Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2023/06/13 12:0 a.m.21 views

Siemens JT2Go 代码问题漏洞

JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML with available JT, VFZ, CGM and TIF data.Teamcenter Visualization software is able to enhance its Product Lifecycle Management PLM environments with a comprehensive range of visualization solutions. PLM environme...

5.5CVSS6.5AI score0.00184EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/13 12:0 a.m.21 views

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering, and antispam. A security vulnerabili...

6.5CVSS6.5AI score0.00827EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/13 12:0 a.m.21 views

Hutool 安全漏洞

Hutool is a small but complete Java tool library from the Chinese Dromara community. A security vulnerability exists in Hutool v5.8.17 and earlier versions, which originates from an information disclosure vulnerability in the File.createTempFile function in /core/io/FileUtil.java...

7.1CVSS6.9AI score0.00244EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/06/12 12:0 a.m.21 views

Apache NiFi 代码注入漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A code injection vulnerability exists in Apache NiFi versions 0.0.2 through 1.21.0 that originates from allowing...

8.8CVSS8.4AI score0.63633EPSS
Exploits10References6
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.21 views

WordPress plugin B2BKing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS7.2AI score0.0074EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/06/06 12:0 a.m.21 views

Matrix Synapse 授权问题漏洞

Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. An authorization issue vulnerability exists in versions of Matrix Synapse prior to 1.85.0, which stems from the possibility that a deactivated user may log in while using an uncommon configuration...

5.4CVSS5.8AI score0.00752EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/06/04 12:0 a.m.21 views

STARFACE 安全漏洞

STARFACE is an IP telephony system for digital communications from STARFACE, Inc. A security vulnerability exists in STARFACE version 7.3.0.10 and prior versions that originates from allowing authentication using password hashes...

8.1CVSS7.7AI score0.04421EPSS
Exploits4References4
CNNVD
CNNVD
added 2023/05/23 12:0 a.m.21 views

SQLite 代码注入漏洞

SQLite is a lightweight database that is ACID compliant relational database management system. A code injection vulnerability exists in SQLite JDBC that stems from a remote code execution vulnerability. No detailed vulnerability details are provided at this time...

9.8CVSS8.4AI score0.01592EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/05/18 12:0 a.m.21 views

WordPress Plugin Brands for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.5AI score0.00361EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/14 12:0 a.m.21 views

Online Exam System SQL注入漏洞

Online Exam System is an online exam system by oretnom23 individual developers. A SQL injection vulnerability exists in SourceCodester Online Exam System version 1.0, which stems from a problem with the file /dosen/data of the component POST Parameter Handler, where manipulation of the parameter...

9.8CVSS7AI score0.0082EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/05/05 12:0 a.m.21 views

MitraStar GPT-2741GNAC-N2 安全漏洞

MitraStar GPT-2741GNAC-N2 is a fiber optic access device from China-based MitraStar Technology MitraStar. A security vulnerability exists in the MitraStar GPT-2741GNAC-N2 firmware version BRg5.91.11WVK.0b32, which originates from the inclusion of Remote Code Execution RCE in the ping function...

8.8CVSS8.2AI score0.01328EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/05/03 12:0 a.m.21 views

WordPress plugin vSlider Multi Image Slider for WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/02 12:0 a.m.21 views

WordPress plugin Easy Digital Downloads 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

9.8CVSS8.3AI score0.031EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/27 12:0 a.m.21 views

Pimcore 跨站脚本漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A cross-site scripting vulnerability exists in...

7.3CVSS6.5AI score0.0109EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/04/26 12:0 a.m.21 views

OURPHP SQL注入漏洞

OURPHP is OURPHP open source an open source, cross-platform, enterprise-level + e-commerce + applet + APP multi-terminal synchronization CMS station-building system. OURPHP version 7.2.0 and previous versions exist SQL injection vulnerability. The vulnerability stems from the application's lack o...

9.8CVSS8.2AI score0.00953EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/04/23 12:0 a.m.21 views

Joomla SQL注入漏洞

Joomla is an open source, cross-platform content management system CMS developed using PHP and MySQL by the U.S. Open Source Matters team. Joomla 3 suffers from a security vulnerability that stems from improper use of input filters leading to SQL injection. An attacker exploiting the vulnerabilit...

9.8CVSS7.3AI score0.00798EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.21 views

Oracle SQL Developer 安全漏洞

Oracle SQL Developer is a free integrated development environment from Oracle Corporation that simplifies the development and management of Oracle databases. A security vulnerability exists in Oracle SQL Developer versions prior to 23.1.0. An attacker exploiting this vulnerability could take over...

6.7CVSS6.6AI score0.00221EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.21 views

Schneider Electric Easy UPS Online Monitoring Software 访问控制错误漏洞

Schneider Electric Easy UPS Online Monitoring Software is a power monitoring software from the French company Schneider Electric Schneider Electric. The Schneider Electric Easy UPS Online Monitoring Software suffers from an Access Control Error vulnerability that stems from a lack of authenticati...

9.8CVSS8.1AI score0.01315EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/10 12:0 a.m.21 views

Apple macOS Ventura 缓冲区错误漏洞

Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura version 13.1, which originates from the ability to execute arbitrary code with kernel privileges...

7.8CVSS8AI score0.00248EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/05 12:0 a.m.21 views

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ versions prior to 3.1.12, which stems from the presence of a stored cross-site scripting XSS vulnerability...

5.4CVSS5.4AI score0.00475EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/04/03 12:0 a.m.21 views

Hitachi Vantara Pentaho Business Analytics Server 代码问题漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that stems from improper references to XML external...

8.8CVSS6.8AI score0.00555EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.21 views

Pimcore 跨站脚本漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A cross-site scripting vulnerability exists in...

5.4CVSS4.8AI score0.00439EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/22 12:0 a.m.21 views

Medical Certificate Generator App SQL注入漏洞

Medical Certificate Generator App is a simple web application for medical clinics. A SQL injection vulnerability exists in SourceCodester Medical Certificate Generator App version 1.0, which stems from a problem in the file action.php, where manipulation of the parameter id can lead to sql...

9.8CVSS7AI score0.00491EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/03/20 12:0 a.m.21 views

Kozea CairoSVG 代码问题漏洞

Kozea CairoSVG is a Python based software from the Kozea community that converts SVG files to PDF, EPS, PS and PNG files. A code issue vulnerability exists in Kozea CairoSVG versions prior to 2.7.0, which stems from the fact that Cairo can send requests to an external host when processing SVG...

9.9CVSS7.5AI score0.00722EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/03/07 12:0 a.m.21 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...

7.5CVSS7.3AI score0.00406EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/27 12:0 a.m.21 views

WordPress Plugin GigPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists i...

8.8CVSS8.2AI score0.01301EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/02/21 12:0 a.m.21 views

textAngular 跨站脚本漏洞

textAngular is a very powerful text editor for textAngular individual developers. A security vulnerability exists in textAngular 1.5.16 and earlier versions, which stems from the presence of a cross-site scripting XSS vulnerability...

6.1CVSS5.8AI score0.00498EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/02/15 12:0 a.m.22 views

Adobe FrameMaker 缓冲区错误漏洞

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. An out-of-bounds read vulnerability exists in Adobe FrameMaker, which can be exploited by an attacker to cause a...

5.5CVSS6.6AI score0.00325EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.21 views

react-admin 跨站脚本漏洞

react-admin is a front-end framework for building data-driven applications that run in the browser on top of a REST/GraphQL API, using ES6, React, and Material Design. A security vulnerability exists in react-admin versions 3.x prior to 3.19.12 and 4.x prior to 4.7.6, which stems from the presenc...

5.4CVSS6.1AI score0.00694EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/02/08 12:0 a.m.21 views

WordPress plugin Wicked Folders 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. The WordPress plugin Wicked Folders suffers from a...

5.4CVSS6.1AI score0.00308EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.21 views

Contiki-NG 缓冲区错误漏洞

Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. A buffer error vulnerability exists in Contiki-NG version 4.8 and prior versions, which stems from an out-of-bounds write in the BLE-L2CAP module...

8.2CVSS7.5AI score0.00353EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/11 12:0 a.m.21 views

ZITADEL 代码问题漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era, open sourced by ZITADEL Switzerland. A code issue vulnerability exists in ZITADEL versions 2.17.3 and earlier, 2.16.4 and earlier, which stems from allowing a...

5.9CVSS5.9AI score0.00599EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/22 12:0 a.m.21 views

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an issue found in ksmbd where fs/ksmbd/smb2pdu.c has an OOPS for reuse after release and SMB2TREEDISCONNECT...

9.8CVSS7AI score0.46428EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/12/14 12:0 a.m.21 views

WordPress plugin Mega Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

7.1CVSS6.5AI score0.00692EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.21 views

Passport-wsfed-saml2 安全漏洞

Passport-wsfed-saml2 is an Auth0 open source token authentication provider. A security vulnerability exists in Passport-wsfed-saml2 version 4.6.2 and earlier, which can be exploited by an attacker to bypass WSFed authentication on a website using passport-wsfed-saml2...

7.5CVSS7.3AI score0.00751EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.21 views

Microsoft SharePoint 安全漏洞

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft Corporation USA. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information.A remo...

8.8CVSS7.9AI score0.82081EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/30 12:0 a.m.21 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Live Caption, which can be exploited by attackers to execute arbitrary code on a system or cause a denial of service...

8.8CVSS8.9AI score0.0083EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/11/30 12:0 a.m.21 views

VideoLAN VLC media player 输入验证错误漏洞

VideoLAN VLC media player is a free, open source cross-platform multimedia player also a multimedia framework organized by VideoLAN France. The product supports playback of multiple media files, CD-ROMs, etc., multiple audio and video formats WMV, MP3, etc., etc. A security vulnerability exists i...

7.8CVSS8.8AI score0.00649EPSS
Exploits1References8
CNNVD
CNNVD
added 2022/11/29 12:0 a.m.21 views

WAVLINK WN531G3 安全漏洞

The WAVLINK WN531G3 is a wireless router from China's RuiYin Technology WAVLINK. The WAVLINK WN531G3 M31G3.V5030.201204 version and M31G3.V5030.200325 version contain an access control error vulnerability that can be exploited by an attacker to download configuration data and log files...

7.5CVSS6.8AI score0.02756EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/11/21 12:0 a.m.21 views

WordPress plugin Easy Digital Downloads 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...

9.8CVSS7.2AI score0.01218EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/11/18 12:0 a.m.21 views

WordPress plugin Creative Mail 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Creative Mail 1.5.4 and earlier versions contain a cross-site request forgery vulnerability...

8.8CVSS6.6AI score0.00707EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.21 views

Apache MINA 代码问题漏洞

Apache MINA is the United States Apache Apache Foundation of a web application framework. The product is mainly used to develop high-performance and highly scalable web applications. Apache MINA 2.9.1 and earlier versions suffer from a deserialization vulnerability that stems from the use of Java...

9.8CVSS6.9AI score0.03571EPSS
Exploits1References20
CNNVD
CNNVD
added 2022/11/07 12:0 a.m.21 views

JGraph draw.io 跨站脚本漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application for JGraph. A security vulnerability exists in JGraph draw.io versions prior to 20.5.2. An attacker could exploit this vulnerability to perform cross-site scripting attacks...

6.5CVSS6.2AI score0.00624EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/10/26 12:0 a.m.21 views

Metabase 输入验证错误漏洞

Metabase is an open source data analytics platform from the US-based Metabase, Inc. A security vulnerability exists in Metabase that stems from a custom GeoJSON map URL address that will follow a redirect to an address that is otherwise not allowed, such as a link to a local or private network...

6.5CVSS6.5AI score0.00556EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/20 12:0 a.m.21 views

Synology DiskStation Manager 竞争条件问题漏洞

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology, a Chinese company. The operating system manages information such as data, files, photos, music, etc. The Synology DiskStation Manager DSM has a competitive condition. A competing conditio...

10CVSS8.3AI score0.00984EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/20 12:0 a.m.21 views

Abode Iota 格式化字符串错误漏洞

Abode Iota is a reliable Diy home security system from Abode. A formatting string error vulnerability exists in Abode Iota versions 6.9X and 6.9Z, which stems from the fact that an attacker can send an authenticated, malicious HTTP request to its web interface/action/wirelessConnect functionality...

8.8CVSS7.8AI score0.01241EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/10/10 12:0 a.m.21 views

Trend Micro Apex One 缓冲区错误漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro, Inc. An out-of-bounds access vulnerability exists in the 2019 on-prem, SaaS version of Trend Micro Apex One, which could be exploited by an attacker to create specially crafted messages to cause memory corruption in a...

7CVSS6.5AI score0.00652EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/06 12:0 a.m.21 views

编号撤回

This CVE number has been withdrawn...

8AI score
Exploits1
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.21 views

Open vSwitch 缓冲区错误漏洞

Open vSwitch is an open source virtual switch. A buffer error vulnerability exists in Open vSwitch versions v0.90.0 through v2.5.0, which stems from a heap buffer over-read in flow.c. An unsafe comparison of the minimasks function may result in access to unmapped memory regions, which can be...

6.1CVSS8.4AI score0.00551EPSS
Exploits0References12
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.21 views

Rocket.Chat 授权问题漏洞

Rocket.Chat is an open source team chat software. A security vulnerability exists in Rocket.Chat Mobile App versions prior to 4.14.1.22788, which stems from incorrect authentication and can be exploited by an attacker to bypass local authentication...

6.8CVSS6.7AI score0.00569EPSS
Exploits1References2
Total number of security vulnerabilities5000