Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2021/10/29 12:0 a.m.17 views

Office Server Document Converter 缓冲区错误漏洞

Antenna House Office Server Document Converter Osdc is an office server document converter from Antenna House USA. It is used to batch convert Word, Excel, and Powerpoint into high-quality Pdf or image formats that are easy to share and look accurate on any screen. A buffer error vulnerability...

9.8CVSS9.1AI score0.02073EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/10/29 12:0 a.m.17 views

NEC Corporation CLUSTERPRO 和 EXPRESSCLUSTER 缓冲区错误漏洞

Nec Expresscluster X is a specialized high availability cluster software from Nec Corporation of Japan. It is used to initiate a fast restore function and continuously protect critical applications and data.NEC Corporation CLUSTERPRO is a HA cluster software from NEC. A buffer error vulnerability...

9.8CVSS9AI score0.02073EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/10/21 12:0 a.m.17 views

Huawei Imanager NetEco 代码注入漏洞

Huawei Imanager NetEco is a professional energy infrastructure management platform from Huawei China. Huawei iManager NetEco suffers from a CSV injection vulnerability, which stems from insufficient input validation of certain parameters and can be exploited to inject CSV files into the target...

6.8CVSS5.6AI score0.00561EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/10/01 12:0 a.m.17 views

GitLab 权限许可和访问控制问题漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. GitLab suffers from a Permission Permission and Access...

4.3CVSS5.7AI score0.00545EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/09/22 12:0 a.m.17 views

Cisco IOS 缓冲区错误漏洞

Cisco IOS XE Software is an operating system from the U.S. company Cisco Cisco. A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity.Cisco IOS XE Software is vulnerable to an authentication bypass...

9.8CVSS8.6AI score0.01702EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/09/20 12:0 a.m.17 views

Faad2 缓冲区错误漏洞

Freeware Advanced Audio Decoder 2 FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder licensed under the GPLv2 license. a heap buffer overflow vulnerability exists in the stszin function in mp4read.c in FAAD2 version 2.10.0 and earlier. An attacker could exploit this vulnerability to execute co...

7.8CVSS7.8AI score0.01218EPSS
Exploits1References8
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.17 views

UReport 代码注入漏洞

UReport is a high-performance pure Java reporting engine based on the Spring architecture. ureport version 2.2.9 contains an arbitrary file creation vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

9.8CVSS6.1AI score0.01781EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/09/13 12:0 a.m.17 views

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Per page, which stems from a lack of proper...

4.8CVSS5.1AI score0.00617EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/09/13 12:0 a.m.17 views

atftp 安全漏洞

atftp is a client implementation of the TFTP protocol. A security vulnerability exists in tftpdfile.c in ATFTP 0.7.4 and earlier versions, which stems from buffer size handling that does not properly account for combinations of data, OACK, and other options...

7.5CVSS7.6AI score0.02581EPSS
Exploits1References7
CNNVD
CNNVD
added 2021/08/25 12:0 a.m.17 views

Cisco UCS Manager 资源管理错误漏洞

A denial-of-service vulnerability exists in the way Cisco UCS Manager handles SSH sessions, which can be exploited by an attacker to open a large number of SSH sessions to cause the internal Cisco UCS Manager software process to crash and restart...

4.3CVSS5.6AI score0.01032EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/08/17 12:0 a.m.17 views

Dolibarr 授权问题漏洞

Dolibarr is a software application. A modern software package to help manage your organization's activities. A security vulnerability exists in Dolibarr versions v2.8.1 through v13.0.2 that allows a low-privileged attacker to reset the password of any user in the affected application using the...

8.8CVSS7.9AI score0.01058EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.17 views

Google TensorFlow 代码问题漏洞

Google TensorFlow is an end-to-end open source machine learning platform. a null pointer dereference vulnerability exists in the rowpartitiontypes of the tf.rawops.RaggedTensorToTensor API in versions prior to Google TensorFlow 2.6.0. An attacker can exploit this vulnerability by sending invalid...

7.8CVSS5.3AI score0.00167EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.17 views

Siemens Solid Edge 资源管理错误漏洞

Siemens Solid Edge is a 3D CAD software from Siemens, a German company. The software can be used in industries such as part design, assembly design, sheet metal design, welding design, etc. A security vulnerability exists in Siemens Solid Edge, which stems from the lack of proper validation of th...

7.8CVSS5.8AI score0.01383EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/08/09 12:0 a.m.17 views

Jupyter Notebook 跨站脚本漏洞

Jupyter Notebook is a suite of open source web applications for creating and sharing code and illustrative text documents. Jupyter Notebook suffers from a cross-site scripting vulnerability that stems from the fact that in the affected version, untrusted notes can execute code on load and Jupyter...

9.6CVSS8.5AI score0.02638EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/08/09 12:0 a.m.17 views

WordPress 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code issue vulnerability exists in WordPress theme Workreap that stems from...

9.8CVSS8.3AI score0.60113EPSS
Exploits9References6
CNNVD
CNNVD
added 2021/08/08 12:0 a.m.17 views

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation.A denial-of-service vulnerability exists in the appendix box of Mozilla Rust versions prior to November 15, 2020, which can be exploited by an attacker to cause data contention by sending a specially crafted...

5.9CVSS5.6AI score0.00978EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/08/03 12:0 a.m.17 views

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from Google, Inc. Google Android wifi driver information disclosure vulnerability can be exploited by remote attackers to obtain sensitive information...

6.5CVSS5.7AI score0.00297EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/07/17 12:0 a.m.17 views

Hashicorp HashiCorp Consul 输入验证错误漏洞

Hashicorp HashiCorp Consul is a suite of distributed, highly available data center-aware solutions from HashiCorp Hashicorp USA. The product is used to connect and provision applications across a dynamically distributed infrastructure. HashiCorp Consul and Consul Enterprise suffers from an input...

7.5CVSS7.4AI score0.0174EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/07/13 12:0 a.m.17 views

Microsoft Exchange Server 授权问题漏洞

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voice mail, email filtering and screening, and other features. An authorization issue vulnerability exists in Microsoft Exchange Server. The...

7.5CVSS8.3AI score0.97502EPSS
Exploits2References6
CNNVD
CNNVD
added 2021/07/07 12:0 a.m.17 views

Joomla! 跨站脚本漏洞

A cross-site scripting vulnerability exists in versions 3.0.0 to 3.9.27, which could be exploited to lure users into clicking on and executing client-side code to steal user cookie credentials...

6.1CVSS5.3AI score0.00877EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/07/07 12:0 a.m.17 views

Joomla! CMS 跨站脚本漏洞

A cross-site scripting vulnerability exists in versions 3.0.0 to 3.9.27 of Joomla!...

6.1CVSS5.1AI score0.00877EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/06/21 12:0 a.m.17 views

NVIDIA Jetson 缓冲区错误漏洞

Nvidia NVIDIA Jetson is an embedded system development module from Nvidia Corporation. NVIDIA Jetson suffers from a buffer error vulnerability that stems from Trusty including a vulnerability in the HDCP service TA that lacks the boundary check in Command 5. An attacker could exploit this...

7.7CVSS7.4AI score0.00242EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/06/14 12:0 a.m.17 views

Tor 缓冲区错误漏洞

Tor is a network of virtual tunnels. It allows individuals and groups to improve their privacy and security on the Internet. A buffer error vulnerability exists in Tor. The vulnerability arises from a networked system or product performing operations in memory without properly validating data...

7.5CVSS8.5AI score0.01564EPSS
Exploits0References9
CNNVD
CNNVD
added 2021/06/11 12:0 a.m.17 views

Gallagher Command Centre Server SQL注入漏洞

Gallagher Command Center Server is a management system used by Gallagher of New Zealand to monitor and manage infrastructure in buildings. Gallagher Command Centre OPCUA Interface A SQL injection vulnerability exists due to a lack of validation of externally entered SQL statements in a...

9.9CVSS5.4AI score0.0066EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/06/10 12:0 a.m.17 views

HTMLDOC 资源管理错误漏洞

HTMLDOC is an open source program that converts HTML and Markdown files to EPUB, Indexed HTML, PostScript, and PDF formats.A resource management error vulnerability exists in HTMLDOC, which stems from the pspdfexport function in ps-pdf.cxx when processing JPEG images A boundary error exists. A...

9.8CVSS6.3AI score0.02282EPSS
Exploits1References8
CNNVD
CNNVD
added 2021/06/10 12:0 a.m.17 views

McAfee Agent代码问题漏洞

The McAfee McAfee Agent MA is a set of client components from McAfee, Inc. that provides secure communications between ePolicy Orchestrator the antivirus management platform and managed products. A security vulnerability exists in McAfee Agent in versions prior to 5.7.3. The vulnerability stems...

7.3CVSS5.6AI score0.00348EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.17 views

Zettlr 跨站脚本漏洞

Zettlr is the most comprehensive editor for professional editing of Markdown files. Zettlr suffers from a cross-site scripting vulnerability that can be exploited by remote attackers to trick a victim into clicking on a specially crafted link and executing arbitrary HTML and script code in the...

6.1CVSS5.8AI score0.01036EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.17 views

Sourceforge PoDoFo 安全漏洞

PoDoFo is a free, portable and easy to use PDF parsing, modification and creation library. A security vulnerability exists in the PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp in PoDoFo version 0.9.7. An attacker can exploit the vulnerability to cause a stack overflow...

5.5CVSS5.7AI score0.0073EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/05/11 12:0 a.m.17 views

Istio 授权问题漏洞

Istio is a set of open platforms for connecting, managing, and securing microservices. Istio is vulnerable to an authorization issue. The vulnerability stems from the fact that when the istio gateway is configured in TLS mode "AUTOPASSTHROUGH", it is possible for an attacker to bypass authorizati...

9.8CVSS8.2AI score0.01454EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/04/21 12:0 a.m.17 views

多款Nvidia产品安全漏洞

NVIDIA GPU Display Driver for Linux is a product of NVIDIA Corporation.NVIDIA GPU Display Driver for Linux is a driver for interactive support of the graphics card display module in Linux systems.NVIDIA GPU Display Driver for Windows is a driver for interactive support of the graphics card displa...

7.8CVSS7.2AI score0.00347EPSS
Exploits0References10
CNNVD
CNNVD
added 2021/04/20 12:0 a.m.17 views

Oracle VM VirtualBox 输入验证错误漏洞

Oracle VM VirtualBox is a virtual machine management software from Oracle. Oracle VM VirtualBox suffers from an input validation error vulnerability that stems from an input validation error in the core components of Oracle VM VirtualBox. No detailed vulnerability details are provided at this tim...

7.5CVSS6.5AI score0.00791EPSS
Exploits0References10
CNNVD
CNNVD
added 2021/04/20 12:0 a.m.17 views

Oracle VM VirtualBox 输入验证错误漏洞

Oracle VM VirtualBox is a virtual machine management software from Oracle. Oracle VM VirtualBox suffers from an input validation error vulnerability that stems from an input validation error in the core components of Oracle VM VirtualBox. No detailed vulnerability details are provided at this tim...

7.1CVSS6.5AI score0.00342EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/04/20 12:0 a.m.17 views

Oracle Fusion Middleware 输入验证错误漏洞

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collections, and other capabilities. Oracle Fusion Middleware Oracle Platform Security for Java OPSS...

9.8CVSS8.3AI score0.05667EPSS
Exploits1References7
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.17 views

Nextcloud 注入漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in the Nextcloud Desktop client, which stems from insufficient validation of input provided to a user passed through a URL....

8.8CVSS8.1AI score0.04698EPSS
Exploits1References10
CNNVD
CNNVD
added 2021/04/05 12:0 a.m.17 views

froala editor 跨站脚本漏洞

Froala Editor is a Web-based WYSIWYG rich text editor . A cross-site scripting vulnerability exists in the hyperlink creation module in Froala Editor version 3.2.6. The vulnerability can be exploited to conduct cross-site scripting attacks via specially crafted base64 strings...

6.1CVSS5.1AI score0.01051EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/03/30 12:0 a.m.17 views

Apache Druid 安全漏洞

Apache Druid is a column-oriented, open source distributed database written in Java from the Apache Software Apache Foundation. A security vulnerability exists in Apache Druid 0.20.2, which can be exploited by an attacker to execute arbitrary code in the MYSQL process of the Druid server...

8.8CVSS8.3AI score0.22588EPSS
Exploits1References10
CNNVD
CNNVD
added 2021/03/26 12:0 a.m.17 views

baserCMS 操作系统命令注入漏洞

BaserCMS is an open source enterprise-level content management system cms. An OS command injection vulnerability exists in BaserCMS versions prior to 4.4.5. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary OS commands...

9CVSS6.1AI score0.02475EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/03/26 12:0 a.m.17 views

Nimble 信任管理问题漏洞

Nimble is an open source package manager for the Nim programming language. A trust management issue vulnerability exists in Nimble versions 1.2.10 and 1.4.4, which can be exploited by an attacker to deliver a modified list of packages containing malware packages, leading to untrusted code executi...

8.1CVSS7.8AI score0.01035EPSS
Exploits1References7
CNNVD
CNNVD
added 2021/03/16 12:0 a.m.17 views

Rohan Kumar kubernetes-client 路径遍历漏洞

Rohan Kumar kubernetes-client is an open source application by Rohan Kumar. Provides smooth DSL access to the full Kubernetes and OpenShift REST APIs. A security vulnerability exists in fabric8 kubernetes-client in version 4.2.0 and after, which stems from the copy command lifting files outside o...

7.4CVSS6.6AI score0.01312EPSS
Exploits0References13
CNNVD
CNNVD
added 2021/03/15 12:0 a.m.17 views

Npm ps-kill 命令注入漏洞

Npm ps-kill is an application from Npm, Inc. Npm ps-kill is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands...

9.8CVSS6AI score0.01201EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/03/10 12:0 a.m.17 views

Sauwming pjproject 安全漏洞

Sauwming pjproject is a Sauwming open source application. It combines the signaling protocol SIP with a rich multimedia framework and NAT traversal capabilities into a portable, high-level API for almost all types of systems, from desktops and embedded systems to cell phones. A security...

6.8CVSS7AI score0.00991EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/03/09 12:0 a.m.17 views

Microsoft Office 安全漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A security vulnerability exists in Microsoft Office. The following products and editions are...

7.8CVSS7.2AI score0.03122EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/03/09 12:0 a.m.17 views

Siemens RUGGEDCOM RM1224 缓冲区错误漏洞

SCALANCE SC-600 devices SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C are used to protect trusted industrial networks from untrusted networks. SCALANCE M-800/S615 industrial routers are used for secure remote access to plants via mobilenetworks such as GPRS or UMTS for secure remote access to...

8.8CVSS6.2AI score0.00852EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/02/23 12:0 a.m.17 views

Directus Information Disclosure Vulnerability

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus version 8.x prior to version 8.8.1, which can be exploited by an attacker to view all users in the CMS using API user id...

7.5CVSS7.1AI score0.01381EPSS
Exploits1References2
CNNVD
CNNVD
added 2020/12/28 12:0 a.m.17 views

Dhowden Tag Input Validation Error Vulnerability

Dhowden Tag is a Go-based MP3/MP4/OGG/FLAC metadata parsing library by Dhowden's personal developer. A security vulnerability exists in dhowden tag versions prior to 2020-11-19, which allows "panic: runtime error: slice bounds out of range" via readTextWithDescrFrame...

6.5CVSS5.8AI score0.01111EPSS
Exploits1References2
CNNVD
CNNVD
added 2020/12/04 12:0 a.m.17 views

Red Hat Wildfly Security Vulnerability

Red Hat Wildfly is a lightweight JavaEE-based open source application server from Red Hat, Inc. A security vulnerability exists in Red Hat Wildfly that stems from a potential memory leak in wildfly when using OpenTracing...

7.1CVSS6.2AI score0.01109EPSS
Exploits0References11
CNNVD
CNNVD
added 2020/11/16 12:0 a.m.17 views

Gila CMS 代码问题漏洞

Gila CMS is an open source content management system CMS based on PHP and MySQL. A file upload vulnerability exists in Gila CMS 1.16.0. An attacker can exploit this vulnerability to upload a shell to the tmp directory, which can then be used to execute PHP files using .htaccess via the logging...

7.2CVSS7.1AI score0.0162EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Soagen Apinizer 安全漏洞

Soagen Apinizer is an API management and API gateway platform developed by the Turkish company Soagen. Versions of Soagen Apinizer from 2026.04.0 to 2026.04.6 contained security vulnerabilities. These vulnerabilities were caused by improper handling of special elements in expressions language...

9.8CVSS5.4AI score0.00417EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 had a security vulnerability due to improper handling of symbolic links, which could allow applications to access protected user data...

5.5CVSS5.3AI score0.00151EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 代码问题漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were code vulnerabilities in versions prior to 18.10 through 18.10.8...

6.5CVSS5.6AI score0.00247EPSS
Exploits0References1
Total number of security vulnerabilities5000