Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/03/07 12:0 a.m.19 views

Autodesk AutoCAD 缓冲区错误漏洞

Autodesk AutoCAD is a suite of professional 3D drawing software from the American company Autodesk. A buffer error vulnerability exists in Autodesk AutoCAD DWF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the affected Autodesk AutoCAD. The...

7.8CVSS8AI score0.01463EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/02/28 12:0 a.m.19 views

WordPress SQL注入漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.A SQL injection vulnerability exists in versions of the WordPress TI WooCommerce Wishlist plugin prior to 1.40.1, which stem...

9.8CVSS6.1AI score0.73998EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/02/21 12:0 a.m.19 views

WordPress plugin AccessPress 安全漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin AccessPress Themes has a security vulnerability that stems from the existence of a backdoor in the vendor...

9.8CVSS5.5AI score0.18878EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/02/17 12:0 a.m.19 views

Siemens Simcenter Femap 缓冲区错误漏洞

Simcenter Femap is an advanced simulation application for creating, editing, and inspecting finite element models of complex products or systems.Siemens Simcenter Femap out-of-bounds write vulnerability can be exploited by attackers to execute code in the context of the current process...

7.8CVSS5.9AI score0.01211EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/02/16 12:0 a.m.19 views

HP Support Assistant 授权问题漏洞

HP Support Assistant is a solution from Hewlett-Packard HP that provides support and other functions for PCs and printers. HP Support Assistant is vulnerable to authorization issues, which stem from the product's failure to effectively authenticate users, and can be exploited by attackers to...

7.8CVSS5.5AI score0.00865EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/14 12:0 a.m.19 views

ImpressCMS 安全漏洞

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums, and photo albums. ImpressCMS has a security vulnerability that stems from the fact that impress scms prior to 1.4.2 allows traversal of the origName or imageName directory b...

9.8CVSS5.6AI score0.06883EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/02/11 12:0 a.m.19 views

vm2 安全漏洞

Vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. vm2 suffers from a security vulnerability that stems from being susceptible to sandbox bypass attacks by directly...

10CVSS8.8AI score0.02876EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/02/08 12:0 a.m.19 views

Microsoft SharePoint 代码问题漏洞

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft Corporation USA. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. remot...

8.8CVSS9AI score0.16825EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/02/07 12:0 a.m.19 views

Qualcomm 多款产品安全漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and is manufactured from time to time on the surface of semiconductor wafers. A security vulnerability exists in a number of Qualcomm products...

8.4CVSS7.3AI score0.00146EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/01/19 12:0 a.m.19 views

WordPress plugin 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress WP HTML Mail plugin in version 3.0.9 and earlier is vulnerable to a cross-site scripting vulnerability tha...

8.3CVSS5.6AI score0.70511EPSS
Exploits3References5
CNNVD
CNNVD
added 2021/12/17 12:0 a.m.19 views

Tp-link TP-Link AX10 环境问题漏洞

TP-Link AX10 is a router from China P&L Tp-link. A misconfiguration vulnerability exists in the TP-Link AX10v1 that stems from an HTTP/1.1 misconfiguration in the web interface of the TP-Link AX10v1 that could allow an attacker to send specially crafted HTTP/0.9 packets, which could lead to a cac...

7.5CVSS5.6AI score0.02382EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/12/09 12:0 a.m.19 views

WBCE CMS SQL注入漏洞

WBCE CMS is an open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in wbce cms, which stems from the vulnerability of wbce cms to improper neutralization of special elements used in SQL commands...

9.8CVSS8.6AI score0.37824EPSS
Exploits4References5
CNNVD
CNNVD
added 2021/12/06 12:0 a.m.19 views

Google Android 资源管理错误漏洞

Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in the Google Android Kernel. The vulnerability stems from an out-of-bounds write in periodicioworkfunc in lwisperiodicio.c due to reuse after release. An attacker can exploit...

6.7CVSS5.6AI score0.00118EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/11/19 12:0 a.m.19 views

PortlandLabs Concrete Cms 代码问题漏洞

PortlandLabs Concrete Cms is an open source team-oriented content management system from PortlandLabs, Inc. PortlandLabs Concrete CMS is vulnerable to a code issue that could be exploited by attackers to obtain a Cloud IAAS AWS IAM key...

5.3CVSS5.7AI score0.00831EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/11/17 12:0 a.m.19 views

CKEditor 跨站脚本漏洞

CKEditor is a set of open source, web-based text editors.A cross-site scripting vulnerability exists in CKEditor, which allows attackers to bypass content cleanup to inject misformatted HTML, which could lead to the execution of JavaScript code. No detailed vulnerability details are currently...

8.2CVSS8.2AI score0.01257EPSS
Exploits0References9
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.19 views

NLnet Labs Routinator 资源管理错误漏洞

NLnet Labs Routinator is an RPKI Resource Public Key Infrastructure validator written in the Rust language from Stichting NLnet Stichting Nlnet Labs in the Netherlands. A security vulnerability exists in NLnet Labs Routinator that stems from improper design or implementation during code developme...

7.5CVSS7.3AI score0.01434EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/10/29 12:0 a.m.19 views

NEC Corporation CLUSTERPRO缓冲区错误漏洞

NEC Corporation CLUSTERPRO is an HA clustering software from NEC. A buffer error vulnerability exists in NEC Corporation CLUSTERPRO X version 1.0 and EXPRESSCLUSTER X version 1.0 that originates from a boundary error in the software transaction server. A remote attacker could exploit the...

9.8CVSS9.2AI score0.02073EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/10/13 12:0 a.m.19 views

Draytek VigorConnect 代码问题漏洞

VigorConnect is the local network management software for DrayTek devices.An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of the DownloadFileServlet in Draytek VigorConnect version 1.6.0-B3. An attacker could exploit the vulnerability to uplo...

10CVSS5.8AI score0.03823EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/10/12 12:0 a.m.19 views

Microsoft Excel 代码注入漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Excel. The vulnerability arises from a network system or product not properly filtering specific elements of externally entered data during t...

7.8CVSS7.6AI score0.02194EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/10/12 12:0 a.m.19 views

Microsoft Exchange Server 权限许可和访问控制问题漏洞

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voice mail, email filtering and screening. A vulnerability exists in Microsoft Exchange Server with privilege permission and access control...

9.6CVSS8.3AI score0.00872EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/10/04 12:0 a.m.19 views

GitLab 授权问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. An authorization issue vulnerability exists in GitLab EE, which can be exploit...

9.8CVSS8.4AI score0.01068EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/10/04 12:0 a.m.19 views

Xiuno BBS 跨站脚本漏洞

Xiuno BBS is an open source forum program based on PHP and MySQL. Xiuno BBS suffers from a cross-site scripting vulnerability that originates from the failure of the product/admin/?setting-base.htm page to properly handle data in the sitename field. An attacker can execute client-side code via th...

6.1CVSS5.6AI score0.00672EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/09/23 12:0 a.m.19 views

PHP 路径遍历漏洞

PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP that arises from a lack of effective privilege-granting and access-control measures in a networked system or product...

6.5CVSS7.1AI score0.01337EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/09/21 12:0 a.m.19 views

Moodle Shibboleth 授权问题漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment.Shibboleth is an open source SAML protocol web single sign-on system for Windows platforms from Shibboleth, UK. Moodle suffers from an...

4.3CVSS6.6AI score0.00711EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/09/20 12:0 a.m.19 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...

4.8CVSS4.9AI score0.00598EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/09/17 12:0 a.m.19 views

object-path 安全漏洞

object-path is an Npm library for individual developers to access variables in data structures via paths. A security vulnerability exists in object-path, which stems from the vulnerability of object paths to uncontrolled modification of object prototype attributes prototype contamination...

7.5CVSS7.4AI score0.02097EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/09/14 12:0 a.m.19 views

Schneider Electric StruxureWare Data Center Expert 路径遍历漏洞

Schneider Electric StruxureWare Data Center Expert StruxureWare Data Center Management Expert is a monitoring software from the French company Schneider Electric Schneider Electric. It is suitable for a variety of organizations to monitor their company-wide power, cooling, security, and...

9.8CVSS8.4AI score0.02083EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/08/25 12:0 a.m.19 views

Appneta Tcpreplay 缓冲区错误漏洞

Tcpreplay is a set of GPLv3 licensed utilities for UNIX operating systems to edit and replay network traffic captured by tools such as tcpdump and Ethereal/Wireshark. The dochecksum function in checksum.c in Tcpreplay version 4.3.2 is vulnerable to a buffer overflow vulnerability. An attacker can...

5.5CVSS6AI score0.0066EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.19 views

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in Google TensorFlow versions prior to 2.6.0. An attacker can exploit the vulnerability to execute arbitrary code on the system...

7.8CVSS5.9AI score0.00185EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/08/08 12:0 a.m.19 views

Rust 命令注入漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a command injection vulnerability that could be exploited by attackers to trigger undefined behavior and memory corruption...

8.1CVSS5.7AI score0.0124EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/07/26 12:0 a.m.19 views

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Woocommerce. The vulnerability stems from a lack o...

4.9CVSS5.7AI score0.01265EPSS
Exploits2References4
CNNVD
CNNVD
added 2021/07/07 12:0 a.m.19 views

QEMU 缓冲区错误漏洞

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A security vulnerability exists in QEMU for ATI VGA, which stems from a memory access out-of-bounds flaw found in QEMU's ATI VGA device...

6.5CVSS6.9AI score0.00429EPSS
Exploits1References14
CNNVD
CNNVD
added 2021/07/06 12:0 a.m.19 views

GitLab 安全漏洞

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An access control error vulnerability exists in GitLab. An attacker can exploit this vulnerability ...

6.5CVSS5.7AI score0.0135EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/07/03 12:0 a.m.19 views

Addressable资源管理错误漏洞

Addressable is an application. alternative implementation of the URI implementation, which is part of the Ruby Standard Library. A security vulnerability exists in Addressable that stems from a maliciously crafted URI template implementation in Addressable that could lead to uncontrolled resource...

7.5CVSS7.3AI score0.02199EPSS
Exploits0References10
CNNVD
CNNVD
added 2021/06/22 12:0 a.m.19 views

Palo Alto Networks Cortex XSOAR 安全漏洞

Palo Alto Networks Cortex XSOAR is a software application from Palo Alto Networks, Inc. It provides a security orchestration, automation, and response platform with threat intelligence management and a built-in marketplace. A security vulnerability exists in Palo Alto Networks Cortex XSOAR, which...

9.8CVSS8.3AI score0.01406EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/06/13 12:0 a.m.19 views

Sourceforge mbsync 代码问题漏洞

Sourceforge mbsync is an application from the Sourceforge community in the United States. Provides synchronization of remote IMAP mailboxes with local maildir style mailboxes A code issue vulnerability exists in Sourceforge mbsync, which arises from a boundary error when handling an unexpected...

7.8CVSS7.9AI score0.01037EPSS
Exploits0References13
CNNVD
CNNVD
added 2021/06/01 12:0 a.m.19 views

Apache Dubbo 代码问题漏洞

Apache Dubbo is the Apache Foundation's Java-based high-performance open source RPC framework. A deserialization vulnerability exists in Apache Dubbo versions prior to 2.7.8 and 2.6.9. An attacker can use this vulnerability to further exploit by tampering with byte leading flags and specifying a...

9.8CVSS5.8AI score0.17666EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/05/21 12:0 a.m.19 views

SoloKeys Solo 加密问题漏洞

SoloKeys Solo is an open source security key. SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token suffers from a security vulnerability that stems from not enforcing the flash readout protection RDP level. This allows an attacker to lower the RDP level...

6.8CVSS6.6AI score0.00328EPSS
Exploits1References8
CNNVD
CNNVD
added 2021/05/19 12:0 a.m.19 views

PostgreSQL 命令注入漏洞

PostgreSQL is a free object-relational database management system organized by Postgresql. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, etc. A remote code execution vulnerability exists in the pg partman extension in...

9.8CVSS6.9AI score0.022EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/05/17 12:0 a.m.19 views

vmd 跨站脚本漏洞

vmd is a software application. Preview markdown files in a separate window A cross-site scripting vulnerability exists in vmd version 1.34.0 and earlier versions, which leaks div class="markdown-body"...

6.1CVSS5.9AI score0.01173EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/05/17 12:0 a.m.19 views

Acyba AcyMailing 输入验证错误漏洞

Acyba AcyMailing is a suite of newsletter and marketing automation software from the Acyba team in France. AcyMailing suffers from an input validation error vulnerability that stems from the redirect parameter not being cleared correctly when AcyMailing performs a subscription...

6.1CVSS6.2AI score0.01939EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/05/07 12:0 a.m.19 views

Foxit Reader 资源管理错误漏洞

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...

7.8CVSS6.3AI score0.02784EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/04/21 12:0 a.m.19 views

Jenkins Config File Provider Plugin 安全漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Config File Provider Plugin is used in one of...

4.3CVSS5.6AI score0.00887EPSS
Exploits0References16
CNNVD
CNNVD
added 2021/04/20 12:0 a.m.19 views

ImageMagick 输入验证错误漏洞

ImageMagick is a set of open-source image processing software from the American company ImageMagick. The software can read, convert, or write images in a variety of formats. An input validation error vulnerability exists in ImageMagick. No information about this vulnerability is available at this...

7.8CVSS7.5AI score0.0238EPSS
Exploits0References13
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.19 views

Microsoft Windows Console Driver 输入验证错误漏洞

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A denial of service vulnerability exists in the "console driver" in Microsoft Windows and Windows Server,...

5.5CVSS5.7AI score0.00648EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/04/12 12:0 a.m.19 views

Wordpress plugin Controlled Admin Access 访问控制错误漏洞

WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in multiple Wordpress plugins that allows an attacker to use this endpoint to add arbitrary data to predefined options in the wpoptions table. The following products and versions are affected: The...

5.3CVSS5.9AI score0.02076EPSS
Exploits2References3
CNNVD
CNNVD
added 2021/04/07 12:0 a.m.19 views

GNU Chess 安全漏洞

GNU Chess is a chess game program. A buffer overflow vulnerability exists in the cmdpgnload and cmdpgnreplay functions in frontend/cmd.cc in GNU Chess version 6.2.7. An attacker can exploit this vulnerability to execute arbitrary code via specially crafted PGN data...

7.8CVSS6.5AI score0.01769EPSS
Exploits1References9
CNNVD
CNNVD
added 2021/04/05 12:0 a.m.19 views

Automattic WooCommerce 跨站脚本漏洞

Automattic WooCommerce is an open source e-commerce platform based on WordPress from Automattic, Inc. in the United States. A security vulnerability exists in the WooCommerce WordPress plugin Advanced Order Export prior to version 3.1.8. The vulnerability stems from the tab parameter in the admin...

6.1CVSS6.2AI score0.10348EPSS
Exploits5References5
CNNVD
CNNVD
added 2021/03/26 12:0 a.m.19 views

WonderLink Yomi-Search 跨站脚本漏洞

WonderLink Yomi-Search is a WonderLink application. A versatile search engine. A cross-site scripting vulnerability exists in version 4.22 of Yomi-Search Ver4.22, which originates from the ability to execute arbitrary script on the web browser of a user accessing a website that uses Yomi-Search. ...

6.1CVSS8.4AI score0.00756EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/03/18 12:0 a.m.19 views

Jenkins Matrix Authorization Strategy 安全漏洞

Jenkins Matrix Authorization Strategy is a Jenkins open source application plugin . The plug-in in Jenkins to achieve fine-grained access control . An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permissions to nested...

6.5CVSS5.7AI score0.01011EPSS
Exploits0References13
Total number of security vulnerabilities5000