Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2025/01/09 12:0 a.m.21 views

SingMR HouseRent 代码问题漏洞

HouseRent is a house rental management system by Mr.W individual developer. It provides an auto-caching JWK-Set HTTP client. A code issue vulnerability exists in SingMR HouseRent version 1.0, which stems from the singleUpload/upload function in the file...

8.8CVSS6.6AI score0.00369EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/24 12:0 a.m.21 views

Hanwha Vision NVR 安全漏洞

Hanwha Vision NVR is a series of network video recorder devices from Hanwha Vision, a South Korean company. A security vulnerability exists in Hanwha Vision NVR that stems from improper handling of large data inputs when processing URL parameters, which could lead to a stack overflow...

6.9CVSS6.4AI score0.00799EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.21 views

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal that stems from improper input neutralization during page generation, resulting in a cross-site scripting vulnerability...

5.4CVSS6AI score0.00327EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/02 12:0 a.m.21 views

Async Http Client 授权问题漏洞

Async Http Client is AsyncHttpClient open source asynchronous Http and WebSocket client library for Java. An authorization issue vulnerability exists in Async Http Client version 3.0.0, which stems from an automatically enabled and self-managed CookieStore handling mechanism that can lead to...

9.2CVSS7.9AI score0.00587EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/19 12:0 a.m.21 views

GNU Wget 代码问题漏洞

GNU Wget is a set of free software from the American GNU community for downloading over the Internet, which supports downloading over the three most common TCP/IP protocols: HTTP, HTTPS, and FTP. A code issue vulnerability exists in GNU Wget that stems from an application using Wget to access...

6.5CVSS7.2AI score0.0111EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.21 views

Microsoft Windows DNS 安全漏洞

Microsoft Windows DNS is a domain name resolution service from Microsoft Corporation USA. The Domain Name System DNS is one of the industry-standard suite of protocols that encompasses TCP/IP, and together, DNS clients and DNS servers provide name resolution services for computers and users that...

7.5CVSS6.2AI score0.00565EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/07 12:0 a.m.21 views

WordPress plugin Jetpack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS6.5AI score0.01148EPSS
Exploits3References1
CNNVD
CNNVD
added 2024/10/23 12:0 a.m.21 views

Siemens InterMesh 7177和Siemens InterMesh 7707 访问控制错误漏洞

InterMesh is a wireless alarm reporting system that uses mesh wireless network technology to transmit alarm signals. A security vulnerability exists in Siemens InterMesh Subscriber Devices due to a web server in the affected devices that does not authenticate a GET request that executes a specifi...

9.8CVSS6.9AI score0.005EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/05 12:0 a.m.21 views

WordPress plugin Search Atlas SEO 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS6.2AI score0.00261EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.21 views

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS version 15, which originates from an application that may be able to access protected user data...

7.5CVSS6.1AI score0.00553EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.21 views

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft USA. A security vulnerability exists in Microsoft Windows. An attacker could exploit this vulnerability to bypass certain functionality. The following products and versions are affected: Windows 11 Versio...

7.8CVSS6.2AI score0.00899EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.21 views

Pulpcore 授权问题漏洞

Pulpcore is a library in the Pulp open source. An authorization issue vulnerability exists in Pulpcore that stems from modproxy not properly unsetting the header...

9.8CVSS9.2AI score0.00814EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.21 views

Foreman 授权问题漏洞

Foreman is Foreman's open source set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. Foreman has an authorization issue vulnerability that stems from modproxy not proper...

9.8CVSS9.1AI score0.00769EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/09/02 12:0 a.m.21 views

OpenHarmony 安全漏洞

OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation OpenAtom Foundation Foundation. A security vulnerability exists in OpenHarmony version v4.1.0 and earlier versions, which stems from the liteosa kernel use-after-release vulnerability...

8.8CVSS6.6AI score0.00158EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/26 12:0 a.m.21 views

WordPress plugin myCred 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS6.6AI score0.00265EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/22 12:0 a.m.21 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a path traversal vulnerability that stems from an inability to clean up front-end user input used for redirection, which can be exploited by an attacker to cause a cross-site...

8.8CVSS6.7AI score0.0019EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/27 12:0 a.m.21 views

WordPress plugin Contact Form Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.5CVSS6.4AI score0.00321EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/07/24 12:0 a.m.21 views

WordPress plugin Funnel Builder for WordPress by FunnelKit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

4.3CVSS6.5AI score0.00325EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/07/02 12:0 a.m.21 views

GeoTools Security Vulnerabilities

GeoTools is an open source Java library. Provides tools for geospatial data. A security vulnerability exists in GeoTools that stems from Remote Code Execution RCE that may occur if the application uses certain functions to evaluate XPath expressions provided by user input...

9.8CVSS7.3AI score0.74908EPSS
Exploits1References18
CNNVD
CNNVD
added 2024/07/01 12:0 a.m.21 views

GeoServer Code Injection Vulnerability

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code injection vulnerability exists in GeoServer that stems from insecurely resolving attribute names to XPath expressions, which could lead to remote code...

9.8CVSS8.2AI score0.99813EPSS
Exploits26References9
CNNVD
CNNVD
added 2024/06/12 12:0 a.m.21 views

Line Client For Ios Security Vulnerability

Line Corporation Line Client For Ios is a communication application from Line Corporation, Japan. A security vulnerability exists in Line Client For Ios prior to version 14.9.0, which stems from the inclusion of a generic cross-site scripting XSS vulnerability that can be exploited by an attacker...

6.1CVSS6.1AI score0.00269EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.21 views

Microsoft Visual Studio 安全漏洞

Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. A remote code execution vulnerability exists in Microsoft Visual Studio, which can be exploited by a...

4.7CVSS8.4AI score0.01354EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.21 views

WordPress plugin Aspose.Words Exporter security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.8AI score0.00376EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/10 12:0 a.m.21 views

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. An elevation of privilege vulnerability exists in Trend Micro Apex One, which can be exploited by an attacker to elevate privileges and execute arbitrary code in the system context...

7.8CVSS7.9AI score0.00552EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.21 views

Nuki Bridge 安全漏洞

Nuki Bridge is a smart lock control software from Nuki. A security vulnerability exists in Nuki Bridge v1.x prior to v1.22.0 and v2.x prior to v2.13.2, and Nuki Keypad v1.9.2 prior to v1.9.2, which stems from the fact that sending multiple incorrectly-formatted packets can prevent certain functio...

9.8CVSS6.6AI score0.0161EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.21 views

Simple Customer Relationship Management 安全漏洞

Simple Customer Relationship Management Simple CRM is a simple customer relationship management system by Carlo Montero Personal Developer. A security vulnerability exists in Simple Customer Relationship Management System v1.0, which stems from an SQL injection vulnerability that allows an attack...

5.4CVSS8AI score0.00639EPSS
Exploits3References5
CNNVD
CNNVD
added 2024/05/06 12:0 a.m.21 views

WordPress plugin LeadConnector 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.6CVSS6.6AI score0.00437EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/06 12:0 a.m.21 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption that occurs when an IOCTL call is interrupted by a signal...

8.4CVSS6.7AI score0.00156EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.21 views

D-Link D-View 安全漏洞

D-Link D-View is a web-based design network device management software from China's D-Link Corporation. A security vulnerability exists in D-Link D-View, which originates from A hard-coded encryption key authentication bypass vulnerability is exploited...

9.8CVSS9.6AI score0.56064EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.21 views

WordPress plugin Paid Memberships Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.6AI score0.00297EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/23 12:0 a.m.21 views

Watchdog Antivirus 代码问题漏洞

Watchdog Antivirus is an anti-malware program from Watchdog. designed to neutralize viruses, trojans, rootkits, worms, spyware and adware. A code issue vulnerability exists in Watchdog Antivirus version v1.6.415, which stems from a code issue that allows an attacker to cause a denial of service D...

5.5CVSS6.9AI score0.00165EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/04 12:0 a.m.21 views

D-Link DNS-320 命令注入漏洞

D-Link DNS-320 is a NAS Network Attached Storage device from China's AUO D-Link. A command injection vulnerability exists in the D-Link DNS-320L, which originates from a command injection vulnerability in the file /cgi-bin/nassharing.cgi. Affected products and versions: D-Link DNS-320L, DNS-325,...

9.8CVSS7.9AI score0.99997EPSS
Exploits8References6
CNNVD
CNNVD
added 2024/04/03 12:0 a.m.21 views

WordPress plugin WooCommerce Cart Abandonment Recovery 漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.8CVSS8.2AI score0.00353EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.21 views

WordPress Plugin Contact Form Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

6.1CVSS6AI score0.013EPSS
Exploits2References3
CNNVD
CNNVD
added 2024/03/06 12:0 a.m.21 views

CasaOS Security Vulnerabilities

CasaOS is a simple, easy-to-use, and elegant open source home cloud system. A security vulnerability exists in CasaOS-UserService versions prior to 0.4.4.3 through 0.4.7, which stems from a household name enumeration vulnerability in the Login page...

7.5CVSS6.7AI score0.00758EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.21 views

Aruba Networks ArubaOS Security Vulnerabilities

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including Mobility Controllers and Mobility Access Switches from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that stems from certain configurations of ArubaOS that could result in...

3.7CVSS6.4AI score0.00326EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.21 views

Liferay Portal and Liferay DXP Security Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

9CVSS5.3AI score0.00558EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/18 12:0 a.m.21 views

zephyr Security Breach

Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A security vulnerability exists in zephyr 3.5 and earlier versions, which stems from a signed to unsigned conversion issue in esp32ipmsend...

9.8CVSS6.8AI score0.00441EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/02 12:0 a.m.21 views

Solar-Log GmbH Cross-Site Scripting Vulnerability

Solar-Log GmbH is a data logger for monitoring photovoltaic PV power plants from the German company Solar-Log. A cross-site scripting vulnerability exists in Solar-Log GmbH firmware version 15 6.0.1 Build 161, which stems from a vulnerability that allows an attacker to elevate its privileges usin...

5.4CVSS6.1AI score0.00446EPSS
Exploits4References4
CNNVD
CNNVD
added 2024/01/30 12:0 a.m.21 views

Free Open-Source Inventory Management System Security Vulnerability

Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Free Open-Source Inventory Management System version v.1.0. A remote attacker can exploit this vulnerability to execute arbitrary code via the Stafflist parameter in...

6.5CVSS7.8AI score0.00351EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/01/25 12:0 a.m.21 views

Cisco Unified Communications Products 安全漏洞

Cisco Unified Communications Products is a series of unified communications products from the U.S. company Cisco Cisco. A command execution vulnerability exists in Cisco Unified Communications Products that stems from improper handling of user-supplied data read into memory. An attacker could...

10CVSS7.5AI score0.02057EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/01/03 12:0 a.m.21 views

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of a race condition in the Appletalk subsystem that results in a post-release reuse vulnerabili...

7CVSS6.5AI score0.0031EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/10/03 12:0 a.m.21 views

asyncua Authorization Issues Vulnerability

asyncua is a library in the Free OPC-UA Library open source. A vulnerability in authorization issues exists in versions prior to asyncua 0.9.96. The vulnerability stems from a lack of checking for services that require an active session, and is susceptible to incorrect authentication, which could...

7.5CVSS6.8AI score0.00454EPSS
Exploits1References8
CNNVD
CNNVD
added 2023/08/16 12:0 a.m.21 views

Thales Group SafeNet Authentication Service 安全漏洞

Thales Group SafeNet Authentication Service is an authentication service from Thales Group, a French company. A security vulnerability exists in SafeNet Authentication Service version 3.4.0, which stems from a misconfiguration of logging privileges. An attacker could use this vulnerability to cau...

5.7CVSS5.8AI score0.00131EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/14 12:0 a.m.21 views

Google Android 资源管理错误漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a resource management error vulnerability that originates from improper resource management in the setMediaButtonBroadcastReceiver module of MediaSessionRecord.java, which can be exploited by an...

5.5CVSS6.6AI score0.00085EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.21 views

Availability Booking Calendar PHP Cross Site Scripting Vulnerability

Availability Booking Calendar PHP is a GZ Scripts open source availability booking calendar system. A cross-site scripting vulnerability exists in Availability Booking Calendar PHP version 5.0, which stems from the parameter sessionid in the file /index.php that causes cross-site scripting...

6.1CVSS6AI score0.01766EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/07/06 12:0 a.m.21 views

OpenITCOCKPIT 安全漏洞

It-novum OpenITCOCKPIT is an open source system monitoring tool from It-novum, Germany. A security vulnerability exists in OpenITCOCKPIT prior to version 4.6.6, which stems from the absence of the "Secure" attribute on sensitive cookies in HTTPS sessions...

4.6CVSS5AI score0.00302EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/19 12:0 a.m.21 views

PyBB 跨站脚本漏洞

PyBB is an open source bulletin board for individual developers in Ben, UK. PyBB version 0.1.0 suffers from a cross-site scripting vulnerability that stems from the presence of a cross-site scripting vulnerability that allows an attacker to run malicious JavaScript code on the client side...

5.4CVSS5.5AI score0.00337EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/15 12:0 a.m.21 views

IBM PowerVM Hypervisor 安全漏洞

IBM PowerVM Hypervisor is an application from International Business Machines IBM, Inc. Providing a secure and scalable virtualized environment, these applications are built on the advanced RAS capabilities and leading performance of the Power Systems platform. An information disclosure...

7.5CVSS6AI score0.00626EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/14 12:0 a.m.21 views

HP PC 安全漏洞

HP PC is a computer product of Hewlett-Packard HP Company, USA. A security vulnerability exists in the HP PC BIOS that originates from allowing arbitrary code execution, privilege escalation, denial of service, and information disclosure...

7.8CVSS7.9AI score0.00232EPSS
Exploits0References1
Total number of security vulnerabilities5000