Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2023/07/03 12:0 a.m.16 views

Sealos 安全漏洞

Sealos is a cloud operating system designed for managing cloud-native applications. A security vulnerability exists in Sealos 4.2.0 and prior versions that stems from a privilege flaw where the billing interface can expose resource information...

8.1CVSS7.7AI score0.00549EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.16 views

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. An elevation of privilege vulnerability exists in Trend Micro Apex One, which can be exploited by a local attacker to elevate privileges and write arbitrary values to specific entries on an affected installation...

7.8CVSS7AI score0.00234EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/15 12:0 a.m.16 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a code issue vulnerability that can be exploited by an attacker to cause a local privilege escalation without the need for additional execute privileges...

7.8CVSS7.2AI score0.0009EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/13 12:0 a.m.16 views

Siemens CP-8031 信任管理问题漏洞

The SICAM A8000 RTUs Remote Terminal Units series is a modular device family for remote control and automation applications in all areas of energy supply. A hard-coded credentials vulnerability exists in the Siemens SICAM A8000 Devices CPCI85 Firmware, which can be exploited by an attacker to log...

6.8CVSS6.9AI score0.00364EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/06/01 12:0 a.m.16 views

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has an elevation of privilege vulnerability that originates from an out-of-bounds access to physical memory beyond the end of the buffer in the file iouring, which...

7.8CVSS7AI score0.01371EPSS
Exploits6References3
CNNVD
CNNVD
added 2023/05/31 12:0 a.m.16 views

IBM QRadar WinCollect Agent 安全漏洞

IBM QRadar WinCollect Agent is an agent program from International Business Machines IBM that collects and sends Windows event logs. A security vulnerability exists in IBM QRadar WinCollect Agent versions 10.0 through 10.1.3. An attacker could exploit the vulnerability to elevate system privilege...

8.2CVSS7.4AI score0.00203EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.16 views

WordPress plugin Add to Feedly 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

4.8CVSS6.3AI score0.00472EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/05/25 12:0 a.m.16 views

Cilium 安全漏洞

Cilium is an open source software. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. Cilium suffers from a security vulnerability that stems from the fact that wildcard rules will be...

5.3CVSS5.6AI score0.00655EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/05/24 12:0 a.m.16 views

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

6.1CVSS6.3AI score0.00462EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/24 12:0 a.m.16 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

7.5CVSS7.3AI score0.00737EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/22 12:0 a.m.16 views

Apache InLong 代码问题漏洞

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. A code execution vulnerability exists in Apache InLong versions 1.4.0 through 1.6.0, which can be exploited by an attacker to execute arbitrary code on a system...

7.5CVSS8.1AI score0.01228EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/18 12:0 a.m.16 views

Cisco DNA Center 输入验证错误漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. A command execution vulnerability exists in Cisco DNA Center Software. The vulnerability stems from the application's inadequate validation of user-supplied input in API request parameters and can be exploited by ...

8.8CVSS7.5AI score0.00624EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/18 12:0 a.m.16 views

Cisco DNA Center 安全漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. Cisco DNA Center is vulnerable to an authorization issue. The vulnerability stems from improper authorization of API requests and can be exploited by an authenticated, remote attacker to read information from a...

5.4CVSS7.4AI score0.00485EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/15 12:0 a.m.17 views

WordPress plugin Product Addons & Fields for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

4.8CVSS6.3AI score0.00461EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/05/12 12:0 a.m.16 views

Lost and Found Information System 跨站脚本漏洞

Lost and Found Information System is a lost and found information system by oretnom23 individual developer. A cross-site scripting vulnerability exists in Lost and Found Information System version 1.0, which stems from cross-site scripting due to incorrect manipulation of the parameter page...

6.1CVSS4.6AI score0.00661EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/05/10 12:0 a.m.16 views

WordPress plugin BBSpoiler 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.6AI score0.00361EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/10 12:0 a.m.16 views

WordPress plugin IMPress Listings 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.6AI score0.00361EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.16 views

Cybonet PineApp Mail Secure 跨站脚本漏洞

Cybonet PineApp Mail Secure from Israel's Cybonet blocks most malicious email threats at the network perimeter while providing a range of additional options for comprehensive security and message control. A security vulnerability exists in Cybonet PineApp Mail Secure that stems from the use of...

6.1CVSS6.2AI score0.00379EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/02 12:0 a.m.16 views

Qualcomm Chipsets 输入验证错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets, which stems from a memory corruption in the computer vision module due to improper array index validation...

7.8CVSS7.4AI score0.00115EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/27 12:0 a.m.16 views

Lightbend Alpakka Kafka 安全漏洞

Lightbend Alpakka Kafka is a powerful connector from Lightbend USA. A security vulnerability exists in Lightbend Alpakka Kafka versions prior to 5.0.0 that stems from log files containing sensitive information...

5.5CVSS5.6AI score0.00152EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/26 12:0 a.m.16 views

UCMS 跨站脚本漏洞

UCMS is a content management system written in PHP. A cross-site scripting vulnerability exists in UCMS version 1.6.0, which stems from a problem with the file saddpost.php, where incorrect manipulation of the parameter strorder can lead to cross-site scripting...

6.1CVSS4.1AI score0.00549EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.16 views

Expo 安全漏洞

Expo is an open source platform from Expo for creating React Native apps, which provides a number of tools and services that make it easier to develop React Native apps. Expo has a security vulnerability. An attacker exploited the vulnerability to take over an account and steal configuration file...

9.6CVSS8.7AI score0.2299EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/16 12:0 a.m.16 views

WordPress Plugin Transbank Webpay REST SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Transbank...

7.2CVSS7.7AI score0.00695EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/13 12:0 a.m.16 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets. An attacker exploiting this vulnerability could cause memory corruption...

9.3CVSS8AI score0.00118EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/13 12:0 a.m.16 views

Qualcomm Chipsets 输入验证错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption due to an integer overflow when synx bind and synx signal are called together...

8.4CVSS7.5AI score0.00116EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.16 views

Microsoft Message Queuing 安全漏洞

Microsoft Message Queuing is a solution for implementing asynchronous and synchronous scenarios that require high performance. A security vulnerability exists in Microsoft Message Queuing. An attacker could exploit this vulnerability to remotely execute code. The following products and editions a...

9.8CVSS8.7AI score0.95454EPSS
Exploits7References3
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.16 views

Microsoft Dynamics 跨站脚本漏洞

Microsoft Dynamics is a suite of ERP business solutions for multinational organizations from Microsoft USA. The product includes financial management, production management and business intelligence management. A security vulnerability exists in Microsoft Dynamics 365 Customer Voice. No informati...

6.1CVSS7.1AI score0.00685EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/06 12:0 a.m.16 views

svelte 跨站请求伪造漏洞

svelte is a new way to build Web applications from Svelte Open Source. A cross-site request forgery vulnerability exists in Svelte versions prior to 1.15.2, which stems from the ability to bypass cross-site request forgery CSRF protection via the Content-Type header...

8.8CVSS7.7AI score0.00373EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.16 views

discordrb操作系统命令注入漏洞

discordrb is Shard Lab's personal developer's repository for implementing the Discord API using Ruby. Discordrb suffers from an operating system command injection vulnerability that stems from the encoder.rb file insecurely constructing a shell string using the file parameter, which leaves the...

9.6CVSS8.3AI score0.02546EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.16 views

HGiga MailSherlock 安全漏洞

Hgiga MailSherlock is an enterprise mail auditing system from China Henderson Technology Hgiga. A security vulnerability exists in HGiga MailSherlock version 4.5, which stems from an insufficient access control issue. The vulnerability can be exploited by an attacker to access parts of other user...

5.3CVSS5.7AI score0.00595EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/23 12:0 a.m.16 views

Cisco Access Point 安全漏洞

Cisco Access Point is a network access point device from Cisco, Inc. It provides high-density wireless connectivity for small offices. A security vulnerability exists in Cisco Access Point that stems from insufficient input validation of user-supplied commands...

6.5CVSS5.7AI score0.00257EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.16 views

TeamPass SQL注入漏洞

TeamPass is an open source password manager from the individual developer Nils Laumaillé. A SQL injection vulnerability exists in versions prior to teampass 3.0.0.23, which stems from the presence of SQL injection...

7.5CVSS7.4AI score0.08354EPSS
Exploits6References5
CNNVD
CNNVD
added 2023/03/20 12:0 a.m.16 views

WordPress Plugin WooCommerce Multiple Customer Addresses & Shipping 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS7.8AI score0.01196EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/03/16 12:0 a.m.16 views

Dell BIOS 输入验证错误漏洞

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell, Inc. A security vulnerability exists in Dell BIOS, which arises from an incorrect input validation vulnerability that can be exploited by a locally authenticated attacker with administrator privileges to...

7.5CVSS7AI score0.00175EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/01 12:0 a.m.16 views

Linux kernel 代码问题漏洞

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel prior to version 5.16.3, which stems from the drivers/scsi/ufs/ufs-mediatek.c file incorrectly handling the return value of regulatorget...

5.5CVSS6.8AI score0.00249EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/03/01 12:0 a.m.16 views

Keycloak 输入验证错误漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Keycloak that stems from the presence of an open redirection vulnerability...

6.1CVSS6.4AI score0.00399EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/03/01 12:0 a.m.16 views

vantage6 安全漏洞

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in vantage6 versions prior to 3.8.0 that stems from the presence of an information leak...

6.5CVSS6.3AI score0.00591EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/02/18 12:0 a.m.16 views

Pixelfed 信息泄露漏洞

Pixelfed is a free and ethical photo sharing platform from the individual developers of Pixelfed. An information disclosure vulnerability exists in versions of Pixelfed prior to 0.11.4. An attacker exploiting this vulnerability could gain access to sensitive information...

5.3CVSS5.6AI score0.00639EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/02/16 12:0 a.m.16 views

Intel Media SDK 安全漏洞

Intel Media SDK is a multimedia SDK Software Development Kit from Intel Corporation. The product is primarily used for video encoding, decoding and processing in Windows and embedded Linux applications. A security vulnerability exists in IntelR Media SDK prior to version 22.2.2, which is caused b...

5.5CVSS5.7AI score0.00228EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/12 12:0 a.m.16 views

HP Factory Preinstalled Windows 10 Images 安全漏洞

HP Factory Preinstalled Windows 10 Images is a factory preinstalled image of HP from Hewlett-Packard HP USA. A security vulnerability exists in HP Factory Preinstalled Windows 10 Images version 20H2 and prior versions. An attacker can exploit the vulnerability to elevate privileges...

7.8CVSS7.5AI score0.00407EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/11 12:0 a.m.16 views

GitLab 信息泄露漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from an information disclosure vulnerability that stems from th...

4.3CVSS5AI score0.0051EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/09 12:0 a.m.16 views

Cockpit 安全漏洞

Cockpit is an interactive server management interface. A security vulnerability exists in Cockpit. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor announcement...

8.8CVSS6.3AI score0.00344EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/02/03 12:0 a.m.16 views

SwagPayPal 数据伪造问题漏洞

SwagPayPal is an open source PayPal integration for Shopware, a store software/platform. SwagPayPal suffers from a data forgery issue vulnerability that stems from the fact that the list of amounts and items sent to PayPal may not match those in the created order...

7.5CVSS7.2AI score0.00297EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/02 12:0 a.m.16 views

Cisco Small Business RV340 代码问题漏洞

The RV340, RV340W, RV345, and RV345P are all small business VPN routers from Cisco. A binary vulnerability exists in several Cisco products, which can be exploited by an attacker to upload files for overwrite operations...

9.8CVSS6.9AI score0.88874EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.16 views

Apache InLong 缓冲区错误漏洞

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. An information disclosure vulnerability exists in Apache InLong. An attacker can exploit this vulnerability to read arbitrary files on the system...

7.5CVSS6.3AI score0.0116EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.16 views

WordPress Plugin LearnPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin LearnPress...

9.9CVSS8.5AI score0.04269EPSS
Exploits2References3
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.16 views

WordPress plugin The GeoDirectory 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/01/22 12:0 a.m.16 views

Plesk Obsidian 输入验证错误漏洞

Plesk Obsidian is a hosting control panel from Plesk Switzerland. An input validation error vulnerability exists in Plesk Obsidian version 18.0.49 and prior versions. An attacker could exploit this vulnerability to redirect users to a malicious website via the host request header...

6.1CVSS6.3AI score0.02157EPSS
Exploits3References5
CNNVD
CNNVD
added 2023/01/13 12:0 a.m.16 views

Harbor 访问控制错误漏洞

Harbor is an open source container image repository project designed for enterprise users. VMware Harbor has an unauthorized access vulnerability, which stems from an access control error in Harbor and can be used by attackers to construct malicious data for unauthorized access attacks without...

7.5CVSS6.6AI score0.06237EPSS
Exploits2References5
CNNVD
CNNVD
added 2023/01/09 12:0 a.m.16 views

Linksys WUMC710 操作系统命令注入漏洞

The Linksys WUMC710 is a universal media connector from Linksys USA. A command injection vulnerability exists in the Linksys WUMC710 Wireless-AC Universal Media Connector version 1.0.02 build3 and prior versions. The vulnerability stems from the dosetNTP function in the httpd binary that uses...

7.2CVSS8.2AI score0.01682EPSS
Exploits1References4
Total number of security vulnerabilities5000