Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2023/01/17 12:0 a.m.19 views

ruby-git 代码注入漏洞

ruby-git is a Ruby library. It can be used to create, read, and manipulate Git repositories by wrapping system calls into git binaries. A security vulnerability exists in ruby-git v1.13.0 and earlier versions that could allow an authenticated, remote attacker to execute arbitrary ruby code by...

8CVSS7.3AI score0.01351EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/01/17 12:0 a.m.19 views

多款Panasonic产品跨站请求伪造漏洞

The Panasonic VCC-HD5600P, among others, is a surveillance camera from Panasonic Corporation Panasonic of Japan. A cross-site request forgery vulnerability exists in multiple Panasonic products, versions 1.02-05 and 2.03-0x, which stems from vulnerability to cross-site request forgery attacks. An...

8.8CVSS7.9AI score0.00332EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/01/03 12:0 a.m.19 views

Fortinet FortiPortal 跨站脚本漏洞

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. attacker could exploit the vulnerability to execute stored cross-site scripting by sending...

6.8CVSS6.2AI score0.00573EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.19 views

memos 访问控制错误漏洞

memos is an open source hosted memo center with knowledge management and social features. An access control error vulnerability exists in versions prior to memos 0.9.1, which can be exploited by an attacker to edit and delete all other user shortcuts...

8.2CVSS6.6AI score0.00571EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/21 12:0 a.m.19 views

studygolang 跨站脚本漏洞

studygolang is a Go language Chinese network studygolang open source . studygolang has a security vulnerability , the vulnerability stems from an unknown part of the file static/js/topics.js , the operation of the parameter contentHtml leads to cross-site scripting...

6.1CVSS5.7AI score0.00385EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/15 12:0 a.m.19 views

Beijing Zed-3 Technologies VoIP simpliclty 跨站脚本漏洞

Beijing Zed-3 Technologies VoIP simpliclty is a web portal of Beijing Zed-3 Technologies Beijing, China. A security vulnerability exists in VoIP simplilty ASG version 8.5.0.17807 20181130-16:12, which stems from the presence of cross-site scripting attacks XSS...

6.1CVSS5.9AI score0.00446EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.19 views

Microsoft Office Visio 安全漏洞

Microsoft Office is a suite of office software developed by Microsoft Corporation based on the Windows operating system. Microsoft Office Visio is vulnerable to remote code execution. An attacker could exploit the vulnerability to execute code on the target host...

7.8CVSS8.1AI score0.00822EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/21 12:0 a.m.19 views

WordPress plugin Easy Digital Downloads 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...

9.8CVSS7.2AI score0.01218EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/11/13 12:0 a.m.19 views

Mz Automation Libiec61850 路径遍历漏洞

Mz Automation Libiec61850 is an open source library for the IEC 61850 protocol from Mz Automation. A path traversal vulnerability exists in Mz Automation Libiec61850 version 1.4 and earlier, which stems from unknown code in the src/mms/isomms/client/mmsclientfiles.c file of the MMS File Services...

8.8CVSS7.3AI score0.00462EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/09 12:0 a.m.19 views

Intel Processors 安全漏洞

Intel Processors are American Intel Corporation's provide for interpreting computer instructions and processing data in computer software. A security vulnerability exists in Intel Processors, no information about this vulnerability is available at this time, please stay tuned to CNNVD or the...

7.9CVSS6.4AI score0.00131EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/11/08 12:0 a.m.19 views

Microsoft Word 安全漏洞

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. An information disclosure vulnerability exists in Microsoft Word, which can be exploited by attackers to obtain sensitive information...

5.5CVSS6AI score0.00874EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/01 12:0 a.m.19 views

Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime.Guest is an application product. Xen...

5.5CVSS5.8AI score0.00277EPSS
Exploits0References14
CNNVD
CNNVD
added 2022/10/13 12:0 a.m.19 views

Apache Kylin 操作系统命令注入漏洞

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. Kylin suffers from an operating system command...

9.8CVSS8.6AI score0.84777EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/07 12:0 a.m.19 views

VMware vCenter Server 代码问题漏洞

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...

9.1CVSS8.9AI score0.33064EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/10/05 12:0 a.m.19 views

Huawei HarmonyOS 缓冲区错误漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a microkernel-based distributed operating system. The Huawei HarmonyOS mptcp module is vulnerable to an out-of-bounds read vulnerability, which could be exploited to modify program information to enable root...

9.8CVSS6.5AI score0.00517EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/10/03 12:0 a.m.19 views

Nasm 缓冲区错误漏洞

Nasm is an open source programming tool software. A buffer overflow vulnerability exists in Nasm v2.16, which stems from the inclusion of a stack overflow in the Ndisasm component. No detailed vulnerability details are provided at this time...

5.5CVSS7.3AI score0.00297EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/09/26 12:0 a.m.19 views

Express XSS Sanitizer 安全漏洞

Express XSS Sanitizer is a personal development by AhmedAdelFahim to clean user input data in req.body, req.query, req.headers and req.params to prevent cross-site scripting XSS attacks. express XSS Sanitizer A prototype contamination vulnerability exists in versions prior to 1.1.3, which stems...

7.3CVSS5.5AI score0.00739EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/09/20 12:0 a.m.19 views

Apache InLong 代码问题漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A deserialization vulnerability exists in Apache InLong versions prior to 1.3.0, which arises from unsafe deserialization of...

8.8CVSS6.9AI score0.02143EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/12 12:0 a.m.19 views

Slims9 Bulian 跨站脚本漏洞

Slims9 Bulian is a free and open source software from the Indonesian Slims community. It is used for library resource management e.g. books, journals, digital files and other library materials and management. A security vulnerability exists in Slims9 Bulian version v9.4.2, which can be exploited ...

6.1CVSS6.7AI score0.00433EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/09/07 12:0 a.m.20 views

Flux2 资源管理错误漏洞

Flux2 is a tool from the Cloud Native Computing Foundation that keeps Kubernetes clusters synchronized with their configuration sources. A resource management error vulnerability exists in Flux2 versions prior to v0.0.17 through v0.32.0 and helm-controller versions prior to v0.0.4 through v0.23.0...

7.7CVSS7.4AI score0.01045EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/25 12:0 a.m.19 views

H3C B5 Mini 缓冲区错误漏洞

The H3C B5 Mini is a full gigabit wireless router from China's Xinhua San H3C. A security vulnerability exists in the H3C B5 Mini V100R005 version, which stems from a stack overflow issue in the EditBasicSSID method...

7.8CVSS5.6AI score0.00349EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/19 12:0 a.m.19 views

RIELLO UPS NetMan 代码问题漏洞

RIELLO UPS NetMan is a network adapter from RIELLO UPS, Italy. A code issue vulnerability exists in RIELLO UPS NetMan. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the manufacturer's bulletin...

10CVSS8.4AI score0.01178EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/15 12:0 a.m.19 views

OpenZeppelin 安全漏洞

OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts 4.1.0 and earlier versions, which stems from the function ECDSA.recover and vulnerability to a type of signature extensibility...

7.9CVSS6.9AI score0.00336EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/12 12:0 a.m.19 views

Automated Beer Parlour Billing System SQL注入漏洞

Automated Beer Parlour Billing System is an automated hotel beer billing system by the individual developer Senior Walter. A security vulnerability exists in Automated Beer Parlour Billing System. An attacker could exploit the vulnerability by manipulating the parameter username to cause an sql...

9.8CVSS8.3AI score0.00527EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/29 12:0 a.m.19 views

WordPress plugin Transposh WordPress Translation 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.5CVSS7.1AI score0.00891EPSS
Exploits5References3
CNNVD
CNNVD
added 2022/07/15 12:0 a.m.19 views

Adobe InDesign 缓冲区错误漏洞

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a buffer overflow vulnerability that stems from being affected by a heap-based buffer overflow vulnerability that could lead to the execution of arbitrary code in the...

7.8CVSS6.9AI score0.00495EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/11 12:0 a.m.19 views

Microweber 安全漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber versions prior to 1.2.20, which can be...

9.8CVSS7.6AI score0.0106EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/07/07 12:0 a.m.19 views

BookWyrm 跨站脚本漏洞

BookWyrm is a social reading platform. A cross-site scripting vulnerability exists in BookWyrm versions prior to 0.4.1, which stems from not properly cleaning up the html presented to the user, and is exploited by an attacker to perform cross-site scripting attacks...

6.3CVSS5.9AI score0.0054EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/06 12:0 a.m.19 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability caused by a lack of The vulnerability is caused by a lack of permission checking in the getSubscriptionProperty of SubscriptionController.java. An...

5.5CVSS5.7AI score0.00098EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/23 12:0 a.m.19 views

Diffy 安全漏洞

Diffy is a simple distinction in Ruby by Sam Goldstein, a personal developer. Diffy suffers from a security vulnerability that stems from the fact that the function that calls the diff utility in Diffy 3.4.1 does not properly handle double quotes in filenames when running in a Windows environment...

9.8CVSS8.6AI score0.01705EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/23 12:0 a.m.19 views

OFFIS DCMTK 路径遍历漏洞

OFFIS DCMTK is a collection of libraries and applications from OFFIS Germany that implement most of the DICOM standards. Software for inspecting, building and converting DICOM image files, processing offline media, sending and receiving images over a network connection, and demonstrating image...

9.8CVSS7.6AI score0.02913EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/17 12:0 a.m.19 views

BitTorrent uTorrent 缓冲区错误漏洞

BitTorrent uTorrent is a suite of BitTorrent client software written in C++ by BitTorrent Inc. in the United States. A security vulnerability exists in BitTorrent uTorrent, which can be exploited by an attacker to remotely launch an attack, due to a memory corruption caused by certain malicious...

8.8CVSS8AI score0.0095EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.19 views

Adobe InCopy 缓冲区错误漏洞

Adobe InCopy is a text editing software for creative writing from Adobe, USA. Adobe InCopy suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

9.3CVSS6.2AI score0.01934EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.19 views

Illumina Local Run Manager 代码注入漏洞

Illumina Local Run Manager is an integrated solution from Illumina, Inc. Illumina Local Run Manager is vulnerable to code injection, which could be exploited by attackers to remotely upload and execute code at the operating system level...

10CVSS5.9AI score0.01644EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/19 12:0 a.m.19 views

SPIP 代码注入漏洞

SPIP is a Web-based content publishing system used primarily for online collaboration. A remote code execution vulnerability exists in versions of SPIP prior to 3.2.8, which are primarily used for online collaboration. The vulnerability stems from the oups parameter of /ecrire not properly...

8.8CVSS6.9AI score0.01943EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/05/02 12:0 a.m.19 views

Google Android 加密问题漏洞

Google Android is a Linux-based open-source operating system from the U.S. company Google Android has an encryption vulnerability that can be exploited by attackers to cause local information leakage without additional execution privileges...

5.5CVSS5.9AI score0.00075EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/01 12:0 a.m.19 views

git-pull-or-clone 参数注入漏洞

git-pull-or-clone is used to ensure that a git repository exists on disk and is up-to-date. A parameter injection vulnerability exists in git-pull-or-clone versions prior to 2.0.2, which can be exploited to cause arbitrary command injection...

9.8CVSS8.4AI score0.03865EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/04/27 12:0 a.m.19 views

Cisco Firepower Threat Defense 安全漏洞

Cisco Firepower Threat Defense is a suite of unified software from Cisco that provides next-generation firewall services.Cisco Firepower Threat Defense Software is vulnerable to an input validation error that could be exploited by an authenticated local attacker to inject XML into the command...

7.8CVSS5.6AI score0.00257EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/04/26 12:0 a.m.19 views

NVIDIA Jetson 缓冲区错误漏洞

NVIDIA Jetson is an embedded system development module from NVIDIA. The NVIDIA Jetson Linux Driver Package suffers from a buffer error vulnerability that stems from insufficient validation of untrusted data, which could be exploited by a local attacker to cause a memory buffer overflow that could...

4.6CVSS5.7AI score0.00232EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/26 12:0 a.m.19 views

NVIDIA Jetson 缓冲区错误漏洞

NVIDIA Jetson is an embedded system development module from NVIDIA Corporation. A buffer error vulnerability exists in the NVIDIA Jetson Linux Driver Package, which could be exploited by a local attacker to cause a memory buffer overflow that could lead to code execution, loss of integrity, limit...

7.3CVSS6.3AI score0.003EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/21 12:0 a.m.19 views

Xiaomi Mi App Store 输入验证错误漏洞

A security vulnerability exists in Xiaomi Mi App Store, an app store of Xiaomi, a Chinese company. The vulnerability is due to the Xiaomi App Store not verifying the validity of incoming data, which could be exploited by an attacker to cause the app store to automatically download and install app...

6.1CVSS5.6AI score0.00541EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/04/19 12:0 a.m.19 views

FormaLms SQL注入漏洞

formalms a learning management system. Used to build around the specific needs of corporate training. formalms versions prior to v.1.4.3 contain a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit this...

9.8CVSS5.9AI score0.01211EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/19 12:0 a.m.19 views

FANUC ROBOGUIDE 安全漏洞

FANUC ROBOGUIDE is a robot simulation software from FANUC, Japan. FANUC ROBOGUIDE v9.40083.00.05 and previous versions have an elevation of privilege vulnerability. The vulnerability stems from the fact that the affected product is vulnerable to misconfigured binaries, and an attacker with...

6CVSS5.7AI score0.00159EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.19 views

Django SQL注入漏洞

Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2.28 before version 2.2, version 3.2.13 before version 3.2, and version 4.0.4 before...

9.8CVSS5.8AI score0.02919EPSS
Exploits0References17
CNNVD
CNNVD
added 2022/04/03 12:0 a.m.19 views

jc21 Nginx Proxy Manager 跨站脚本漏洞

jc21 Nginx Proxy Manager is a graphical user interface for managing Nginx servers. jc21 Nginx Proxy Manager versions prior to 2.9.17 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could...

6.8CVSS5.6AI score0.71209EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/03/25 12:0 a.m.19 views

Red Hat Keycloak 跨站脚本漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A cross-site scripting vulnerability exists in Red Hat Keycloak that stems from a lack of validation of POST request parameters...

6.1CVSS5.9AI score0.37246EPSS
Exploits3References2
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.19 views

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. WordPress plugin is a WordPress application plugin. WordPress Sync QCloud COS plugin version prior to 2.0.1 contains a cross-site scripting vulnerability that stems from the plugin's failure to escape so...

4.8CVSS5.2AI score0.00588EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.19 views

WordPress plugin 输入验证错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Page Builder KingComposer plugin version...

6.1CVSS5.7AI score0.0428EPSS
Exploits4References2
CNNVD
CNNVD
added 2022/03/12 12:0 a.m.19 views

Alist 跨站脚本漏洞

Alist is a file listing program with multi-storage support by a Chinese Xhofe individual developer. A security vulnerability exists in Alist v2.1.0 and below. An attacker can exploit /i/:data/ipa.plist...

6.1CVSS6.2AI score0.00705EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.19 views

mruby 代码问题漏洞

mruby is a lightweight implementation of the Ruby language. mruby suffers from a buffer overflow vulnerability that stems from the presence of null pointer dereference in mruby, which could be exploited by an attacker to crash the mruby interpreter, thereby impacting system availability...

7.1CVSS6AI score0.00814EPSS
Exploits1References3
Total number of security vulnerabilities5000