software package for wireless chipsets from Realtek Semiconductor Realtek of China. The Realtek AP-Router SDK suffers from an input validation error vulnerability that originates from remote code execution via a crafted SIP packet containing malicious SDP data...

9.8CVSS9.1AI score0.3708EPSS
Exploits2References4
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.22 views

Jenkins Android Signing Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.00569EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/12 12:0 a.m.22 views

Microsoft Windows 代码问题漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A code issue vulnerability exists in the Microsoft Windows Client/Server Runtime Subsystem. The following products and editions are affected:Windows 10 Version 1809 for 32-bit...

7.8CVSS8.1AI score0.18765EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.22 views

WordPress plugin New User Approve 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress New User Approve plugin versions prior to 2.4 are vulnerable to cross-site request forgery, which...

4.3CVSS5.6AI score0.00367EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/06/22 12:0 a.m.22 views

Jenkins Plugin vRealize Orchestrator 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins vRealize Orchestrator Plugin 3.0...

5.7CVSS5.7AI score0.00624EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/10 12:0 a.m.22 views

Fastjson 代码问题漏洞

Fastjson is a Java-based fast JSON parser/generator. versions prior to Fastjson 1.2.83 have a security vulnerability that stems from the ease of bypassing the default autoType off restriction to deserialize untrusted data, which is exploited by attackers to cause code execution...

9.8CVSS5.9AI score0.17767EPSS
Exploits5References9
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.22 views

Delta Controls enteliTOUCH 跨站脚本漏洞

Delta Controls enteliTOUCH is a touchscreen building controller from Delta Controls Canada. A security vulnerability exists in Delta Controls enteliTOUCH versions 3.40.3935, 3.40.3706, and 3.33.4005, which stems from a cross-site scripting vulnerability discovered via the Username parameter. The...

6.1CVSS6.3AI score0.00725EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/05/25 12:0 a.m.22 views

ZKEACMS 跨站脚本漏洞

ZKEACMS v3.5.2 is a cross-site scripting vulnerability that can be exploited by attackers to inject malicious JavaScript programs to steal other users' cookies, etc...

5.4CVSS5.1AI score0.00461EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/05/19 12:0 a.m.22 views

SPIP 跨站脚本漏洞

SPIP is a web-based content publishing system. A cross-site scripting vulnerability exists in SPIP version 3.1.13 and prior versions, which originates in /spip.php. The vulnerability stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could use...

6.1CVSS5.6AI score0.0156EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.22 views

WordPress plugin myCred 安全漏洞

WordPress is a set of blogging platform developed using the PHP language. myCred 2.4.4, a WordPress plugin, previously had an authorization issue vulnerability, which stems from the plugin's failure to perform any authorization and CSRF checks in the myCred tool's import and export AJAX operation...

4.3CVSS5.8AI score0.00339EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/04/14 12:0 a.m.22 views

Red Lion DA50N 安全漏洞

The Red Lion DA50N is a series of secure edge network gateways from Red Lion, U.S.A. A security vulnerability exists in the Red Lion DA50N that could be exploited by an attacker to elevate to root access using the su command...

10CVSS8.3AI score0.01172EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/03/29 12:0 a.m.22 views

Joomla! 代码注入漏洞

Joomla! is a set of forum components used in the Joomla! content management system. A code injection vulnerability exists in versions 4.0.0 to 4.1.0 of Joomla!, which stems from an HTTP request parameter input validation error. No detailed vulnerability details are available at this time...

9.8CVSS5.7AI score0.01172EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.22 views

WordPress plugin Infographic Maker SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in the WordPress plugin...

9.8CVSS8.5AI score0.15254EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.22 views

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. cross-site scripting vulnerability exists in versions of the WordPress ARI Fancy Lightbox plugin prior to 1.3.9, which stems from a...

6.1CVSS4.8AI score0.00863EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.22 views

Sylius 信息泄露漏洞

Sylius is a set of open source e-commerce platform based on the Symfony framework from the Polish company Sylius. Sylius has an information disclosure vulnerability, and no details of the vulnerability are currently available...

5.5CVSS5.6AI score0.00809EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/03/08 12:0 a.m.22 views

Icinga Web 2 路径遍历漏洞

Icinga Web 2 is an application that supports Icinga 2, Icinga Core, and any other IDO database-compatible monitoring backend, developed by the Icinga Project as a next-generation open source monitoring web interface, framework, and command line interface. Icinga Web 2 suffers from a path traversa...

7.5CVSS7.5AI score0.89378EPSS
Exploits8References7
CNNVD
CNNVD
added 2022/03/08 12:0 a.m.22 views

Microsoft Windows HTML Platform 安全特征问题漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A vulnerability exists in the Microsoft Windows HTML Platform due to a security feature issue. The following products and versions are affected: Windows 7 for 32-bit Systems Service Pack...

6.5CVSS6.5AI score0.33063EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/03/04 12:0 a.m.22 views

Go-Ethereum 代码问题漏洞

Ethereum Go-ethereum is a codebase from the Ethereum community that implements the ethereum protocol in the Go language. A code issue vulnerability exists in Go-Ethereum that stems from a product that allows an attacking node to send 5,120 future high-oil transactions in a single message, which c...

7.5CVSS7.4AI score0.0134EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/03/04 12:0 a.m.22 views

Cedar Gate EZ-NET 跨站脚本漏洞

Cedar Gate EZ-NET is an Internet portal application from Cedar UK. A cross-site scripting vulnerability exists in The Cedar Gate EZ-NET 6.5.5, 6.6.3, 6.7.0, and 6.8.0 that stems from The Cedar Gate EZ-NET 6.5.5, and 6.8.0 having a call to display messages to the user that do not correctly clean u...

6.1CVSS5.2AI score0.00913EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/01/24 12:0 a.m.22 views

Banking System SQL注入漏洞

Banking System is a simple banking system project by Carlo Montero's personal developer. It is used to manage bank customers' accounts and process basic customer transactions. A security vulnerability exists in Banking System that originates from allowing arbitrary SQL commands to be executed via...

9.8CVSS8.6AI score0.01254EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/12/27 12:0 a.m.22 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WP RSS Aggregator plugin has a cross-site scripting vulnerability in versions prior to 4.19.3, which...

5.4CVSS5.6AI score0.00292EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/12/08 12:0 a.m.22 views

Atlassian Jira 授权问题漏洞

Atlassian Jira is a defect tracking system from Atlassian Australia. An access control error vulnerability exists in Atlassian Jira Server and Data Center, which stems from an authentication in the product's /plugins/servlet/project-config/PROJECT/roles endpoint. is corrupted, and an attacker cou...

7.5CVSS5.6AI score0.00836EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/07 12:0 a.m.22 views

Django 安全漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django, which stems from the fact that HTTP requests for URLs...

7.5CVSS7.2AI score0.02295EPSS
Exploits0References14
CNNVD
CNNVD
added 2021/12/02 12:0 a.m.22 views

Distributed Data Systems WebHmi 授权问题漏洞

Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. Distributed Data Systems WebHmi...

9.8CVSS5.7AI score0.01392EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/12/01 12:0 a.m.22 views

elgg 安全漏洞

Elgg is a set of open source social networking engine. The product blogs, file sharing, groups, and other features. A security vulnerability exists in elgg that stems from elgg's susceptibility to authorization bypass via a user-controlled key...

5.9CVSS5.2AI score0.00779EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.22 views

NLnet Labs Routinator 缓冲区错误漏洞

NLnet Labs Routinator is an RPKI Resource Public Key Infrastructure authenticator written in Rust from Stichting NLnet Stichting Nlnet Labs in the Netherlands. A security vulnerability exists in NLnet Labs Routinator, which stems from the mismanagement of system resources e.g., memory, disk space...

7.5CVSS7.1AI score0.01434EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/10/07 12:0 a.m.22 views

Ax-Solutions Visual Tools Dvr Vx16 操作系统命令注入漏洞

Ax-Solutions Visual Tools Dvr Vx16 is a video surveillance system from Ax-Solutions, Inc. It is used for image analysis. An operating system command injection vulnerability exists in Ax-Solutions Visual Tools DVR VX16 4.2.28.0, which allows an unauthenticated attacker to achieve remote command...

10CVSS8.9AI score0.69882EPSS
Exploits2References3
CNNVD
CNNVD
added 2021/09/21 12:0 a.m.22 views

Moodle 授权问题漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. Moodle suffers from an authorization issue vulnerability that stems from a type juggling issue in the external database authentication...

6.5CVSS7.1AI score0.00825EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/09/14 12:0 a.m.22 views

Microsoft Office 代码注入漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code injection vulnerability exists in Microsoft Office. The following products and edition...

7.8CVSS7.4AI score0.04878EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/09/08 12:0 a.m.22 views

Saltstack SaltStack Salt 安全漏洞

Saltstack SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. SaltStack Salt versions prior to Salt 3003.3 have a security vulnerability that allows a user with a contr...

7.5CVSS8.1AI score0.03514EPSS
Exploits0References12
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.22 views

Google TensorFlow缓冲区错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow that could be exploited to cause TensorFlow to terminate abnormally...

7.8CVSS5.2AI score0.00173EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.22 views

WordPress和WordPress 插件 SQL注入漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Secure Copy Content Protection plugin is an application plugin for WordPress. A SQL injection vulnerability exists in...

7.2CVSS6AI score0.01344EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/07/13 12:0 a.m.22 views

VMware ESXi 缓冲区错误漏洞

VMware ESXi is a server virtualization platform from VMware that can be installed directly on physical servers. A buffer error vulnerability exists in VMware ESXi, which originates from an out-of-bounds read of heap memory by OpenSLP in the product, which can be triggered by malicious access on...

7.5CVSS7.4AI score0.00961EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/07/13 12:0 a.m.22 views

Microsoft Bing 安全漏洞

Microsoft Bing is a web search engine from Microsoft Corporation USA. A security vulnerability exists in Microsoft Bing. The following products and versions are affected: Microsoft Bing Search for Android...

6.5CVSS6.6AI score0.01472EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/07/07 12:0 a.m.22 views

Joomla! 代码问题漏洞

Joomla! is a set of forum components used in the Joomla! content management system. A code issue vulnerability exists in Joomla! 2.5.0 - 3.9.27. The vulnerability stems from a hard-coded ACL check for superuser missing from the install operation in cominstaller, which can be exploited to execute...

7.5CVSS5.8AI score0.01209EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/06/17 12:0 a.m.22 views

Nextcloud Android app 安全漏洞

Nextcloud Android app is an Android-based mobile application from Nextcloud Germany for accessing Nextcloud servers. A denial of service vulnerability exists in the Nextcloud Android app, which can be exploited by an attacker to cause the Nextcloud app to crash...

5.5CVSS5.7AI score0.00967EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/06/15 12:0 a.m.22 views

CLICK PLC CPU Modules 授权问题漏洞

CLICK PLC CPU Modules are Automation Direct's network devicesA single CLICK CPU Module can be connected to up to eight I/O modules to expand the number of system I/O and meet the needs of a specific application. An authorization issue vulnerability exists in Automation Direct CLICK PLC CPU Module...

9.8CVSS8.2AI score0.0107EPSS
Exploits0References6
Total number of security vulnerabilities5000