Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2024/05/15 12:0 a.m.16 views

Cisco AsyncOS 安全漏洞

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. A security vulnerability exists in Cisco AsyncOS Software for Cisco Secure Email, Web Manager, and Secure Email Gateway, which arises from insufficient validation of user input, allowing an authenticated, remote attacker to...

6.1CVSS6AI score0.00319EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.16 views

WordPress plugin Barcode Scanner with Inventory & Order Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. The WordPress plugin Barcode Scanner with...

4.3CVSS6.4AI score0.0025EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.16 views

Siemens Solid Edge 安全漏洞

Siemens Solid Edge is a 3D CAD software from Siemens Germany. The software can be used for part design, assembly design, sheet metal design, welding design and other industries. Siemens Solid Edge suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute co...

7.8CVSS7.6AI score0.00239EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.16 views

D-Link DAP-1360 安全漏洞

The D-Link DAP-1360 is a router from China-based AUO D-Link. The D-Link DAP-1360 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code...

8.8CVSS7.8AI score0.01101EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.16 views

Unified Automation UaGateway 安全漏洞

Unified Automation UaGateway is a high-performance wrapper/agent from Unified Automation programmed in C++. A security vulnerability exists in Unified Automation UaGateway that stems from a specific flaw in the implementation of the ImportXML function that allows an attacker to create a denial of...

6.5CVSS6.4AI score0.01374EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.16 views

NETGEAR RAX30 安全漏洞

The NETGEAR RAX30 is a wireless router from NETGEAR. The NETGEAR RAX30 suffers from a command injection vulnerability that stems from a command injection vulnerability when processing UPnP port mapping requests, which can be exploited by an attacker to execute arbitrary commands...

8.8CVSS8AI score0.01258EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/12 12:0 a.m.16 views

Apache Kafka 安全漏洞

Apache Kafka is an open source distributed streaming platform from the Apache Foundation in the United States. The platform is capable of acquiring real-time data for building applications that react in real time to changes in the data stream. Apache Kafka suffers from a denial-of-acceptance...

7.4CVSS6.6AI score0.01125EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.16 views

Microsoft Outlook 安全漏洞

Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. Microsoft Outlook has a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks...

8.1CVSS6.6AI score0.02309EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/04 12:0 a.m.16 views

D-Link DNS-320 信任管理问题漏洞

The D-Link DNS-320 is a NAS Network Attached Storage device from China's Terasic D-Link Corporation. A trust management issue vulnerability exists in the D-Link DNS-320L, which originates from a trust management issue vulnerability in the file /cgi-bin/nassharing.cgi. Affected products and...

10CVSS9.4AI score0.98038EPSS
Exploits2References5
CNNVD
CNNVD
added 2024/04/03 12:0 a.m.16 views

Dell PowerEdge Server BIOS 和 Dell Precision Rack BIOS 安全漏洞

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS are both products of Dell USA.Dell PowerEdge Server BIOS is a system update driver from Dell.Dell Precision Rack BIOS is the Dell Precision Rack BIOS is a BIOS utility for high performance workstation products. A security vulnerability exist...

7.9CVSS6.7AI score0.00146EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.16 views

Docassemble 安全漏洞

Docassemble is a free, open source expert system for guided interviews and document assembly. An information disclosure vulnerability exists in Docassemble versions 1.4.53 through 1.4.96, which can be exploited by an attacker to gain unauthorized access to system information by manipulating a URL...

7.5CVSS6.3AI score0.69486EPSS
Exploits2References4
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.16 views

Aruba Networks ArubaOS Security Vulnerabilities

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that originates from an authenticated command injection vulnerability...

7.2CVSS7.4AI score0.0124EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/02 12:0 a.m.16 views

WordPress Plugin AI Engine Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.5CVSS8.3AI score0.0061EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.16 views

WordPress Plugin NEX-Forms Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

5.3CVSS6.7AI score0.00598EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.16 views

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from allowing in-place attempts to send commands when the DMCUB is not powered on...

5.5CVSS8.7AI score0.00214EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/09 12:0 a.m.16 views

Hugin Resource Management Error Vulnerability

Hugin is a cross-platform open source panoramic photography image stitching software by Hugin Open Source. A resource management error vulnerability exists in Hugin version v2022.0.0, which stems from a vulnerability that allows an attacker to cause the heap to be reused after release by parsing ...

7.8CVSS6.7AI score0.00342EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/01/31 12:0 a.m.16 views

WordPress plugin Droit Elementor Addons Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS6.5AI score0.00214EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/04 12:0 a.m.16 views

Google Android Security Vulnerability

Google Android is a Linux-based open source operating system from Google Inc. A security vulnerability exists in Google Android, which stems from a vulnerability in Framework that could lead to local privilege escalation...

7.8CVSS6.3AI score0.00376EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/12/21 12:0 a.m.16 views

WordPress Plugin WP Ultimate Exporter Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

7.5CVSS6.2AI score0.00452EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/19 12:0 a.m.16 views

Wavelink Avalanche Security Vulnerability

Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker exploiting this vulnerability could send a specially crafted request that could lead to the disclosure of sensitive da...

9.1CVSS6.6AI score0.0345EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/04 12:0 a.m.16 views

Red Hat Keycloak Security Vulnerability

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak version 22.0.5, which stems from a log injection issue that could allow an attacker to inje...

5.3CVSS7.2AI score0.01008EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/16 12:0 a.m.16 views

Adobe Acrobat Reader 安全漏洞

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. A security vulnerability exists in Adobe Acrobat Reader version 23.006.20360 and earlier and version 20.005.30524 and earlier, which can be exploited by an attacker ...

7.8CVSS7AI score0.01846EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/03 12:0 a.m.16 views

MediaWiki Information Disclosure Vulnerability

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. An information disclosure vulnerability exists in MediaWiki before 1.35.12, versions 1.36.x through 1.39.5...

4.3CVSS6.2AI score0.00626EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/10/19 12:0 a.m.16 views

WordPress plugin ChatBot SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

9.8CVSS7.1AI score0.06888EPSS
Exploits4References6
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.16 views

Nextcloud Code Issues Vulnerabilities

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A code issue vulnerability exists in Nextcloud mail, which stems from a lack of checking of the source, target, and cookie...

4.3CVSS7.1AI score0.00601EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/10/12 12:0 a.m.16 views

Juniper Networks Junos and Junos EVO Buffer Error Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos and Junos EVO, which is caused by a stack-based buffer overflow...

5.5CVSS7.3AI score0.00163EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.16 views

PortlandLabs Concrete CMS 代码问题漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system of the United States PortlandLabs company . An arbitrary file upload vulnerability exists in PortlandLabs Concrete CMS version v9.2.1, which stems from the application's lack of effective validation of uploaded...

5.4CVSS7.7AI score0.00585EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.16 views

Microsoft Azure DevOps Server Security Vulnerability

Microsoft Azure DevOps Server is a suite of software development collaboration tools from Microsoft Corporation USA. The product includes features such as code sharing, work tracking, and software distribution. A security vulnerability exists in Microsoft Azure DevOps Server. An attacker can...

7.3CVSS9.1AI score0.00847EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/28 12:0 a.m.16 views

Generex CS141 Cross-Site Scripting Vulnerability

The Generex CS141 is a series of Ethernet adapters from the German company Generex. A cross-site scripting vulnerability exists in Generex CS141 versions prior to 2.06, which stems from allowing the upload of files containing HTML content...

6.1CVSS6.1AI score0.00387EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.16 views

WordPress plugin Happy Elementor Addons Pro Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

7.1CVSS6AI score0.00351EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/19 12:0 a.m.16 views

NVIDIA DGX Security Vulnerability

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. The NVIDIA DGX H100 suffers from a security vulnerability that stems from a security flaw in the KVM service that allows an unauthenticated attacker to cause session token leakage to other users by observing...

8.1CVSS6.8AI score0.00516EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/09/11 12:0 a.m.16 views

AnythingLLM Security Vulnerability

AnythingLLM is a business-compliant document chatbot. A security vulnerability exists in versions of AnythingLLM prior to 0.0.1 that stems from the presence of relative path traversal...

9.8CVSS6.7AI score0.00752EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.16 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the fact that...

5.3CVSS5.7AI score0.00935EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/08/23 12:0 a.m.16 views

MongoDB Server 信任管理问题漏洞

MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in MongoDB Server version v6.3, MongoDB Serve...

7.5CVSS7AI score0.00367EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/08/22 12:0 a.m.16 views

Linux hwclock 安全漏洞

Linux hwclock is a command from the Linux Foundation of America. It is used to display and set the hardware clock. A security vulnerability exists in Linux hwclock version 13-v2.27, which originated from a vulnerability that allows an attacker to gain escalated privileges or execute arbitrary...

6.7CVSS6.8AI score0.0052EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/08/10 12:0 a.m.16 views

Adobe Acrobat Reader Buffer Error Vulnerability

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDFs. A buffer error vulnerability previously existed in Adobe Acrobat Reader version 23.003.20244, which originated from being affected by an out-of-bounds read...

5.5CVSS6.6AI score0.0213EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/09 12:0 a.m.16 views

Clario VPN client security vulnerability

Clario VPN client is a VPN client for Mac from Clario. A security vulnerability exists in Clario VPN client macOS version 5.9.1.1662, which originates when the VPN client insecurely configures the operating system so that traffic to the local network is sent outside of the VPN tunnel in cleartext...

5.7CVSS6.5AI score0.00681EPSS
Exploits1References8
CNNVD
CNNVD
added 2023/08/04 12:0 a.m.16 views

Matrix Sydent Trust Management Issues Vulnerabilities

Matrix Sydent is an implementation of the Matrix Authentication Server API from the Matrix Foundation in the UK. A trust management issue vulnerability exists in versions of Sydent prior to 2.5.6, which stems from a vulnerability that allows an attacker with privileged access to the network to...

9.3CVSS6.7AI score0.00229EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/07/18 12:0 a.m.16 views

1Panel 操作系统命令注入漏洞

1Panel is an open source Linux server operations and management panel for the Chinese 1panel community. Operating system command injection vulnerability exists in versions prior to 1Panel 1.4.3. The vulnerability stems from the presence of an operating system command injection vulnerability, whic...

8.8CVSS8.1AI score0.05354EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/07/14 12:0 a.m.16 views

Juniper Networks Junos OS SRX 安全漏洞

Juniper Networks Junos OS SRX is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS SRX that originates from a check or...

7.5CVSS7.3AI score0.00528EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/13 12:0 a.m.16 views

Auto-GPT 代码注入漏洞

Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. A code injection vulnerability exists in versions of Auto-GPT prior to 0.4.3, which stems from the ability to achieve arbitrary code execution on a host running Auto-GPT by overwriting...

7.8CVSS8.1AI score0.00338EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/13 12:0 a.m.16 views

SonicWALL Analytics和GMS 安全漏洞

SonicWALL Analytics and SonicWALL GMS are both products of SonicWALL, Inc. of the U.S. SonicWALL Analytics is a high-performance management and reporting engine for the Web.SonicWALL GMS is a global management system. A powerful and intuitive solution for organizations, distributed enterprises an...

9.8CVSS8.3AI score0.06549EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.17 views

Jenkins Plugin Datadog 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.5AI score0.00691EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.16 views

xalpha 代码注入漏洞

xalpha is the full process management of a fund investment by Shixin Zhang, an individual developer in China. A security vulnerability exists in xalpha version v0.11.4, which stems from vulnerability to Remote Command Execution RCE attacks...

9.8CVSS8.4AI score0.01406EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.16 views

WordPress Plugin Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Conditional shipping &...

8.8CVSS8.1AI score0.00246EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/03 12:0 a.m.16 views

Sealos 安全漏洞

Sealos is a cloud operating system designed for managing cloud-native applications. A security vulnerability exists in Sealos 4.2.0 and prior versions that stems from a privilege flaw where the billing interface can expose resource information...

8.1CVSS7.7AI score0.00549EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.16 views

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. An elevation of privilege vulnerability exists in Trend Micro Apex One, which can be exploited by a local attacker to elevate privileges and write arbitrary values to specific entries on an affected installation...

7.8CVSS7AI score0.00234EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/15 12:0 a.m.16 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a code issue vulnerability that can be exploited by an attacker to cause a local privilege escalation without the need for additional execute privileges...

7.8CVSS7.2AI score0.0009EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/13 12:0 a.m.16 views

Siemens CP-8031 信任管理问题漏洞

The SICAM A8000 RTUs Remote Terminal Units series is a modular device family for remote control and automation applications in all areas of energy supply. A hard-coded credentials vulnerability exists in the Siemens SICAM A8000 Devices CPCI85 Firmware, which can be exploited by an attacker to log...

6.8CVSS6.9AI score0.00364EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/06/01 12:0 a.m.16 views

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has an elevation of privilege vulnerability that originates from an out-of-bounds access to physical memory beyond the end of the buffer in the file iouring, which...

7.8CVSS7AI score0.01371EPSS
Exploits6References3
Total number of security vulnerabilities5000