Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/11/21 12:0 a.m.17 views

Tenda AC18 安全漏洞

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a buffer overflow vulnerability that stems from the formSetDeviceName function that allows an attacker to implement a buffer...

9.8CVSS7.5AI score0.00682EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/15 12:0 a.m.17 views

WBCE CMS 安全漏洞

WBCE CMS is an open source content management system CMS based on PHP and MySQL. WBCE CMS suffers from an Access Control Error vulnerability that stems from the increaseattempts function in the wbce/framework/class.login.php file in its Header Handler component not appropriately restricting too...

7.5CVSS7.1AI score0.00788EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/11/12 12:0 a.m.17 views

Hyperledger Fabric 资源管理错误漏洞

Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used to develop solutions and applications. A security vulnerability exists in Hyperledger Fabric version 2.3 that stems from the fact that it allows an attacker to cause a denial of service by repeatedly sending a...

7.5CVSS7.2AI score0.00797EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/11/09 12:0 a.m.17 views

Intel Processors 输入验证错误漏洞

Intel Processors are American Intel Corporation's provide for interpreting computer instructions and processing data in computer software. A security vulnerability exists in Intel Processors, no information about this vulnerability is available at this time, please stay tuned to CNNVD or the...

8.2CVSS6.5AI score0.00193EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/08 12:0 a.m.17 views

Microsoft Word 安全漏洞

Microsoft Word is a word processing software in the Office suite of the American Microsoft Microsoft. An information disclosure vulnerability exists in Microsoft Word, which can be exploited by attackers to obtain sensitive information...

5.5CVSS6AI score0.00739EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/11/07 12:0 a.m.17 views

WordPress plugin Import any XML or CSV File to WordPress 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. The WordPress plugin Import any XML or CSV File to...

7.2CVSS7.2AI score0.03187EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/10/28 12:0 a.m.17 views

Employee Record Management System 跨站脚本漏洞

PHPGurukul Phpgurukul Employee Record Management System is an Employee Record Management System from PHPGurukul, Inc. A cross-site scripting vulnerability exists in Employee Record Management System version 1.2, which stems from a cross-site scripting issue in editempprofile.php...

5.4CVSS5.4AI score0.00425EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/10/20 12:0 a.m.17 views

Adobe Commerce 输入验证错误漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce has an input validation error vulnerability that stems from incorrect input validation. An authenticated attacker can trigger an insecure...

8.8CVSS6.2AI score0.01091EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/12 12:0 a.m.17 views

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. A security vulnerability exists in Palo Alto Networks PAN-OS versions prior to 8.1.24 in the 8.1 series of releases, which stems from an authentication bypass vulnerability in the web interface that...

8.1CVSS7.7AI score0.0083EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/10/11 12:0 a.m.17 views

SAP Commerce 输入验证错误漏洞

SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. This product supports sales management, marketing management, order management and operations management. An input validation error vulnerability exists in SAP Commerce versions 1905, 2005, 2105, 2011, and 2205, which ca...

8.8CVSS6.9AI score0.0076EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/10/03 12:0 a.m.17 views

Veritas NetBackup 代码问题漏洞

Veritas NetBackup is a storage service used by Veritas, Inc. to provide backup and recovery capabilities for enterprise environments. Veritas NetBackup 10.0.0.1 and previous versions are vulnerable to XML external entity injection, which stems from the fact that the DiscoveryService service does...

9.8CVSS6.8AI score0.00517EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.17 views

Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software IPv6 VPN. An attacker...

7.4CVSS7.3AI score0.0028EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.17 views

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland. A security vulnerability exists in TYPO3. An attacker exploited the vulnerability to distinguish between existing and non-existing user accounts by observing the response time...

5.3CVSS5.7AI score0.00977EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.17 views

Siemens Parasolid 缓冲区错误漏洞

Parasolid is a 3D geometric modeling tool that supports a variety of techniques, including solid modeling, direct editing, and free-form/sheet modeling.Simcenter Femap is an advanced simulation application for creating, editing, and examining finite element models of complex products or...

7.8CVSS7.5AI score0.00241EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/23 12:0 a.m.17 views

Jenkins Plugin CollabNet 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS5.8AI score0.00702EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/19 12:0 a.m.17 views

RIELLO UPS NetMan 安全漏洞

RIELLO UPS NetMan is a network adapter from RIELLO UPS, Italy. A security vulnerability exists in RIELLO UPS NetMan. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the manufacturer's bulletin...

7.5CVSS7.7AI score0.00478EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/10 12:0 a.m.17 views

Apache Traffic Server 输入验证错误漏洞

Apache Traffic Server ATS or TS is a high-performance, modular HTTP proxy and caching server, similar to Nginx and Squid. Traffic Server was originally a commercial product of Inktomi, a company acquired by Yahoo in 2003, and in August 2009 Yahoo contributed the source code to the In August 2009...

7.5CVSS6.8AI score0.01849EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/08/05 12:0 a.m.17 views

NVIDIA vGPU Software 安全漏洞

NVIDIA vGPU Software is a management software from NVIDIA that is used to provide GPU capabilities to virtual machines. The software supports multiple virtual machines to access the host's GPU, providing graphics performance and application compatibility for virtual machines. A security...

7.8CVSS7.3AI score0.00212EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/05 12:0 a.m.17 views

NVIDIA vGPU Software 资源管理错误漏洞

NVIDIA vGPU Software is a management software from NVIDIA that is used to provide GPU capabilities to virtual machines. NVIDIA vGPU Software suffers from a Resource Management Error vulnerability that originates from double freeing certain resources, which can be exploited by an attacker to cause...

7.8CVSS5.8AI score0.00262EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/01 12:0 a.m.17 views

IBM DataPower Gateway 代码问题漏洞

IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across channels...

8.8CVSS5.6AI score0.00462EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.17 views

Jenkins Repository Connector Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.00581EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.17 views

Jenkins Git client Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

8.1CVSS7.7AI score0.00783EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/07/25 12:0 a.m.17 views

Pegasystem Pega 安全漏洞

Pegasystem Pega is a Java-based business process management tool from the U.S. company Pegasystem. It is used to build enterprise applications. A security vulnerability exists in Pegasystem Pega that stems from a password authentication bypass vulnerability in local accounts that can be used to...

9.8CVSS8.3AI score0.00783EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/10 12:0 a.m.17 views

convert-svg 代码注入漏洞

convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in versions of convert-svg prior to 0.6.3, which stems from the use of specially crafted SVG files that can read arbitrary files from the file system and the...

7.8CVSS7.3AI score0.00855EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.17 views

FreeType 缓冲区错误漏洞

FreeType is an open source font rendering library written in the C language. A security vulnerability exists in ftbench.c in FreeType Demo Programs version 2.12.1 and earlier versions, which can be exploited by an attacker to cause a heap-based buffer overflow...

7.8CVSS7.8AI score0.00699EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.17 views

Smarty 代码注入漏洞

Smarty is a PHP-based template engine that helps to separate the representation HTML/CSS from the application logic. A code injection vulnerability exists in Smarty versions 3.1.x prior to 3.1.45 and 4.1.x prior to 4.1.1, which can be exploited by a remote attacker to send a specially crafted...

8.8CVSS7.2AI score0.0454EPSS
Exploits1References15
CNNVD
CNNVD
added 2022/04/27 12:0 a.m.17 views

Bender ebee 充电控制器 命令注入漏洞

The ebee is a charge controller from Bender. The Bender ebee Charge Controller suffers from a command injection vulnerability that stems from easy command injection via the web interface. An authenticated attacker could enter shell commands in certain input fields. The following products and...

8.8CVSS8.1AI score0.01332EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/04/22 12:0 a.m.17 views

Kubernetes ingress-nginx 输入验证错误漏洞

Kubernetes ingress-nginx is the entry controller for Cloud Native Computing Foundation's Kubernetes, using NGINX as a reverse proxy and load balancer. A security vulnerability exists in Kubernetes ingress-nginx. No information about the vulnerability is available at this time, so please stay tune...

8.1CVSS7.6AI score0.01109EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/04/15 12:0 a.m.17 views

Cisco SD-WAN vManage Software 安全漏洞

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A security vulnerability exists in Cisco SD-WAN vManage Software that originates when a low-privileged user executes a file that is exploited by the root user when running...

8.5CVSS6.8AI score0.00581EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.17 views

Microsoft Windows 输入验证错误漏洞

Microsoft Windows is a suite of operating systems used by Microsoft Corporation USA for personal devices. An input validation error vulnerability exists in Microsoft Windows Fax Compose Form. The following products and versions are affected: Windows 7 for x64-based Systems Service Pack 1,Windows...

7.8CVSS7.6AI score0.01998EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.17 views

Microsoft Power BI 安全漏洞

Microsoft Power BI is an interactive data visualization software from Microsoft USA that focuses on business intelligence. It is part of the Microsoft Power Platform. A spoofing vulnerability exists in Microsoft Power BI. An attacker can exploit this vulnerability to conduct spoofing attacks...

3.7CVSS6.4AI score0.00797EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/01 12:0 a.m.17 views

GitLab Community Edition和GitLab Enterprise Edition 信息泄露漏洞

GitLab Enterprise Edition is a content management system.GitLab Community Edition is a community edition of GitLab by GitLab, Inc. An information disclosure vulnerability exists in GitLab Community Edition CE and Enterprise Edition EE due to a lack of filtering in error messages. When the include...

6.5CVSS6.5AI score0.00987EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/03/29 12:0 a.m.17 views

Joomla! 路径遍历漏洞

A path traversal vulnerability exists in Joomla! versions 3.0.0 through 3.10.6 and 4.0.0 through 4.1.0, which stems from a failure of a web system or product to properly filter special elements in a resource or file path, and can be exploited by remote attackers to send specially crafted .zip...

7.5CVSS5.6AI score0.02007EPSS
Exploits3References6
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.17 views

Spatie Laravel Media Library Pro 代码问题漏洞

Spatie Laravel Media Library Pro is a UI component for laravel-medialibrary from Spatie Belgium. A security vulnerability exists in Spatie Laravel Media Library Pro 2.1.6, no information about the vulnerability is available at this time, please stay tuned to CNNVD or vendor announcements...

10CVSS8.2AI score0.03106EPSS
Exploits3References5
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.17 views

Gitea 授权问题漏洞

Gitea is a project to set up a self-hosted Git service. Gitea suffers from an authorization error vulnerability that stems from PAM authentication when building and configuring Gitea, which skips checking authorization altogether and can be exploited by attackers to log into expired accounts and...

7.1CVSS5.6AI score0.00833EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/03/08 12:0 a.m.17 views

Microsoft Windows CD-ROM Driver 权限许可和访问控制问题漏洞

Microsoft Windows is a CD-ROM driver from Microsoft Corporation, and an elevation of privilege vulnerability exists in the Microsoft Windows CD-ROM Driver, which could be exploited by attackers to execute arbitrary code with elevated privileges...

7.8CVSS8.4AI score0.00895EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/02/21 12:0 a.m.17 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software from the American company ImageMagick. The software can read, convert or write images in a variety of formats. ImageMagick has a security vulnerability that can be exploited by an attacker to trigger a buffer overflow in ImageMagick vi...

7.1CVSS7.3AI score0.00552EPSS
Exploits1References8
CNNVD
CNNVD
added 2022/02/17 12:0 a.m.17 views

pcf2bdf 安全漏洞

Pcf2bdf is a font decompiler by the Japanese individual developer Nayuta Taga. It is used to convert X fonts from a portable compiled format to a bitmap distribution format. A buffer error vulnerability exists in pcf2bdf, which allows an attacker to trigger an unsafe memory access via a specially...

7.1CVSS7.2AI score0.0079EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/02/08 12:0 a.m.17 views

Microsoft SharePoint 授权问题漏洞

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft Corporation USA. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and...

4.3CVSS6.4AI score0.02134EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.17 views

Sensio Labs Twig 代码代码注入漏洞

Sensio Labs Twig is a PHP template engine from the French company Sensio Labs that supports custom tags and filters and the creation of DSLs. Sensio Labs Twig is vulnerable to injection, which can be exploited by attackers to run arbitrary PHP functions...

9.8CVSS5.8AI score0.08209EPSS
Exploits3References13
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.17 views

Google Tensorflow 代码问题漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a code issue vulnerability that stems from the simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow being prone to segmentation errors. No detailed...

7.5CVSS5.7AI score0.0087EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/02/02 12:0 a.m.17 views

Fortinet FortiExtender 操作系统命令注入漏洞

Fortinet FortiExtender is a wireless WAN extender appliance from Fortinet, Inc. A command injection vulnerability exists in Fortinet FortiExtender, which can be exploited by an authenticated attacker to execute privileged shell commands via CLI commands...

9CVSS5.9AI score0.01055EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/01/28 12:0 a.m.17 views

ZEIT Next.js 资源管理错误漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. Next.js suffers from a security vulnerability that could allow bad actors to trigger a denial of service attack against anyone using the i18n feature...

7.5CVSS7.5AI score0.02153EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/01/19 12:0 a.m.17 views

phpIPAM SQL注入漏洞

phpIPAM is an open source PHP and MySQL based IP address management application IPAM. A SQL injection vulnerability exists in PhpIPAM v1.4.4, which originates from an authenticated administrator user being able to insert SQL statements in the subnet parameter when searching for subnets via...

7.2CVSS7.3AI score0.25243EPSS
Exploits7References7
CNNVD
CNNVD
added 2021/12/27 12:0 a.m.17 views

Rust actix-web crate 缓冲区错误漏洞

Rust actix-web crate is a Rust web framework. mozilla Rust actix-web crate memory corruption vulnerability can be exploited by attackers to cause memory corruption...

9.8CVSS5.6AI score0.01288EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/15 12:0 a.m.17 views

Dolibarr 跨站脚本漏洞

Dolibarr is a modern software package that helps manage your organization's active applications. a cross-site scripting vulnerability exists in Dolibarr prior to 14.0.3, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this...

5.4CVSS5.6AI score0.00949EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.17 views

Adobe Premiere Pro 缓冲区错误漏洞

Adobe Premiere Pro is a non-linear video editing software developed by Adobe, which is widely used in the professional production of movies, TV and web videos, providing a full-process solution from clip editing to finished output. An out-of-bounds read vulnerability exists in Adobe Premiere Pro,...

3.3CVSS5.7AI score0.00258EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/12/06 12:0 a.m.17 views

Piwigo SQL注入漏洞

Piwigo is a set of Web-based open source image library software. Piwigo v11.5 contains a security vulnerability in /admin/batchmanagerglobal.php in which the parameter pwgtoken is not sufficiently escaped and filtered. No details of the vulnerability are available at this time...

8.8CVSS5.5AI score0.01112EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/11/05 12:0 a.m.17 views

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from an input validation error vulnerability that stems from the fact that TensorFlow allows tensors to have a large number of dimensions, each of which can be adjusted...

5.5CVSS5.7AI score0.00307EPSS
Exploits1References8
CNNVD
CNNVD
added 2021/11/05 12:0 a.m.17 views

Google TensorFlow 数字错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A numeric error vulnerability exists in versions of Google TensorFlow prior to 2.7.0, which stems from the fact that AllToAll in TensorFlow performs division by zero when inferring code. No details of t...

5.5CVSS5.6AI score0.00128EPSS
Exploits0References4
Total number of security vulnerabilities5000