Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/07/12 12:0 a.m.18 views

Schneider Electric Easergy P5 和 P3 输入验证错误漏洞

The Schneider Electric Easergy P5 and Schneider Electric Easergy P3 are both products of the French company Schneider Electric.The Schneider Electric Easergy P5 is a protective relay for demanding medium voltage applications. The Schneider Electric Easergy P3 is an easy-to-use protective relay. A...

5.1CVSS5.4AI score0.00416EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/04 12:0 a.m.18 views

WordPress plugin Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS5.3AI score0.01626EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/06/22 12:0 a.m.18 views

Jenkins Plugin EasyQA 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins EasyQA Plugin 1.0 and earlier versions are vulnerable to cross-site...

8.8CVSS5.5AI score0.00503EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.18 views

Adobe Bridge 缓冲区错误漏洞

Adobe Bridge is a file viewer from Adobe. Adobe Bridge is vulnerable to an out-of-bounds write vulnerability that could be exploited to execute arbitrary code in the context of the current user...

7.8CVSS6.1AI score0.02027EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/08 12:0 a.m.18 views

WordPress plugin WP Simple Adsense Insertion 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Simple Adsense Insertion plugin prior to version 2.1 is vulnerable to cross-site request...

4.3CVSS5.7AI score0.00412EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/05/26 12:0 a.m.18 views

CSCMS Music Portal System SQL注入漏洞

CSCMS Music Portal System is a diversified content management system of China Chong Sheng Network Technology CSCMS Company. CSCMS Music Portal System suffers from a SQL injection vulnerability that originates from the lack of validation of the id parameter of /admin.php/pic/admin/type/save for...

7.2CVSS6.1AI score0.00896EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/05/20 12:0 a.m.18 views

wasm3缓冲区错误漏洞

wasm3 is the fastest WebAssembly interpreter and the most versatile runtime. A security vulnerability exists in wasm3 version 0.5.0, which stems from a heap overflow discovered via the component /wabt/bin/poc.wasm...

7.8CVSS7.3AI score0.0039EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/05/18 12:0 a.m.18 views

Cisco Common Services Platform Collector 跨站脚本漏洞

Cisco Common Services Platform Collector is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collector is...

6.1CVSS5.7AI score0.00685EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.18 views

Moodle 安全漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. a security vulnerability exists in Moodle, which stems from the description user field failing to hide when set to hidden. No details o...

5.3CVSS5.6AI score0.01239EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/05/11 12:0 a.m.18 views

Progress Software WhatsUp Gold 代码问题漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability in Progress Software WhatsUp Gold versions 21.0.0 through 21.1...

7.5CVSS7.5AI score0.55861EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/05/04 12:0 a.m.18 views

Microweber 跨站脚本漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber versions prior to 1.2.16, which can be...

6.3CVSS6.6AI score0.00824EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.18 views

networkd-dispatcher 安全漏洞

networkd-dispatcher is a scheduler daemon for systemd-networkd connection state changes by an individual developer at clayton craft in the United States. A security vulnerability exists in networkd-dispatcher versions 1.0 - 2.1 due to a race condition between a discovered script and a running...

4.7CVSS5.5AI score0.06716EPSS
Exploits2References5
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.18 views

Shopware 跨站请求伪造漏洞

A cross-site request forgery vulnerability exists in versions of Shopware prior to 5.7.9, which stems from vulnerability to cross-site request forgery CSRF token authentication failures. An attacker could exploit this vulnerability to be subject to a cross-site request forgery CSRF attack...

7.5CVSS5.4AI score0.00565EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/26 12:0 a.m.18 views

NVIDIA Jetson 输入验证错误漏洞

NVIDIA Jetson is an embedded system development module from NVIDIA Corporation. An input validation error vulnerability exists in the NVIDIA Jetson Linux Driver Package, which stems from insufficient validation of untrustworthy data and can be exploited by a local attacker with elevated privilege...

5.7CVSS6.2AI score0.00232EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/22 12:0 a.m.18 views

Kubernetes ingress-nginx 输入验证错误漏洞

Kubernetes ingress-nginx is the entry controller for Cloud Native Computing Foundation's Kubernetes, using NGINX as a reverse proxy and load balancer. A security vulnerability exists in Kubernetes ingress-nginx. No information about the vulnerability is available at this time, so please stay tune...

8.1CVSS7.6AI score0.01109EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/04/20 12:0 a.m.18 views

Cisco Unified Communications Manager 代码问题漏洞

Cisco Unified Communications Manager is a call processing component of Cisco's Unified Communications System. The component provides a scalable, distributable, and highly available call processing solution for enterprise IP telephony. Unified Communications Manager Session Management Edition is t...

6.5CVSS5.7AI score0.00337EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/04/19 12:0 a.m.18 views

Oracle Enterprise Manager Base Platform 输入验证错误漏洞

Oracle Virtualization and Oracle VM VirtualBox are both products of Oracle Corporation.Oracle Virtualization is a suite of virtualization solutions. The product is used to unify the management of the entire hardware and software system from the application to the disk, can be virtualized from the...

4.7CVSS7.9AI score0.00713EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.18 views

Microsoft Power BI 安全漏洞

Microsoft Power BI is an interactive data visualization software from Microsoft USA that focuses on business intelligence. It is part of the Microsoft Power Platform. A spoofing vulnerability exists in Microsoft Power BI. An attacker can exploit this vulnerability to conduct spoofing attacks...

3.7CVSS6.4AI score0.00797EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.18 views

rtl_433 缓冲区错误漏洞

The rtl433 is a general purpose data receiver from the personal developer Benjamin Larsson. A program used to decode radio transmissions from devices in the Ism band and other frequencies. A security vulnerability exists in rtl433 that allows an attacker to trigger a denial of service DoS via a...

5.5CVSS5.7AI score0.00629EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/04/06 12:0 a.m.18 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by the window.showSaveFilePicker function that parses and returns environment variable values to the user when passing environment variables, which can be exploited by an attacker to...

6.5CVSS5.8AI score0.01266EPSS
Exploits2References4
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.18 views

Sophos UTM 日志信息泄露漏洞

Sophos UTM is a next-generation firewall. a security vulnerability existed prior to Sophos UTM 9.710, which stems from the fact that Confd log files contain SHA512crypt password hashes for local users including the root user with insecure access rights, which can be exploited by attackers to...

7.8CVSS5.5AI score0.00185EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.18 views

Atlassian Fisheye和Crucible 安全漏洞

Atlassian Fisheye is a suite of source code deep viewing software.Atlassian Crucible is a suite of code review tools. Atlassian Fisheye and Crucible are vulnerable to a brute force vulnerability due to a failure to check whether a user has exceeded their maximum failed login limit. An attacker...

9.8CVSS5.8AI score0.01408EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.18 views

Yokogawa Exaopc 代码问题漏洞

Yokogawa Electric is a server of Yokogawa Electric Yokogawa, a Japanese company. A security vulnerability exists in Yokogawa Electric. The vulnerability stems from an unsafe DLL loading issue. The following products and versions are affected: CENTUM CS 3000 versions R3.08.10 through R3.09.00,...

7.8CVSS7.3AI score0.00216EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/03/08 12:0 a.m.18 views

Microsoft Exchange Server 代码注入漏洞

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voicemail, email filtering and screening, and other features. A code injection vulnerability exists in Microsoft Exchange Server. The followin...

8.8CVSS8.2AI score0.40789EPSS
Exploits3References9
CNNVD
CNNVD
added 2022/03/08 12:0 a.m.18 views

Atlassian Jira 代码注入漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira Server and Data Center that could allow a remote attacker with system...

7.2CVSS7.8AI score0.02225EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/03/08 12:0 a.m.18 views

Microsoft Paint 3D 代码注入漏洞

Microsoft Paint 3D is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on the system...

7.8CVSS9.1AI score0.02313EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/03/07 12:0 a.m.18 views

Google Android 权限许可和访问控制问题漏洞

Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which originates in NotificationStackScrollLayout.java. NotificationStackScrollLayout has a method to bypass factory reset protection. An attacker could...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/02/28 12:0 a.m.18 views

WordPress SQL注入漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.A SQL injection vulnerability exists in versions of the WordPress TI WooCommerce Wishlist plugin prior to 1.40.1, which stem...

9.8CVSS6.1AI score0.73998EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/02/21 12:0 a.m.18 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software from the American company ImageMagick. The software can read, convert or write images in a variety of formats. ImageMagick has a security vulnerability that can be exploited by an attacker to trigger a buffer overflow in ImageMagick vi...

7.1CVSS7.3AI score0.00552EPSS
Exploits1References8
CNNVD
CNNVD
added 2022/02/21 12:0 a.m.18 views

WordPress plugin Duplicate Page or Post 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress plugin Duplicate Page or Post, which stems from the plugin's...

3.5CVSS5.2AI score0.01582EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/02/14 12:0 a.m.18 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome Animation, which can be exploited by an attacker to execute arbitrary code on a system or cause a denial of service condition...

8.8CVSS9.2AI score0.23546EPSS
Exploits0References15
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.18 views

WordPress plugin 跨站请求伪造漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. WordPress NextScripts:Social Networks Auto-Poster plugin is vulnerable to cross-site request forgery in versions prior to 4.3.25. The vulnerability stems from the fact that there is no CSRF check...

6.5CVSS5.6AI score0.00531EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/01/11 12:0 a.m.18 views

Microsoft Office 代码注入漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code injection vulnerability exists in Microsoft Office. The following products and version...

8.8CVSS8.5AI score0.03115EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/12/23 12:0 a.m.18 views

Apple macOS High Sierra 安全漏洞

A security vulnerability exists in Apple macOS High Sierra, a specialized operating system developed by Apple for Mac computers. macOS High Sierra is caused by a problem with handling contact sharing. An attacker could exploit this vulnerability to cause unexpected data sharing...

7.5CVSS5.7AI score0.00926EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.18 views

AbanteCart 跨站脚本漏洞

AbanteCart is a PHP-based e-commerce platform. AbanteCart 1.3.2 previously had a security vulnerability that could be exploited by attackers to conduct DOM-based XSS attacks...

6.1CVSS5.5AI score0.00924EPSS
Exploits2References4
CNNVD
CNNVD
added 2021/12/09 12:0 a.m.18 views

WBCE CMS SQL注入漏洞

WBCE CMS is an open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in wbce cms, which stems from the vulnerability of wbce cms to improper neutralization of special elements used in SQL commands...

9.8CVSS8.6AI score0.37824EPSS
Exploits4References5
CNNVD
CNNVD
added 2021/12/08 12:0 a.m.18 views

Fortinet FortiWeb 缓冲区错误漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A buffer overflow vulnerability exists that...

8.8CVSS6.6AI score0.01894EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/07 12:0 a.m.18 views

Mozilla Firefox 权限许可和访问控制问题漏洞

Mozilla Firefox, an open source Web browser from the Mozilla Foundation, is vulnerable to an input validation error in Mozilla Firefox ESR that results from a parameter URL containing spaces that is not properly escaped when invoking a protocol handler for an external protocol. A remote attacker...

6.5CVSS5.7AI score0.00862EPSS
Exploits0References12
CNNVD
CNNVD
added 2021/12/06 12:0 a.m.18 views

Google Android 资源管理错误漏洞

Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in the Google Android Kernel. The vulnerability stems from an out-of-bounds write in periodicioworkfunc in lwisperiodicio.c due to reuse after release. An attacker can exploit...

6.7CVSS5.6AI score0.00118EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/11/17 12:0 a.m.18 views

Facade Ignition for Laravel 安全漏洞

Facade Ignition for Laravel is a customizable error page from Facade Belgium that runs in the Laravel web framework. A security vulnerability exists in Facade Ignition for Laravel, which stems from the product's fix variable names feature that does not add effective access control...

9.8CVSS8.2AI score0.0167EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.18 views

Siemens Nucleus 安全漏洞

Siemens Nucleus ReadyStart is a bundled solution from Siemens Germany. It is used to accelerate the fast start-up of complete systems and provides a rich board-level support package Bsp. A security vulnerability exists in Siemens Nucleus ReadyStart, which stems from the total length of the UDP...

9.1CVSS5.7AI score0.01902EPSS
Exploits0References27
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.18 views

NLnet Labs Routinator 安全漏洞

NLnet Labs Routinator is an RPKI Resource Public Key Infrastructure validator written in Rust from Stichting NLnet Stichting Nlnet Labs in the Netherlands. NLnet Labs Routinator prior suffers from a security vulnerability that stems from the lack of an effective trust management mechanism in a...

7.5CVSS7.2AI score0.01434EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/10/29 12:0 a.m.18 views

GitLab 信息泄露漏洞

GitLab is a self-hosted Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab CE/EE is vulnerable to an information disclosure vulnerability that stems from the fact that project exports can reveal external webhook token values, which can be...

5.3CVSS5.6AI score0.01245EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/10/27 12:0 a.m.18 views

Adobe Premiere Elements 缓冲区错误漏洞

Adobe Premiere Elements is a video editing software application from Adobe. Adobe Premiere Elements 2021 build 19.0 and earlier versions are vulnerable to a memory buffer out-of-bounds access vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

9.3CVSS6.4AI score0.0155EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/10/12 12:0 a.m.18 views

Microsoft Windows Storage Spaces Controller 权限许可和访问控制问题漏洞

Microsoft Windows Storage Spaces Controller is an essential driver for providing storage space functionality from Microsoft Corporation USA. A vulnerability exists in Microsoft Windows Storage Spaces Controller with privilege permission and access control issues. The following products and editio...

7.8CVSS7.3AI score0.00807EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/10/04 12:0 a.m.18 views

Xiuno BBS 跨站脚本漏洞

Xiuno BBS is an open source forum program based on PHP and MySQL. Xiuno BBS suffers from a cross-site scripting vulnerability that originates from the failure of the product/admin/?setting-base.htm page to properly handle data in the sitename field. An attacker can execute client-side code via th...

6.1CVSS5.6AI score0.00672EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/09/21 12:0 a.m.18 views

Moodle 信息泄露漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. An information disclosure vulnerability exists in Moodle that stems from insufficient escaping of LaTeX leading codes. A remote...

4.9CVSS6.6AI score0.00901EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/09/16 12:0 a.m.18 views

fig2dev 缓冲区错误漏洞

fig2dev is used to convert .fig files to various graphics languages and formats. A stack buffer overflow vulnerability exists in the bezierspline function in genepic.c in fig2dev version 3.2.7b. No detailed vulnerability details are currently available...

5.5CVSS6.6AI score0.0109EPSS
Exploits1References10
CNNVD
CNNVD
added 2021/09/13 12:0 a.m.18 views

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Per page, which stems from a lack of proper...

4.8CVSS5.1AI score0.00617EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/09/07 12:0 a.m.18 views

Apache Dubbo 代码问题漏洞

Apache Dubbo is the United States Apache Apache Foundation of a lightweight Java-based RPC Remote Procedure Call framework. It provides interface-based remote calling, fault tolerance and load balancing, and automated service registration and discovery. A security vulnerability exists in Apache...

8.8CVSS8AI score0.02019EPSS
Exploits0References3
Total number of security vulnerabilities5000