Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2023/10/09 12:0 a.m.20 views

Lenovo Notebook Security Breach

Lenovo Notebook is a laptop computer from Lenovo, a Chinese company. The Lenovo Notebook suffers from a security vulnerability that originates from allowing an attacker to modify the secure boot settings by modifying the NVRAM variable...

7.8CVSS6.8AI score0.00206EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.20 views

WordPress Plugin ldap-ad-staff-employee-directory-search Access Control Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An access control error vulnerabili...

6.5CVSS7AI score0.00721EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.20 views

WordPress Plugin ldap-login-for-intranet-sites Access Control Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control error...

6.5CVSS7AI score0.00721EPSS
Exploits2References5
CNNVD
CNNVD
added 2023/09/25 12:0 a.m.20 views

WordPress plugin FileOrganizer Access Control Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An Access Control Error vulnerability exist...

7.2CVSS6.9AI score0.0079EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/09/20 12:0 a.m.20 views

AMD DXE Driver Security Vulnerability

AMD DXE driver is a driver from UltraMicroelectronics AMD. A security vulnerability exists in AMD DXE Driver, which stems from improper initialization of variables in the driver, and could allow a privileged user to disclose sensitive information via local access...

5.5CVSS6AI score0.00171EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/19 12:0 a.m.20 views

NVIDIA DGX Buffer Error Vulnerability

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A buffer error vulnerability exists in the NVIDIA DGX H100 BMC. An attacker could exploit this vulnerability to cause arbitrary kernel code execution, denial of service, privilege escalation, information...

7.8CVSS7.2AI score0.00188EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/18 12:0 a.m.20 views

SQLpage Information Disclosure Vulnerability

SQLpage is an SQL-only web application builder. It is designed to help data scientists, analysts, and business intelligence teams quickly build powerful data-centric applications without having to worry about any traditional Web programming languages and concepts. An information disclosure...

10CVSS6.1AI score0.00602EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/09/05 12:0 a.m.20 views

SaltStack Salt Security Vulnerabilities

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to 3005.2 or 3006.2, which stems from the fact that after...

5.3CVSS6.8AI score0.01033EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/25 12:0 a.m.20 views

Keylime 安全漏洞

Keylime is an open source extensible trust system for Keylime that utilizes TPM technology. A security vulnerability exists in Keylime that stems from a vulnerability that could allow bypassing the Poll Response Protocol during agent registration...

6.5CVSS6.3AI score0.00463EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/08/22 12:0 a.m.20 views

Exiv2 缓冲区错误漏洞

Exiv2 is a suite of C++ libraries and command line applications for managing image metadata. It provides the ability to read and write image metadata in a variety of formats including EXIF, IPTC and XMP. A buffer overflow vulnerability exists in Exiv2 version 0.27.1, which stems from a boundary...

7.8CVSS7.1AI score0.00697EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/08/18 12:0 a.m.20 views

Beijing Baichuo Smart S85F Management Platform 命令注入漏洞

Beijing Baichuo Smart S85F Management Platform is a management platform of Beijing Baichuo Company. Beijing Baichuo Smart S85F Management Platform suffers from a command injection vulnerability that originates in /log/decodmail.php and can lead to SQL injection...

9.8CVSS7.3AI score0.17766EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/08/18 12:0 a.m.20 views

ELECOM WRC-F1167ACF和WRC-1750GHBK 操作系统命令注入漏洞

The ELECOM WRC-F1167ACF and ELECOM WRC-1750GHBK are both wireless routers from ELECOM Japan. A security vulnerability exists in all versions of the ELECOM WRC-F1167ACF and WRC-1750GHBK that stems from the presence of an operating system command injection vulnerability. An attacker can exploit thi...

8.8CVSS8.3AI score0.01229EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/17 12:0 a.m.20 views

WordPress plugin Extensions for Leaflet Map 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

7.1CVSS6.9AI score0.00379EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/14 12:0 a.m.20 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android onCreate module has an authorization issue vulnerability that stems from a lack of permission checking in the onCreate module of ManagePermissionsActivity.java, with one possible way to bypass the Restore...

6.8CVSS6.7AI score0.00125EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/11 12:0 a.m.20 views

Intel Dynamic Tuning Technology Security Vulnerability

Intel Dynamic Tuning Technology is a U.S. Intel Intel company that enables smarter and more efficient performance management by dynamically tuning processor and system performance parameters. A security vulnerability exists in versions prior to Intel Dynamic Tuning Technology 8.7.10400.15482, whi...

7.8CVSS6.7AI score0.0015EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/10 12:0 a.m.20 views

Rails Security Vulnerabilities

Rails is an open source web application framework based on the Ruby language from the Rails team in the United States. A security vulnerability exists in Rails that stems from the redirectto method in Rails that allows values to be supplied that contain characters that are not legal in the HTTP...

4CVSS6.7AI score0.00332EPSS
Exploits2References6
CNNVD
CNNVD
added 2023/08/01 12:0 a.m.20 views

FreeBSD Security Vulnerabilities

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD versions 13.1 and 13.2, which stems from a buffer overflow vulnerability in the fwctl driver state machine. The vulnerability can be exploited to execute arbitrary code as root ...

8.8CVSS8AI score0.00218EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/31 12:0 a.m.20 views

HashiCorp Vault 安全漏洞

HashiCorp Vault is a private key access management tool from HashiCorp Inc. in the United States. A security vulnerability exists in HashiCorp Vault versions prior to 1.14.1, 1.13.5 and 1.13.5, which stems from the fact that HashiCorp's Vault and Vault Enterprise are vulnerable to a user...

5.3CVSS6.3AI score0.00613EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/07/26 12:0 a.m.20 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab DAST scanner versions prior to 3.0.29...

5CVSS5AI score0.00432EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/07/20 12:0 a.m.20 views

Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System 代码问题漏洞

Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System is a Mountain Flood Disaster Prevention Monitoring and Early Warning System from Suncreate. A code issue vulnerability exists in Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System...

8.8CVSS6.4AI score0.00759EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/07/20 12:0 a.m.20 views

RWS WorldServer 安全特征问题漏洞

RWS WorldServer is a flexible, enterprise-class translation management system from RWS UK. A security vulnerability exists in RWS WorldServer version 11.7.3 and earlier, which stems from the presence of a session token enumeration issue...

5.3CVSS5.7AI score0.03122EPSS
Exploits4References5
CNNVD
CNNVD
added 2023/07/13 12:0 a.m.20 views

vm2 代码注入漏洞

vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. A code injection vulnerability exists in vm2 3.9.19 and earlier versions, which stems from the ability to bypass handle...

10CVSS8.7AI score0.02342EPSS
Exploits4References11
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.20 views

Microsoft Raw Image Extension 安全漏洞

Microsoft Raw Image Extension is a software application from Microsoft. It enables you to view thumbnails and metadata for supported raw file formats directly in Windows File Explorer or view images in the Photos application. A security vulnerability exists in Microsoft Raw Image Extension. An...

7.8CVSS7.9AI score0.0075EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/13 12:0 a.m.20 views

Microsoft PostScript Printer Driver 安全漏洞

Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft Corporation USA. A security vulnerability exists in Microsoft PostScript Printer Driver. An attacker could exploit the vulnerability to remotely execute code. The following products a...

7.8CVSS7.8AI score0.00497EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/13 12:0 a.m.20 views

Siemens CP-8031 MASTER MODULE 命令注入漏洞

The SICAM A8000 RTUs Remote Terminal Units series is a modular device family for remote control and automation applications in all areas of energy supply. A command injection vulnerability exists in the Siemens SICAM A8000 Devices CPCI85 Firmware, which can be exploited by an attacker to execute...

7.2CVSS8.4AI score0.47722EPSS
Exploits3References4
CNNVD
CNNVD
added 2023/06/08 12:0 a.m.20 views

tgstation-server 信息泄露漏洞

tgstation-server is a toolset for managing production BYOND servers. An information disclosure vulnerability exists in TGstation versions prior to 5.12.5, which originates from a username that can be discovered by forcing a login to the endpoint with an invalid password...

5.8CVSS5.7AI score0.0046EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.20 views

WordPress plugin Catalyst Connect Zoho CRM Client Portal 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS6.8AI score0.00458EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/06/05 12:0 a.m.20 views

KylinSoft kylin-software-properties 安全漏洞

KylinSoft kylin-software-properties is an application from KylinSoft China. A security vulnerability exists in KylinSoft kylin-software-properties prior to version 0.0.1-130, which stems from incorrect access control...

7.8CVSS6.2AI score0.00332EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/05/28 12:0 a.m.20 views

WordPress plugin Yoast Local SEO 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.5AI score0.0037EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/24 12:0 a.m.20 views

Mitsubishi Electric MELSEC iQ-F Series 安全漏洞

The Mitsubishi Electric MELSEC iQ-F series is a programmable logic controller from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric MELSEC iQ-F Series, which is caused by a denial of service in a CPU module that writes more data to a buffer than the maximum...

10CVSS8.4AI score0.0344EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/05/18 12:0 a.m.20 views

WordPress plugin Auto Prune Posts 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS8.1AI score0.00265EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.20 views

Weaver E-Office 代码问题漏洞

Weaver E-Office is a collaborative office system from China's Panavision Technologies Weaver. A code issue vulnerability exists in Weaver E-Office version 9.5, which stems from a problem with the file /inc/jquery/uploadify/uploadify.php, where manipulation of the parameter Filedata can result in...

9.8CVSS6.9AI score0.28478EPSS
Exploits3References4
CNNVD
CNNVD
added 2023/05/10 12:0 a.m.20 views

WordPress Plugin Booqable Rental 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS6.3AI score0.00369EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/09 12:0 a.m.20 views

Microsoft Visual Studio Code 安全漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A security vulnerability exists in Microsoft Visual Studio Code. An attacker exploits the vulnerability to perform spoofing attacks...

6.6CVSS7.3AI score0.00878EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/03 12:0 a.m.20 views

WordPress plugin WP BaiDu Submit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.20 views

Jellyfin 跨站脚本漏洞

Jellyfin is a freeware media system. It allows you to control the management and streaming of media. It is an alternative to the proprietary Emby and Plex, and can serve media from a dedicated server to end-user devices through multiple applications. Jellyfin suffers from a cross-site scripting...

9CVSS6.5AI score0.01281EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.20 views

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ Cross-Site Scripting Vulnerability. No information about this vulnerability is available at this time, so stay tuned to CNNVD or vendor...

7.2CVSS6AI score0.00552EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/15 12:0 a.m.20 views

XWiki Commons 跨站脚本漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. A cross-site scripting vulnerability exists in XWiki Commons, which stems from the fact that when the parameter content is set to true, the RSS macro bundled with XWiki contains the content of feed items without any...

9CVSS7.8AI score0.01393EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/04/15 12:0 a.m.21 views

SourceCodester Employee and Visitor Gate Pass Logging System SQL注入漏洞

Employee and Visitor Gate Pass Logging System is an employee and visitor pass logging system by Carlo Montero, an individual developer. SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 suffers from a SQL injection vulnerability that stems from a problem in the file...

8.8CVSS7.1AI score0.00729EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.20 views

Microsoft PostScript Printer Driver安全漏洞

Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft.Microsoft PCL6 Class Printer Driver is a printer driver from Microsoft. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft. A remote code execution...

8.8CVSS9.6AI score0.01634EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.20 views

Online Computer and Laptop Store SQL注入漏洞

Online Computer and Laptop Store is an online computer and laptop store. An SQL injection vulnerability exists in Online Computer and Laptop Store v1.0, which originates from the function deleteorder in /classes/master.php?f=deleteorder where the parameter id of deleteorder lacks validation for...

7.2CVSS7.1AI score0.00767EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/04/08 12:0 a.m.20 views

WordPress Plugin Broken Link Checker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS4.7AI score0.00559EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/04/05 12:0 a.m.20 views

WordPress plugin YourChannel 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

5.4CVSS6.2AI score0.00302EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/03/31 12:0 a.m.20 views

Generex UPS CS141 代码问题漏洞

The Generex UPS CS141 is a microcomputer from the German company Generex. A security vulnerability exists in the Generex UPS CS141 prior to version 2.06, which stems from a vulnerability that allows an attacker to upload a firmware file containing a webshell...

10CVSS8.4AI score0.0157EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/03/31 12:0 a.m.20 views

Mattermost 信息泄露漏洞

Mattermost is an open source collaboration platform from US-based Mattermost. Mattermost suffers from a message disclosure vulnerability that stems from allowing an attacker to disclose the contents of linked messages by requesting a preview of an existing message when creating a new message via ...

6.5CVSS5.8AI score0.00537EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/28 12:0 a.m.20 views

TP-LINK Tapo C310 信任管理问题漏洞

TP-LINK Tapo C310 is a security camera from China P&L TP-LINK. A security vulnerability exists in the TP-LINK Tapo C310 that stems from the presence of unauthorized video streaming access...

7.5CVSS7.2AI score0.04944EPSS
Exploits4References5
CNNVD
CNNVD
added 2023/03/23 12:0 a.m.20 views

WordPress Plugin WP-CommentNavi 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS5AI score0.00392EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.20 views

VISAM VBASE 代码问题漏洞

VISAM VBASE is a data acquisition and monitoring system from VISAM Germany. A code issue vulnerability exists in VISAM VBASE Automation Base prior to version 11.7.5, which stems from an improper restriction on XML external entity references, and can be exploited by an attacker to trick a user int...

5.5CVSS5.8AI score0.04148EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/17 12:0 a.m.20 views

GPAC 资源管理错误漏洞

GPAC is an open source multimedia framework. A resource management error vulnerability exists in GPAC version 2.3-DEV-rev35-gbbca86917-master, which stems from the presence of an unknown function in the file filters/loadtext.c, resulting in a buffer overflow...

7.8CVSS7.2AI score0.00404EPSS
Exploits1References7
CNNVD
CNNVD
added 2023/03/11 12:0 a.m.20 views

Covid-19 Directory On Vaccination System 跨站脚本漏洞

The Covid-19 Directory On Vaccination System is a COVID-19 information management system by an individual developer in Ndueso Okorie, Nigeria. The system will accurately store and retrieve information about COVID-19 vaccinations in order to control the spread of a pandemic. A cross-site scripting...

6.1CVSS4.2AI score0.00588EPSS
Exploits1References4
Total number of security vulnerabilities5000