Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/03/10 12:0 a.m.20 views

SPIP 信息泄露漏洞

SPIP is a Web-based content distribution system used primarily for online collaboration. A security vulnerability exists in SPIP, which stems from a web-based system or product that does not properly restrict access to resources from unauthorized roles. An unauthenticated attacker could use this...

5.3CVSS5.6AI score0.01331EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/03/09 12:0 a.m.20 views

SAP Fiori 跨站脚本漏洞

SAP Fiori, a user experience UX design system for SAP applications from SAP, Germany, provides designers and developers with a set of tools and guidelines to quickly develop applications for any platform, delivering a consistent, innovative experience for creators and users. A cross-site scriptin...

6.1CVSS6.8AI score0.01383EPSS
Exploits2References8
CNNVD
CNNVD
added 2022/03/07 12:0 a.m.20 views

Autodesk AutoCAD 缓冲区错误漏洞

Autodesk AutoCAD is a suite of professional 3D drawing software from the American company Autodesk. A buffer error vulnerability exists in Autodesk AutoCAD DWF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the affected Autodesk AutoCAD. The...

7.8CVSS8AI score0.01463EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/03/03 12:0 a.m.20 views

Elastic Stack Kibana 安全漏洞

Elasticsearch Kibana is an open source, browser-based analysis and search Elasticsearch dashboard tool from the Dutch company Elasticsearch.Elasticsearch Kibana is vulnerable to an authorization issue that could be exploited by an attacker to create new alert rules or override existing rules...

4.3CVSS5.6AI score0.00544EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/03/02 12:0 a.m.20 views

Qt 路径遍历漏洞

Qt is a cross-platform C application development framework from the Norwegian company Qt. It is widely used for developing GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers.Qt versions prior to...

9.8CVSS8AI score0.02076EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/02/24 12:0 a.m.20 views

usbredirparser 资源管理错误漏洞

usbredirparser is checking header length deserialized data. A resource management error vulnerability exists in usbredirparser that stems from a use-after vulnerability found in usbredirparser serialize in usbredirparser usbredirparser.c in versions of usbredirparser prior to 0.11.0. This issue...

6.4CVSS6.5AI score0.00309EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/02/18 12:0 a.m.20 views

Dell Wyse Device Agent 信息泄露漏洞

Wyse Device Agent is a unified agent for all thin client management solutions from Dell, U.S.A. Wyse Device Agent is vulnerable to an information disclosure vulnerability due to excessive data exported by the application. An attacker could exploit the vulnerability to access potentially sensitive...

6CVSS5.6AI score0.00685EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/02/18 12:0 a.m.20 views

Gravitl Netmaker 安全漏洞

Gravitl Netmaker is a platform for creating and managing fast, secure and dynamic virtual overlay networks using WireGuard from Gravitl USA. for creating and controlling automated virtual networks. Gravitl Netmaker has a security vulnerability that stems from the use of hard-coded encryption keys...

10CVSS7.8AI score0.01714EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/02/17 12:0 a.m.20 views

Snapd 输入验证错误漏洞

Snapd is an open source, cross-platform package management tool. snapd is vulnerable to an input validation error that could be exploited to allow snap to escape strict snap restrictions by injecting arbitrary AppArmor policy rules through misformatted content interfaces and layout statements...

8.2CVSS5.7AI score0.00437EPSS
Exploits1References13
CNNVD
CNNVD
added 2022/02/16 12:0 a.m.20 views

Cisco Email Security Appliance 安全漏洞

The Cisco Email Security Appliance ESA is an email security appliance from Cisco, U.S.A. A resource management error vulnerability exists in the Cisco Email Security Appliance DNS Verification, which could be exploited by an attacker to cause the appliance to be inaccessible from the management...

7.5CVSS5.6AI score0.01833EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.20 views

Jenkins 插件 信息泄露漏洞

Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins HashiCorp Vault Plugin 3.8.0 and earlier versions are vulnerable to an information disclosure vulnerability that...

6.5CVSS5.7AI score0.00809EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/02/08 12:0 a.m.20 views

Microsoft SharePoint 代码问题漏洞

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft Corporation USA. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. remot...

8.8CVSS9AI score0.16825EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/12/08 12:0 a.m.20 views

Fortinet FortiOS 信任管理问题漏洞

Fortinet FortiOS is a security operating system from Fortinet, Inc. that is designed to be used on the FortiGate network security platform. A security vulnerability exists in Fortinet FortiOS, which stems from the use of hard-coded encryption keys that could allow an attacker to retrieve the keys...

7.5CVSS5.7AI score0.01042EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/12/01 12:0 a.m.20 views

D-Link DIR-809 缓冲区错误漏洞

A buffer error vulnerability exists in the D-Link DIR-809, a dual-band router from D-Link China. The vulnerability stems from the failure of the sub80046EB4 function in the product/formSetPortTr link to effectively determine data boundaries. An attacker could cause a buffer overflow resulting in ...

10CVSS6.5AI score0.03831EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/11/18 12:0 a.m.20 views

Hyperledger Fabric 代码问题漏洞

Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used to develop solutions and applications. A code issue vulnerability exists in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0, which can be exploited by an attacker by constructing a message with a payload of zero and...

7.5CVSS7.5AI score0.01293EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/11/18 12:0 a.m.20 views

Hitachi Energy Relion 访问控制错误漏洞

Hitachi Energy Relion is used by Hitachi Energy Switzerland to protect, control, measure, and monitor power systems. A security vulnerability exists in the internal database access mechanism of the Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600, which arises from the product'...

9CVSS7AI score0.01666EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.20 views

Microsoft Power BI Report Server 跨站脚本漏洞

Microsoft Power BI Report Server is a Microsoft server-side application for managing and sharing business analysis reports. A cross-site scripting vulnerability exists in Microsoft Power BI Report Server. The following products and versions are affected: Microsoft Power BI Report Server...

9.6CVSS7AI score0.0062EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/10/21 12:0 a.m.20 views

stb 安全漏洞

stb is a single-file public domain library for C/C. stbimage.h is one of the image loaders. stb stbimage.h contains a security vulnerability that stems from the HDR loader parsing truncated file-tailed RLE scan lines into an infinitely long zero-length sequence. An attacker could cause a denial o...

5.5CVSS5.5AI score0.01213EPSS
Exploits0References16
CNNVD
CNNVD
added 2021/09/30 12:0 a.m.20 views

Ecoa Bas controller 信任管理问题漏洞

ECOA BAS controller is a BAS controller developed by Ecoa Technologies Corp in Taiwan, China. ECOA BAS controller is vulnerable to hard-coded credentials, which can be exploited by attackers to directly log in and gain administrator control privileges...

10CVSS8.4AI score0.01989EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/09/09 12:0 a.m.20 views

SAMSUNG SMR 安全漏洞

SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. The patch program is provided for Samsung cell phone applications. SAMSUNG SMR has a security vulnerability that originates from an improperly designed or implemented code development process for a networked syst...

5.5CVSS5.8AI score0.00116EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/08/31 12:0 a.m.20 views

Git 处理逻辑错误漏洞

Git is a free, open source distributed version control system. Git suffers from a Processing Logic Error vulnerability that stems from the fact that gitconnectgit in connect.c in Git prior to version 2.30.1 allows repository paths to contain line breaks, which can lead to unexpected cross-protoco...

7.5CVSS7.9AI score0.03074EPSS
Exploits1References10
CNNVD
CNNVD
added 2021/08/30 12:0 a.m.20 views

ZEIT Next.js 跨站脚本漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. Next.js versions 10.0.0 to 11.0.0 have a cross-site scripting vulnerability that can be exploited by attackers to execute arbitrary js commands...

7.5CVSS8.4AI score0.01139EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/08/16 12:0 a.m.20 views

D-Link DSL-2750U 操作系统命令注入漏洞

The D-Link DSL-2750U is a wireless N 300 ADSL2 modem router. an OS command injection vulnerability exists in the D-Link DSL-2750U ME1.16 and earlier versions. An attacker could exploit this vulnerability in combination with other vulnerabilities to execute arbitrary OS commands...

7.8CVSS5.9AI score0.24563EPSS
Exploits2References4
CNNVD
CNNVD
added 2021/08/11 12:0 a.m.20 views

Cpanel 代码问题漏洞

Cpanel is a set of Web-based automated colocation platform from Cpanel, Inc. in the United States. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions prior to cPanel 98.0.1, which can be exploited to perform a...

7.2CVSS7.2AI score0.01033EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.20 views

Xfig fig2dev 缓冲区错误漏洞

fig2dev is used to convert .fig files to various graphics languages and formats. A stack buffer overflow vulnerability exists in the genptktext component of genptk.c in fig2dev version 3.2.7b. An attacker could exploit this vulnerability to cause a denial of service by converting xfig files to pt...

5.5CVSS6AI score0.01059EPSS
Exploits1References6
CNNVD
CNNVD
added 2021/08/08 12:0 a.m.20 views

Rust 命令注入漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a command injection vulnerability that can be exploited by attackers to cause data contention and memory corruption due to data contention...

8.1CVSS5.8AI score0.01311EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/07/21 12:0 a.m.20 views

Apple macOS 权限许可和访问控制问题漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. The macOS is vulnerable to a privilege permission and access control issue, which exists due to improperly imposed security restrictions within IOUSBHostFamily. A local...

5.5CVSS6.3AI score0.006EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/07/07 12:0 a.m.20 views

Joomla! CMS 输入验证错误漏洞

is a set of forum components used in the Joomla! content management system. Joomla! is vulnerable to an input validation error in versions 2.5.0 to 3.9.27, which can be exploited by attackers to cause corruption in the usergroups table...

7.5CVSS5.6AI score0.01439EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/07/06 12:0 a.m.20 views

Philips Vue PACS 安全漏洞

Philips Vue PACS is an image management solution from Philips Europe. A security vulnerability exists in Philips Vue PACS. The vulnerability allows an unauthorized person or process to eavesdrop, view or modify data, gain access to the system, execute code, install unauthorized software, or affec...

9.8CVSS8.7AI score0.00888EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/06/01 12:0 a.m.21 views

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A security vulnerability exists in the Smooth Scroll Page...

4.8CVSS5.6AI score0.00652EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/06/01 12:0 a.m.20 views

Apache Dubbo 代码问题漏洞

Apache Dubbo is the Apache Foundation's Java-based high-performance open source RPC framework. A deserialization vulnerability exists in Apache Dubbo versions prior to 2.7.8 and 2.6.9. An attacker can use this vulnerability to further exploit by tampering with byte leading flags and specifying a...

9.8CVSS5.8AI score0.17666EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/05/27 12:0 a.m.20 views

Tenancy multi-tenant 输入验证错误漏洞

Tenancy multi-tenant is an open source multi-domain controller. Tenancy multi-tenant suffers from an open redirection vulnerability that can be exploited by an attacker to redirect a user's site to any other site using a specially crafted URL...

6.1CVSS5.6AI score0.0102EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/05/24 12:0 a.m.20 views

Arm Mali GPU 资源管理错误漏洞

The ARM Arm Mali GPUs are a family of mobile display chipsets GPUs from the British company ARM. Like other 3D display chips based on IP cores embedded technology, the Mali display chipset does not provide a display controller similar to a graphics card specifically designed to drive an LCD monit...

9CVSS8.6AI score0.0302EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/05/11 12:0 a.m.20 views

Jenkins 跨站脚本漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

5.4CVSS5.5AI score0.72678EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/04/19 12:0 a.m.20 views

Fibaro Home Center 2 安全漏洞

FIBARO Home Center 2 is an application system of the Polish company FIBARO. A system integration system. A security vulnerability exists in Fibaro Home Center 2 that stems from the fact that communications between users and devices can be eavesdropped on to hijack sessions, tokens, and passwords...

8.1CVSS7.7AI score0.01421EPSS
Exploits3References4
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.20 views

Microsoft SharePoint 输入验证错误漏洞

SharePoint is a web-based collaboration platform that integrates with Microsoft Office.SharePoint Server is one of the versions of SharePoint that is installed on a customer's IT infrastructure and is designed to give an organization greater control over the behavior or design of...

6.5CVSS5.7AI score0.02395EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.20 views

Microsoft Windows 安全特征问题漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation. Microsoft Windows is vulnerable to a security feature issue. The following products and editions are affected: Windows 10 Version 1803 for 32-bit Systems,Windows 10 Version 180...

4.4CVSS5.1AI score0.02042EPSS
Exploits1References6
CNNVD
CNNVD
added 2021/03/26 12:0 a.m.20 views

Invigo Automatic Device Management 操作系统命令注入漏洞

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. An arbitrary OS command injection vulnerability exists in /admin/admapi.php in...

9CVSS6.2AI score0.02765EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/03/17 12:0 a.m.20 views

WordPress plugin Paid Memberships Pro SQL注入漏洞

WordPress plugin Paid Memberships Pro is an open source application plugin for WordPress. The plugin is designed for premium content sites, clubs/associations, subscription products, newsletters and more. Paid Memberships Pro versions prior to 2.5.6 suffers from a SQL injection vulnerability that...

8.8CVSS7.8AI score0.02044EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/03/16 12:0 a.m.20 views

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system. A cross-site scripting vulnerability exists in TYPO3 Form Framework, which can be exploited by attackers to inject malicious script or HTML code...

5.4CVSS5.2AI score0.00872EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/03/09 12:0 a.m.20 views

Microsoft Excel 安全漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite of Microsoft Corporation USA. A security vulnerability exists in Microsoft Excel. The following products and editions are affected:Microsoft Office 2019 for 32-bit editions,Microsoft Office 2019 for 64-bit editions,Microsoft...

7.8CVSS7.2AI score0.03571EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/01/20 12:0 a.m.20 views

OpenMage Code Issues Vulnerabilities

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A code issue vulnerability exists in OpenMage versions 19.4.10 and 20.0.6, which stems from the presence of a vulnerability that allows remote attackers to execute code...

8.7CVSS7.3AI score0.02057EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 had code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing issues in browser control, allowing authenticated users to bypass private network...

7.7CVSS5.4AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

CyberArk Idira Endpoint Privilege Manager 安全漏洞

CyberArk Idira Endpoint Privilege Manager is a terminal privilege management agent developed by the American company CyberArk. Versions of CyberArk Idira Endpoint Privilege Manager prior to version 26.5 contained security vulnerabilities, allowing local attackers to compromise the initialization ...

8.5CVSS5.3AI score0.00126EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability caused by improper implementations in the Views component. This vulnerability could allow remote attackers to execute a sandbox escape by exploiting a...

8.3CVSS5.5AI score0.00191EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in the DevTools component, which could allow remote attackers to bypass the same-origin polic...

6.5CVSS5.6AI score0.00158EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google. It primarily provides features for web browsing, extension support, and multi-platform synchronization. There is a resource management vulnerability in Google Chrome. This vulnerability stems from the Cast component’s failure to properly handle...

8.3CVSS5.9AI score0.00174EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

CyberArk Idira Privileged Session Manager 路径遍历漏洞

CyberArk Idira Privileged Session Manager is a privileged session management platform developed by the American company CyberArk. Versions of CyberArk Idira Privileged Session Manager prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5 contained a path traversal vulnerability. This vulnerability stemmed...

8.8CVSS5.9AI score0.00544EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a resource management vulnerability. This vulnerability stemmed from a problem with the Video component involving reusing resources after they were released. It could allow remote...

8.3CVSS5.5AI score0.00191EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.6 contained a security vulnerability. This vulnerability stemmed from a bypass of the approval policy in the Skill Workshop application process, allowing proxy tools to set appl...

6.5CVSS5.4AI score0.00194EPSS
Exploits0References1
Total number of security vulnerabilities5000