Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2023/03/10 12:0 a.m.20 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from an out-of-bounds read vulnerability that stems from an out-of-bounds read problem in the parseleasestate method of the KSMBD implementation of the...

8.1CVSS6.4AI score0.01077EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/03/09 12:0 a.m.20 views

Froxlor 安全漏洞

Froxlor is a lightweight server management software from the Froxlor team. A security vulnerability exists in Froxlor versions prior to 2.0.13, which stems from the ability to log in with a password that is stored in the database as an MD5 hash, leading to type obfuscation in PHP, which can be...

9.8CVSS8.3AI score0.01073EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/02/27 12:0 a.m.20 views

Red Hat Directory Server 信任管理问题漏洞

Red Hat Directory Server is a commercial version of the Linux directory server from Red Hat. A security vulnerability exists in Red Hat Directory Server 11 and 12, which stems from an attempt by LDAP to decode the userPassword attribute instead of the userCertificate attribute when browsing for...

5.5CVSS5.5AI score0.00188EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/02/21 12:0 a.m.20 views

Nautobot 安全漏洞

Nautobot is a web automation platform by the individual developers of Nautobot. A security vulnerability exists in Nautobot versions prior to 1.5.7, which can be exploited by an attacker to conduct a potential remote code execution attack via maliciously crafted template code...

9.8CVSS9.1AI score0.01526EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/16 12:0 a.m.20 views

Fortinet FortiWeb 路径遍历漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A path traversal vulnerability exists in...

5.3CVSS5.1AI score0.00474EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.20 views

Dell EMC Unity 加密问题漏洞

Dell EMC Unity is a unified storage array product from Dell, a U.S. company. versions prior to Dell EMC Unity 5.2.0.0.5.173 have an encryption issue vulnerability that stems from the use of corrupted encryption algorithms, which can be exploited by a remote, unauthenticated attacker to obtain...

5.9CVSS6.7AI score0.00451EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.20 views

WordPress plugin Simple URLs 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

6.1CVSS5.9AI score0.01726EPSS
Exploits6References3
CNNVD
CNNVD
added 2023/02/07 12:0 a.m.20 views

WordPress plugin Interactive Geo Maps 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

6.4CVSS6.4AI score0.00521EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.20 views

VMware vRealize Log Insight 路径遍历漏洞

VMware vRealize Log Insight is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A security vulnerability exists in VMware vRealize Log Insight. An unauthenticated attacker could inject files into the operating system of an...

9.8CVSS9.2AI score0.87077EPSS
Exploits3References4
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.20 views

Jenkins Plugin Keycloak Authentication 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.5AI score0.01EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.20 views

WordPress plugin The WP Statistics SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

8.8CVSS8.1AI score0.35679EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/12/19 12:0 a.m.20 views

IBM Cognos Analytics 代码问题漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A server-side request forgery...

9.1CVSS6.5AI score0.00428EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/19 12:0 a.m.20 views

WordPress plugin Checkout for PayPal 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.5AI score0.00471EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/12/14 12:0 a.m.20 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.1AI score0.0048EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.20 views

TYPO3 授权问题漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. An authorization issue vulnerability exists in TYPO3 Core, which can be exploited by an attacker to bypass TYPO3 Core restrictions via Frontend Login in order to gain user privileges...

6.5CVSS6.4AI score0.00479EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/21 12:0 a.m.20 views

WordPress plugin Easy Digital Downloads 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...

9.8CVSS7.2AI score0.01218EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/11/18 12:0 a.m.20 views

Google TensorFlow 代码问题漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that stems from the lack of proper validation of user-supplied data by Bcast::ToShape, which can be exploited by an attacker to cau...

7.5CVSS7.1AI score0.00439EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/11/17 12:0 a.m.20 views

WordPress plugin wpForo Forum 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

9.9CVSS8.2AI score0.00868EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/15 12:0 a.m.20 views

Cisco Firepower Management Center 跨站脚本漏洞

Cisco Firepower Management Center FMC is a new generation of firewall management center software from the United States Cisco Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which could be exploited by a remote, authenticated attacker to conduct an XSS...

4.8CVSS5.5AI score0.00473EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/08 12:0 a.m.20 views

Microsoft SharePoint 安全漏洞

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code...

8.8CVSS8.2AI score0.01506EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/02 12:0 a.m.20 views

Splunk 代码注入漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

7.5CVSS6.6AI score0.00766EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/10/14 12:0 a.m.20 views

NSS 安全漏洞

NSS is an underlying cryptography library from the Mozilla Foundation. The library supports a variety of cryptographic algorithms, and the Firefox browser's TLS implementation is based on this library. A security vulnerability exists in NSS that stems from a crash without a user's credentials in...

7.5CVSS7.9AI score0.00696EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/10/12 12:0 a.m.20 views

Human Resource Management System 安全漏洞

Human Resource Management System is a human resource management system by maverickosama Personal Developer. A security vulnerability exists in Human Resource Management System, which originates from an unknown function in employeeview.php in the Image File Handler, and can be exploited by an...

9.8CVSS8.4AI score0.00405EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/03 12:0 a.m.20 views

Puppet 安全漏洞

Puppet is a set of client/server C/S architecture-based configuration management tools from Puppet Labs in the United States, which can be used to manage configuration files, users, cron tasks, packages, system services, etc. A command injection vulnerability exists in puppet puppetlabs-mysql...

8.8CVSS7.7AI score0.01574EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.20 views

WordPress plugin Awesome Filterable Portfolio 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS5.8AI score0.00558EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.20 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

4.3CVSS5.2AI score0.00466EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/15 12:0 a.m.20 views

Kubernetes 安全漏洞

Kubernetes K8s is an open source system from the Cloud Native Computing Foundation for automating the deployment, scaling, and management of containerized applications. A security vulnerability exists in Kubernetes. No information about this vulnerability is available at this time, so stay tuned ...

7.8CVSS6.4AI score0.00211EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/09/14 12:0 a.m.20 views

Cargo 资源管理错误漏洞

Cargo is a Rust package manager open-sourced by The Rust Programming Language. A resource management error vulnerability exists in versions of Cargo prior to 0.65.0, which stems from the extraction of a malicious crate that can fill the filesystem...

6.5CVSS6.4AI score0.00792EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/09/05 12:0 a.m.20 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS is vulnerable to an authorization issue stemming from improper privilege management in the HwChrService module, which could be exploited b...

7.5CVSS6.7AI score0.00503EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/01 12:0 a.m.20 views

Helm 资源管理错误漏洞

Helm is a Kubernetes package manager. Helm version 3.9.3 and earlier are vulnerable to a resource management error that stems from a fuzz test provided by CNCF that identifies input to a function in the strvals package that could cause an out-of-memory panic. No detailed vulnerability details are...

6.5CVSS6.7AI score0.00874EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/19 12:0 a.m.20 views

Tenda AC18 安全漏洞

Tenda AC18 is a router from Tenda China. A security vulnerability exists in Tenda AC18 version V15.03.05.05, which originates from a vulnerability that allows an attacker to achieve remote command execution...

9.8CVSS8.5AI score0.02789EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.20 views

HDF5 Group libhdf5缓冲区错误漏洞

HDF5 Group libhdf5 is a high performance data management and storage suite from HDF5 Group, Inc. A buffer error vulnerability exists in HDF5 Group libhdf5 version 1.10.4, which stems from a specially crafted GIF file that can lead to code execution, and can be exploited by an attacker to trigger...

7.8CVSS7.5AI score0.00589EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/08/15 12:0 a.m.20 views

WordPress plugin Duplicate Page and Post 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

4.8CVSS5AI score0.00493EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/08/10 12:0 a.m.20 views

Autodesk 3ds Max 安全漏洞

Autodesk 3ds Max is a full-featured, three-dimensional computer graphics software from the American company Autodesk. A security vulnerability exists in Autodesk 3ds Max versions 2022, 2021, and 2020, which stems from the presence of a stack-based buffer overflow that can lead to code execution...

7.8CVSS8AI score0.00345EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/03 12:0 a.m.20 views

F5 BIG-IP 输入验证错误漏洞

NGINX Ingress Controller is an application from F5 that works with NGINX and NGINX Plus and supports the standard ingress features - content-based routing and TLS / SSL offload. Ingress objects can be exploited by an attacker to obtain all available secret objects in the NGINX Ingress Controller...

6.5CVSS5.7AI score0.00607EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/30 12:0 a.m.20 views

Trend Micro VPN Proxy Pro 安全漏洞

Trend Micro VPN Proxy Pro is one of the best virtual private network services from Trend Micro. A security vulnerability exists in Trend Micro VPN Proxy Pro version 5.2.1026 and prior versions. A local attacker could exploit the vulnerability to gain elevation of privilege on affected systems...

7.8CVSS7.4AI score0.00273EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/07 12:0 a.m.20 views

BookWyrm 跨站脚本漏洞

BookWyrm is a social reading platform. A cross-site scripting vulnerability exists in BookWyrm versions prior to 0.4.1, which stems from not properly cleaning up the html presented to the user, and is exploited by an attacker to perform cross-site scripting attacks...

6.3CVSS5.9AI score0.0054EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/06 12:0 a.m.20 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability caused by a lack of The vulnerability is caused by a lack of permission checking in the getSubscriptionProperty of SubscriptionController.java. An...

5.5CVSS5.7AI score0.00098EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/01 12:0 a.m.20 views

jsrsasign 数据伪造问题漏洞

The jsrsasign package is an open source cryptographic library from the individual developer Kenji Urashima in Japan. A security vulnerability exists in jsrsasign versions prior to 10.5.25, which stems from a vulnerability to incorrect validation of cryptographic signatures when JWS or JWT...

9.8CVSS8.2AI score0.01096EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/06/29 12:0 a.m.20 views

TrueConf Server 跨站脚本漏洞

TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server contains a cross-site scripting vulnerability that could be exploited by remote attackers to perform basic cross-site scripting Reflected attacks...

5.4CVSS5.2AI score0.00577EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.20 views

Motorola Solutions ACE1000 数据伪造问题漏洞

The Motorola Solutions ACE1000 is a remote terminal unit from Motorola Solutions USA. A data forgery vulnerability exists in the Motorola Solutions ACE1000 version that originates from allowing custom applications to be installed via the STS software, the C Toolkit, or the ACE1000 Easy...

8.8CVSS8.6AI score0.00392EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/06/22 12:0 a.m.20 views

Directus 代码问题漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A code issue vulnerability exists in Directus versions v9.0.0-beta.2 through 9.6.0, which stems from a server-side request forgery SSRF vulnerability in the media upload feature. An attacker could us...

5CVSS6.3AI score0.00785EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/06/10 12:0 a.m.20 views

Dell SupportAssist Client 路径遍历漏洞

Dell SupportAssist Client is a client application from Dell USA. The program provides automated, proactive and predictive techniques for troubleshooting, etc. Dell SupportAssist Client Consumer and Dell SupportAssist Client Commercial are vulnerable to an arbitrary file deletion/overwrite...

7.1CVSS5.9AI score0.00241EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/09 12:0 a.m.20 views

Firejail 权限许可和访问控制问题漏洞

Firejail is a SUID sandbox program written in C. A security vulnerability exists in Firejail version 0.9.68, which can be exploited by an attacker to gain root privileges...

7.8CVSS7.2AI score0.00382EPSS
Exploits0References14
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.20 views

Illumina Local Run Manager 安全漏洞

Illumina Local Run Manager is an integrated solution from Illumina, Inc. Designed to create sequencing runs, monitor run status, analyze sequencing data, and view results, Illumina Local Run Manager contains an information disclosure vulnerability that could be exploited by remote attackers to...

7.4CVSS5.6AI score0.00292EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.20 views

GitLab 跨站脚本漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab Community Edition and GitLab...

7.7CVSS5.9AI score0.06334EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/05/24 12:0 a.m.20 views

Google Chrome 权限许可和访问控制问题漏洞

Google Chrome is a web browser from Google, Inc. A privilege permission and access control issue vulnerability exists in Google Chrome versions 70.0.3538.67 through 101.0.4951.67, which stems from insufficient policy enforcement in the file system API. A remote attacker could exploit the...

4.3CVSS7AI score0.00472EPSS
Exploits0References12
CNNVD
CNNVD
added 2022/05/16 12:0 a.m.20 views

WordPress plugin WP Subtitle 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in versions of WordPress prior to WP Subtitles plugin...

5.4CVSS5.4AI score0.0058EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/05/11 12:0 a.m.20 views

Progress Software WhatsUp Gold 信息泄露漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold versions 16.1 through...

5.3CVSS5.8AI score0.05132EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/05/10 12:0 a.m.20 views

Microsoft Visual Studio 输入验证错误漏洞

Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. A remote code execution vulnerability exists in Microsoft Visual Studio that originates when a...

7.8CVSS8.9AI score0.0266EPSS
Exploits0References6
Total number of security vulnerabilities5000