Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/12/14 12:0 a.m.21 views

WordPress plugin Mega Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

7.1CVSS6.5AI score0.00692EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/14 12:0 a.m.21 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.1AI score0.0048EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.21 views

Passport-wsfed-saml2 安全漏洞

Passport-wsfed-saml2 is an Auth0 open source token authentication provider. A security vulnerability exists in Passport-wsfed-saml2 version 4.6.2 and earlier, which can be exploited by an attacker to bypass WSFed authentication on a website using passport-wsfed-saml2...

7.5CVSS7.3AI score0.00751EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.21 views

Microsoft SharePoint 安全漏洞

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft Corporation USA. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information.A remo...

8.8CVSS7.9AI score0.82081EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/30 12:0 a.m.21 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Live Caption, which can be exploited by attackers to execute arbitrary code on a system or cause a denial of service...

8.8CVSS8.9AI score0.0083EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/11/30 12:0 a.m.21 views

VideoLAN VLC media player 输入验证错误漏洞

VideoLAN VLC media player is a free, open source cross-platform multimedia player also a multimedia framework organized by VideoLAN France. The product supports playback of multiple media files, CD-ROMs, etc., multiple audio and video formats WMV, MP3, etc., etc. A security vulnerability exists i...

7.8CVSS8.8AI score0.00649EPSS
Exploits1References8
CNNVD
CNNVD
added 2022/11/29 12:0 a.m.21 views

WAVLINK WN531G3 安全漏洞

The WAVLINK WN531G3 is a wireless router from China's RuiYin Technology WAVLINK. The WAVLINK WN531G3 M31G3.V5030.201204 version and M31G3.V5030.200325 version contain an access control error vulnerability that can be exploited by an attacker to download configuration data and log files...

7.5CVSS6.8AI score0.02756EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/11/21 12:0 a.m.21 views

WordPress plugin Easy Digital Downloads 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...

9.8CVSS7.2AI score0.01218EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/11/18 12:0 a.m.21 views

WordPress plugin Creative Mail 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Creative Mail 1.5.4 and earlier versions contain a cross-site request forgery vulnerability...

8.8CVSS6.6AI score0.00707EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.21 views

Apache MINA 代码问题漏洞

Apache MINA is the United States Apache Apache Foundation of a web application framework. The product is mainly used to develop high-performance and highly scalable web applications. Apache MINA 2.9.1 and earlier versions suffer from a deserialization vulnerability that stems from the use of Java...

9.8CVSS6.9AI score0.03571EPSS
Exploits1References20
CNNVD
CNNVD
added 2022/11/07 12:0 a.m.21 views

JGraph draw.io 跨站脚本漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application for JGraph. A security vulnerability exists in JGraph draw.io versions prior to 20.5.2. An attacker could exploit this vulnerability to perform cross-site scripting attacks...

6.5CVSS6.2AI score0.00624EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/10/26 12:0 a.m.21 views

Metabase 输入验证错误漏洞

Metabase is an open source data analytics platform from the US-based Metabase, Inc. A security vulnerability exists in Metabase that stems from a custom GeoJSON map URL address that will follow a redirect to an address that is otherwise not allowed, such as a link to a local or private network...

6.5CVSS6.5AI score0.00556EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/20 12:0 a.m.21 views

Synology DiskStation Manager 竞争条件问题漏洞

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology, a Chinese company. The operating system manages information such as data, files, photos, music, etc. The Synology DiskStation Manager DSM has a competitive condition. A competing conditio...

10CVSS8.3AI score0.00984EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/20 12:0 a.m.21 views

Abode Iota 格式化字符串错误漏洞

Abode Iota is a reliable Diy home security system from Abode. A formatting string error vulnerability exists in Abode Iota versions 6.9X and 6.9Z, which stems from the fact that an attacker can send an authenticated, malicious HTTP request to its web interface/action/wirelessConnect functionality...

8.8CVSS7.8AI score0.01241EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/10/12 12:0 a.m.21 views

Human Resource Management System 安全漏洞

Human Resource Management System is a human resource management system by maverickosama Personal Developer. A security vulnerability exists in Human Resource Management System, which originates from an unknown function in employeeview.php in the Image File Handler, and can be exploited by an...

9.8CVSS8.4AI score0.00405EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/10 12:0 a.m.21 views

Trend Micro Apex One 缓冲区错误漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro, Inc. An out-of-bounds access vulnerability exists in the 2019 on-prem, SaaS version of Trend Micro Apex One, which could be exploited by an attacker to create specially crafted messages to cause memory corruption in a...

7CVSS6.5AI score0.00652EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/06 12:0 a.m.21 views

编号撤回

This CVE number has been withdrawn...

8AI score
Exploits1
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.21 views

Open vSwitch 缓冲区错误漏洞

Open vSwitch is an open source virtual switch. A buffer error vulnerability exists in Open vSwitch versions v0.90.0 through v2.5.0, which stems from a heap buffer over-read in flow.c. An unsafe comparison of the minimasks function may result in access to unmapped memory regions, which can be...

6.1CVSS8.4AI score0.00551EPSS
Exploits0References12
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.21 views

Rocket.Chat 授权问题漏洞

Rocket.Chat is an open source team chat software. A security vulnerability exists in Rocket.Chat Mobile App versions prior to 4.14.1.22788, which stems from incorrect authentication and can be exploited by an attacker to bypass local authentication...

6.8CVSS6.7AI score0.00569EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/09/22 12:0 a.m.21 views

WhatsApp 输入验证错误漏洞

WhatsApp is a suite of mobile applications from the American company WhatsApp that use the Internet to send text messages. The application uses the contact information in a smartphone to find contacts using the software to transmit text, images, etc. WhatsApp suffers from a security vulnerability...

9.8CVSS9.2AI score0.01961EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/09/14 12:0 a.m.21 views

Cargo 路径遍历漏洞

Cargo is a Rust package manager open-sourced by The Rust Programming Language. A path traversal vulnerability exists in versions of Cargo prior to 0.65.0, which stems from extracting a malicious crate that could corrupt arbitrary files...

8.1CVSS7.7AI score0.01004EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.21 views

WordPress plugin Beaver Builder – WordPress Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Beaver Builder - A...

6.4CVSS5.7AI score0.00457EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/05 12:0 a.m.21 views

Apache IoTDB 授权问题漏洞

Apache IoTDB is an integrated data management engine designed for time-series data from the Apache Foundation that provides data collection, storage, and analysis services, etc. An authorization issue vulnerability exists in Apache IoTDB version 0.13.0, which stems from vulnerability to session i...

8.8CVSS7AI score0.01089EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/29 12:0 a.m.21 views

WordPress plugin Mailchimp for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

4.3CVSS7.2AI score0.00585EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/08/11 12:0 a.m.21 views

Simple Online Book Store System 跨站脚本漏洞

Simple Online Book Store System is a simple online bookstore system by Carlo Montero, an individual developer. Simple Online Book Store System suffers from a cross-site scripting vulnerability, which stems from an unknown function in its /admin/edit.php component that operates on the parameter ei...

6.1CVSS5.8AI score0.00384EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/09 12:0 a.m.21 views

Microsoft Visual Studio 安全漏洞

Microsoft Visual Studio is a family of development tool suites from Microsoft Corporation USA and a largely complete development toolset that includes most of the tools needed throughout the software lifecycle. A security vulnerability exists in Microsoft Visual Studio. The following products and...

8.8CVSS8.3AI score0.01779EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/09 12:0 a.m.21 views

Microsoft Visual Studio 代码注入漏洞

Microsoft Visual Studio is a family of development tool suites and a fundamentally complete set of development tools from Microsoft Corporation USA that includes most of the tools needed throughout the software life cycle. A code injection vulnerability exists in Microsoft Visual Studio. The...

8.8CVSS8.4AI score0.0168EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/06 12:0 a.m.21 views

WordPress Plugin Google Authenticator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

7.5CVSS6.8AI score0.00543EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/02 12:0 a.m.21 views

Mealie 跨站脚本漏洞

Mealie is a self-hosted recipe manager and meal planner by an individual developer in Hayden, USA. A cross-site scripting vulnerability exists in Mealie version 1.0.0beta3. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected...

5.4CVSS6.5AI score0.00714EPSS
Exploits3References6
CNNVD
CNNVD
added 2022/07/22 12:0 a.m.21 views

QPDF 缓冲区错误漏洞

QPDF is a software application. A C++ library and a set of programs that examine and manipulate the structure of PDF files. A security vulnerability exists in QPDF version v8.4.2, which stems from the discovery of a heap buffer overflow vulnerability via the function QPDF::processXRefStream...

6.5CVSS6.1AI score0.0068EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/07/21 12:0 a.m.21 views

Drupal 访问控制错误漏洞

Drupal is an open source content management system developed in PHP by the Drupal community. An Access Control Error vulnerability exists in Drupal versions prior to 9.3.19 and prior to 9.4.3 that stems from improperly restricted access. A remote attacker could use this vulnerability to alter dat...

6.5CVSS6.6AI score0.0059EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.21 views

Advantech iView SQL注入漏洞

Advantech Iview, a software based on Simple Network Protocol SNMP for managing B B SmartWorx devices from Advantech, China, is vulnerable to a SQL injection vulnerability in Advantech iView, which stems from a special element used in SQL commands that is not neutralized. An unauthorized attacker...

8.8CVSS5.9AI score0.09002EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/23 12:0 a.m.21 views

OFFIS DCMTK 代码问题漏洞

OFFIS DCMTK is a collection of libraries and applications from OFFIS Germany that implement most of the DICOM standards. Software for inspecting, building and converting DICOM image files, processing offline media, sending and receiving images over a network connection, and demonstrating image...

7.5CVSS6.8AI score0.00711EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/22 12:0 a.m.21 views

Jenkins Plugin Embeddable Build Status 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Embeddable Build Status Plugin ha...

6.1CVSS5.9AI score0.00911EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/15 12:0 a.m.21 views

Citrix Application Delivery Management 安全漏洞

Citrix Application Delivery Management ADM is an application delivery management system from Citrix. The system provides centralized network and application management functions. A security vulnerability exists in Citrix Application Delivery Management that originates from allowing an...

8.1CVSS8.1AI score0.12325EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/05/21 12:0 a.m.21 views

radare2 缓冲区错误漏洞

radare2 is a set of libraries and tools for working with binary files. A security vulnerability exists in radare2 versions prior to 5.7.0 that originates from uninitialized pointer access...

7.8CVSS7.5AI score0.00855EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/05/19 12:0 a.m.21 views

Cisco Common Services Platform Collector 跨站脚本漏洞

Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...

6.1CVSS6.4AI score0.00685EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/05/12 12:0 a.m.21 views

EventSource 信息泄露漏洞

EventSource is a pure JavaScript implementation of the EventSource client. An information disclosure vulnerability exists in versions of EventSource prior to 2.0.2, which originates from exposing sensitive information to an unauthorized Actor...

9.3CVSS7.5AI score0.01799EPSS
Exploits1References17
CNNVD
CNNVD
added 2022/05/10 12:0 a.m.21 views

Microsoft Office 安全特征问题漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and others. A security feature issue vulnerability exists in Microsoft Office. The following products an...

5.5CVSS6.8AI score0.02708EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/05/03 12:0 a.m.21 views

Fortinet FortiIsolator 安全漏洞

Fortinet FortiIsolator is a Fortinet USA application that provides remote security isolation capabilities for browsers. The application adds additional advanced threat protection capabilities to the Fortinet Security Fabric and protects business-critical data from sophisticated threats on the Web...

8.8CVSS8AI score0.00565EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/14 12:0 a.m.21 views

Red Lion DA50N 安全漏洞

Red Lion DA50N is a series of secure edge network gateways from Red Lion, U.S.A. A security vulnerability exists in the Red Lion DA50N that could be exploited by an attacker to gain access to stored credentials and thereby gain access to protected resources...

6.5CVSS6.6AI score0.00535EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/04/14 12:0 a.m.21 views

Red Lion DA50N 数据伪造问题漏洞

The Red Lion DA50N is a series of secure edge network gateways from Red Lion, U.S.A. The Red Lion DA50N is vulnerable to a data forgery issue that stems from the possibility that an authorized user could install a maliciously modified package file when updating the device via the Web UI, and that...

8.4CVSS7.3AI score0.00319EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/04/03 12:0 a.m.21 views

jc21 Nginx Proxy Manager 跨站脚本漏洞

jc21 Nginx Proxy Manager is a graphical user interface for managing Nginx servers. jc21 Nginx Proxy Manager versions prior to 2.9.17 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could...

6.8CVSS5.6AI score0.71209EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/03/16 12:0 a.m.21 views

pgAdmin 代码问题漏洞

pgAdmin is an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin 4 versions prior to 6.7, which stems from the software's inability to validate the path of a file uploaded by a user, resulting in a path traversal...

6.5CVSS6.3AI score0.00931EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.21 views

FreeTAKServer 访问控制错误漏洞

FreeTAKServer is an open source lightweight server from the FreeTAKTeam team. It is used to connect to TAK clients. FreeTAKServer suffers from an access control error vulnerability, which stems from the fact that Endpoint/ManageRoute/postRoute can be accessed without authentication, and can be...

7.5CVSS5.7AI score0.01019EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.21 views

Yokogawa Exaopc 权限许可和访问控制问题漏洞

Yokogawa Electric is a server of Yokogawa Electric Yokogawa, a Japanese company. A security vulnerability exists in Yokogawa Electric. The vulnerability stems from the "Long-term Data Archive Package" service creating named pipes with incorrect ACL configurations. The following products and...

7.8CVSS7.3AI score0.00202EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.21 views

phpMyAdmin 信息泄露漏洞

phpMyAdmin is a free, web-based MySQL database management tool from the Phpmyadmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin 5.1.1 and prio...

7.5CVSS7.4AI score0.01276EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/02/20 12:0 a.m.22 views

Openmct 跨站脚本漏洞

Nasa Openmct is an open source open mission control technology from NASA, Inc. It is used to visualize data on desktop and mobile devices. A cross-site scripting vulnerability exists in Openmct up to version 1.7.7, which stems from the software's lack of effective filtering and escaping of...

6.1CVSS5.9AI score0.00615EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/02/18 12:0 a.m.21 views

Sourceforge mbsync 缓冲区错误漏洞

Sourceforge mbsync is an application from the Sourceforge community in the United States. It provides synchronization of remote IMAP mailboxes with local maildir-style mailboxes. Sourceforge mbsync suffers from a buffer error vulnerability that stems from the fact that due to insufficient handlin...

9.8CVSS8.9AI score0.03459EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/02/17 12:0 a.m.21 views

Snapd 输入验证错误漏洞

Snapd is an open source, cross-platform package management tool. snapd is vulnerable to an input validation error that could be exploited to allow snap to escape strict snap restrictions by injecting arbitrary AppArmor policy rules through misformatted content interfaces and layout statements...

8.2CVSS5.7AI score0.00437EPSS
Exploits1References13
Total number of security vulnerabilities5000