Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2023/10/20 12:0 a.m.19 views

VMware Fusion Security Vulnerability

VMware Fusion is a suite of virtual machine software from VMware, Inc. designed to run Windows applications on Macs. A security vulnerability exists in VMware Fusion versions 13.x through 13.5 and earlier, which stems from a local elevation of privilege vulnerability...

7CVSS6.8AI score0.00128EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.19 views

WordPress Plugin ldap-login-for-intranet-sites Access Control Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control error...

6.5CVSS7AI score0.00721EPSS
Exploits2References5
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.19 views

WordPress Plugin ldap-ad-staff-employee-directory-search Access Control Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An access control error vulnerabili...

6.5CVSS7AI score0.00721EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/09/20 12:0 a.m.19 views

AMD DXE Driver Security Vulnerability

AMD DXE driver is a driver from UltraMicroelectronics AMD. A security vulnerability exists in AMD DXE Driver, which stems from improper initialization of variables in the driver, and could allow a privileged user to disclose sensitive information via local access...

5.5CVSS6AI score0.00171EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/19 12:0 a.m.19 views

NVIDIA DGX Buffer Error Vulnerability

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A buffer error vulnerability exists in the NVIDIA DGX H100 BMC. An attacker could exploit this vulnerability to cause arbitrary kernel code execution, denial of service, privilege escalation, information...

7.8CVSS7.2AI score0.00188EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/18 12:0 a.m.19 views

SQLpage Information Disclosure Vulnerability

SQLpage is an SQL-only web application builder. It is designed to help data scientists, analysts, and business intelligence teams quickly build powerful data-centric applications without having to worry about any traditional Web programming languages and concepts. An information disclosure...

10CVSS6.1AI score0.00602EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/09/12 12:0 a.m.19 views

Microsoft Excel 安全漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel, which can be exploited by attackers to obtain sensitive information...

7.8CVSS6AI score0.01487EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/09/12 12:0 a.m.19 views

Microsoft Windows GDI Security Vulnerability

Microsoft Windows GDI+ is a graphical device interface for the Windows operating system from Microsoft USA. The software is part of the .NET Framework and is responsible for drawing graphical images and displaying information on screens and printers. A security vulnerability exists in Microsoft...

7.8CVSS6.4AI score0.01229EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/09/12 12:0 a.m.19 views

SAP PowerDesigner 代码注入漏洞

SAP PowerDesigner is a database design software from SAP Germany. A code injection vulnerability exists in SAP PowerDesigner version 16.7 that originates from allowing an unauthenticated attacker to inject VBScript code into a document. An attacker could exploit this vulnerability to cause...

6.3CVSS8AI score0.00646EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/09/11 12:0 a.m.19 views

Foxconn FOX LiveUpdate Utility Security Vulnerability

Foxconn FOX LiveUpdate Utility is a series of motherboard utilities from Foxconn China. A security vulnerability exists in Foxconn FOX LiveUpdate Utility version 2.1.6.26, which stems from a security issue discovered in the MmMapIoSpace routine that allows a local attacker to elevate privileges...

7.8CVSS6.5AI score0.00381EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/09/05 12:0 a.m.19 views

SaltStack Salt Security Vulnerabilities

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to 3005.2 or 3006.2, which stems from the Git provider progra...

7.8CVSS6.6AI score0.00286EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/01 12:0 a.m.19 views

vm-memory buffer error vulnerability

vm-memory is a software package that enables access to virtual machine memory. A buffer error vulnerability exists in versions of vm-memory prior to 0.12.2, which stems from the presence of out-of-bounds memory access...

4.7CVSS6.9AI score0.00237EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/08/22 12:0 a.m.19 views

GNU Binutils 安全漏洞

GNU Binutils is a set of open source tools for working with binaries such as target files, executables, libraries, etc., mainly used in the areas of compilation, debugging, reverse engineering and so on. A denial of service vulnerability exists in GNU Binutils. An attacker can exploit this...

8.8CVSS7.4AI score0.00664EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/08/17 12:0 a.m.19 views

WordPress plugin Extensions for Leaflet Map 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

7.1CVSS6.9AI score0.00379EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.19 views

WordPress Plugin Forminator – Contact Form, Payment Form & Custom Form Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

5.4CVSS5AI score0.0043EPSS
Exploits1References10
CNNVD
CNNVD
added 2023/06/29 12:0 a.m.19 views

D-Link DIR-823G 安全漏洞

The D-Link DIR-823G is a home dual-band Gigabit wireless router with second-generation 802.11ac Wi-Fi5 technology designed for medium- to high-speed broadband networks. The D-Link DIR-823G suffers from a buffer overflow vulnerability that stems from a buffer overflow vulnerability in the URL fiel...

9.8CVSS8.1AI score0.01304EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/27 12:0 a.m.19 views

Apache Airflow 参数注入漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. A remote code execution vulnerability exists in Apache Airflow ODBC Provider, which can be exploited by an attacker to cause command execution...

7.8CVSS8.3AI score0.0075EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.19 views

WordPress Plugin PI Websolution Conditional cart fee 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.19 views

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. An elevation of privilege vulnerability exists in Trend Micro Apex One, which can be exploited by a local attacker to elevate privileges and write arbitrary values to specific entries...

7.8CVSS7AI score0.00234EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/08 12:0 a.m.19 views

tgstation-server 信息泄露漏洞

tgstation-server is a toolset for managing production BYOND servers. An information disclosure vulnerability exists in TGstation versions prior to 5.12.5, which originates from a username that can be discovered by forcing a login to the endpoint with an invalid password...

5.8CVSS5.7AI score0.0046EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/06 12:0 a.m.19 views

WordPress plugin WP User Switch 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS8.4AI score0.01357EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/05/25 12:0 a.m.19 views

WordPress plugin BadgeOS 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS8.1AI score0.00246EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/20 12:0 a.m.19 views

Dental Clinic Appointment Reservation System 跨站脚本漏洞

Dental Clinic Appointment Reservation System is a Dental Clinic Appointment Reservation System by jkev Personal Developer. A cross-site scripting vulnerability exists in SourceCodester Dental Clinic Appointment Reservation System version 1.0 due to an unknown function in the file /admin/service.p...

6.1CVSS4.1AI score0.0057EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/05/18 12:0 a.m.19 views

WordPress plugin Auto Prune Posts 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS8.1AI score0.00265EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.19 views

WordPress plugin Mega Addons For WPBakery Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS6.5AI score0.00444EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.19 views

OpenSearch 安全漏洞

OpenSearch Project is OpenSearch Project open source a community-driven, Apache 2.0 licensed open source search and analytics suite. Making it easy to access, search, visualize and analyze data. A security vulnerability exists in OpenSearch versions 1.3.10 and 2.7.0 that stems from a problem with...

5.9CVSS5.8AI score0.0046EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/04 12:0 a.m.19 views

Weaver E-Office 代码问题漏洞

Weaver E-Office is a collaborative office system from China's Panmicro Technology Weaver. A code issue vulnerability exists in Weaver E-Office version 9.5, which stems from the presence of an unknown function in App/Ajax/ajax.php?action=mobileuploadsave, which leads to unrestricted uploads via th...

9.8CVSS7.5AI score0.32895EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/05/03 12:0 a.m.19 views

WordPress plugin WP BaiDu Submit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/03 12:0 a.m.19 views

WordPress plugin vSlider Multi Image Slider for WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/27 12:0 a.m.19 views

Rails 安全漏洞

Rails is a set of open source web application frameworks based on the Ruby language by the American Rails team. A security vulnerability exists in versions prior to Rails v6.1.7.3, which stems from insufficient cleansing of user-supplied data, that could allow a remote attacker to trick a victim...

5.3CVSS6.6AI score0.00923EPSS
Exploits0References11
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.19 views

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ Cross-Site Scripting Vulnerability. No information about this vulnerability is available at this time, so stay tuned to CNNVD or vendor...

7.2CVSS6AI score0.00552EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.19 views

WordPress Plugin WPCode Lite 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

6.5CVSS7.2AI score0.00307EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/04/15 12:0 a.m.20 views

SourceCodester Employee and Visitor Gate Pass Logging System SQL注入漏洞

Employee and Visitor Gate Pass Logging System is an employee and visitor pass logging system by Carlo Montero, an individual developer. SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 suffers from a SQL injection vulnerability that stems from a problem in the file...

8.8CVSS7.1AI score0.00729EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/04/12 12:0 a.m.19 views

Jenkins Plugin Image Tag Parameter 信任管理问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.5AI score0.00458EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.19 views

Fortinet FortiPresence 访问控制错误漏洞

Fortinet FortiPresence is a comprehensive data analytics solution from Fortinet, Inc. Fortinet FortiPresence suffers from an authentication error vulnerability that stems from a lack of authentication for critical functions, which can be exploited by an attacker to gain access to Redis and MongoD...

9.8CVSS7.2AI score0.01275EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.19 views

HGiga MailSherlock 操作系统命令注入漏洞

Hgiga MailSherlock is an enterprise email auditing system from China Henderson Technology Hgiga. HGiga MailSherlock version 4.5 suffers from an operating system command injection vulnerability, which originates from an insufficient filtering of user input by the query function. An attacker could...

7.2CVSS7.4AI score0.00928EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.19 views

WordPress plugin HT Portfolio 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

4.3CVSS6.2AI score0.00281EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.19 views

Uniview IP Camera 授权问题漏洞

Uniview IP Camera is a camera from China Uniview Technology Uniview. A security vulnerability exists in the Uniview IP Camera that stems from a failure of identification and authentication in the web-based management interface...

9.8CVSS8.4AI score0.01172EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/08 12:0 a.m.20 views

kylinos kylin-system-updater 操作系统命令注入漏洞

kylinos kylin-system-updater is an operating system component from China Kylin Software kylinos. An operating system command injection vulnerability exists in kylin-system-updater version 1.4.20kord and earlier versions. An attacker could exploit this vulnerability to conduct a command injection...

7.8CVSS7.5AI score0.01805EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/03/05 12:0 a.m.19 views

wallabag 授权问题漏洞

wallabag is a web application that allows you to save web pages for later reading. An authorization issue vulnerability exists in versions prior to wallabag 2.5.4 that stems from improper authorization management...

7.3CVSS6.5AI score0.00498EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/03 12:0 a.m.19 views

Directus 代码问题漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A code issue vulnerability exists in Directus versions prior to 9.23.0 that stems from the presence of a server-side request forgery SSRF vulnerability, which can be exploited by an attacker to acces...

7.5CVSS7.6AI score0.0096EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/03/02 12:0 a.m.19 views

XWiki Platform 访问控制错误漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. An access control error vulnerability exists in XWiki Platform that originates from the possibility of exploiting the privileges of existing document content authors to execute...

9.9CVSS8AI score0.00787EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/02/17 12:0 a.m.19 views

Real Time Logic FuguHub 代码注入漏洞

Real Time Logic FuguHub is a consumer product from Real Time Logic developed using the Barracuda Application Server SDK. A security vulnerability exists in Real Time Logic FuguHub v8.1 and prior versions that stems from an operational Remote Code Execution RCE vulnerability...

8.8CVSS8AI score0.53239EPSS
Exploits9References4
CNNVD
CNNVD
added 2023/02/12 12:0 a.m.19 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system. phpMyFAQ versions prior to 3.1.11 contain a security vulnerability that stems from an uncaught exception. No detailed vulnerability details are currently available...

8.8CVSS6.7AI score0.00714EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/02/09 12:0 a.m.19 views

Yugabyte YugabyteDB Managed 安全漏洞

YugabyteDB Managed is Yugabyte's fully managed YugabyteDB-as-a-Service, eliminating the operational overhead of managing a database. A security vulnerability exists in Yugabyte YugabyteDB Managed. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the...

9.8CVSS8.3AI score0.00776EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/07 12:0 a.m.19 views

WordPress plugin Interactive Geo Maps 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

6.4CVSS6.4AI score0.00521EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/06 12:0 a.m.19 views

WordPress plugin Stream 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS6.5AI score0.0091EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.19 views

Dompdf 安全漏洞

Dompdf is a HTML to PDF converter. A security vulnerability exists in Dompdf version 2.0.1. An attacker exploiting the vulnerability can use any protocol to call any URL...

10CVSS8.4AI score0.03572EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.19 views

多款WordPress theme 代码问题漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. Multiple WordPress themes suffer from a code issue vulnerability that stems from the fact that several themes...

9.8CVSS8.6AI score0.02084EPSS
Exploits12References3
CNNVD
CNNVD
added 2023/01/20 12:0 a.m.19 views

rubygem-activerecord 安全漏洞

rubygem-activerecord is an application of rubygems open source. A security vulnerability exists in rubygem-activerecord that stems from the presence of a denial of service...

7.5CVSS7.2AI score0.01265EPSS
Exploits1References6
Total number of security vulnerabilities5000