Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2023/01/26 12:0 a.m.16 views

WordPress Plugin LearnPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin LearnPress...

9.9CVSS8.5AI score0.04269EPSS
Exploits2References3
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.16 views

WordPress plugin The GeoDirectory 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/01/22 12:0 a.m.16 views

Plesk Obsidian 输入验证错误漏洞

Plesk Obsidian is a hosting control panel from Plesk Switzerland. An input validation error vulnerability exists in Plesk Obsidian version 18.0.49 and prior versions. An attacker could exploit this vulnerability to redirect users to a malicious website via the host request header...

6.1CVSS6.3AI score0.02157EPSS
Exploits3References5
CNNVD
CNNVD
added 2023/01/13 12:0 a.m.16 views

Harbor 访问控制错误漏洞

Harbor is an open source container image repository project designed for enterprise users. VMware Harbor has an unauthorized access vulnerability, which stems from an access control error in Harbor and can be used by attackers to construct malicious data for unauthorized access attacks without...

7.5CVSS6.6AI score0.06237EPSS
Exploits2References5
CNNVD
CNNVD
added 2023/01/09 12:0 a.m.16 views

Linksys WUMC710 操作系统命令注入漏洞

The Linksys WUMC710 is a universal media connector from Linksys USA. A command injection vulnerability exists in the Linksys WUMC710 Wireless-AC Universal Media Connector version 1.0.02 build3 and prior versions. The vulnerability stems from the dosetNTP function in the httpd binary that uses...

7.2CVSS8.2AI score0.01682EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/01/06 12:0 a.m.16 views

Piwigo SQL注入漏洞

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. Piwigo Piwigo-Guest-Book version 1.3.0 and earlier versions suffer from a SQL injection vulnerability that stems from incorrect...

9.8CVSS6.6AI score0.00724EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/01/03 12:0 a.m.16 views

Apache Dubbo 代码问题漏洞

Apache Dubbo is the United States Apache Apache Foundation of a lightweight Java-based RPC Remote Procedure Call framework. The product provides interface-based remote calling , fault tolerance and load balancing and automatic service registration and discovery. A code issue vulnerability exists ...

9.8CVSS8.5AI score0.02909EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/12/26 12:0 a.m.16 views

WordPress Plugin Google Apps 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

4.8CVSS5AI score0.00532EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/12/23 12:0 a.m.16 views

IBM AIX 安全漏洞

IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX suffers from a denial-of-service vulnerability that can be exploited by unauthorized local attackers to achieve a denial of service via the AIX SMB...

6.2CVSS6.2AI score0.00185EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/14 12:0 a.m.16 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...

5.4CVSS6.1AI score0.0048EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.16 views

Microsoft Windows Subsystem for Linux 安全漏洞

Microsoft Windows Subsystem for Linux WSL is a Microsoft Windows subsystem for Linux, a compatibility layer capable of running native Linux binary executables ELF format. A security vulnerability exists in the Microsoft Windows Subsystem for Linux. The following products and versions are...

7.8CVSS7.7AI score0.00473EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/09 12:0 a.m.16 views

xrdp 输入验证错误漏洞

xrdp is an open source remote desktop protocol server from Neutrinolabs Labs. An input validation error vulnerability exists in versions prior to xrdp v0.9.21, which stems from the inclusion of an integer overflow in the xrdpmmprocessrailupdatewindowtext function...

9.8CVSS7.6AI score0.00724EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/11/18 12:0 a.m.16 views

WordPress plugin WP Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin WP Page Builder version 1.2.6 and prior versions are vulnerable. An attacker could use this...

5.4CVSS5.2AI score0.00409EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/08 12:0 a.m.16 views

Microsoft Windows Win32K 安全漏洞

Microsoft Windows Win32k is a system file for Windows multi-user management from Microsoft USA. A security vulnerability exists in Microsoft Windows Win32K. The following products and editions are affected:Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based...

7.8CVSS7.4AI score0.08053EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/07 12:0 a.m.16 views

WordPress plugin Import any XML or CSV File to WordPress 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. The WordPress plugin Import any XML or CSV File to...

7.2CVSS7.2AI score0.03187EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/10/31 12:0 a.m.16 views

WordPress plugin WordPress Classifieds Plugin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

9.8CVSS8.5AI score0.05103EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/10/20 12:0 a.m.16 views

Adobe Commerce 输入验证错误漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce has an input validation error vulnerability that stems from incorrect input validation. An authenticated attacker can trigger an insecure...

8.8CVSS6.2AI score0.01091EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/12 12:0 a.m.16 views

Passport-SAML 数据伪造问题漏洞

Passport-SAML is the SAML 2.0 authentication provider for Passport, the Node.js authentication library. Passport-SAML suffers from a data forgery issue vulnerability that stems from the fact that a remote attacker can use passport-saml to bypass SAML authentication on a website...

8.1CVSS8.2AI score0.03025EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/10/11 12:0 a.m.16 views

Xen 资源管理错误漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen has a security vulnerability. An attacke...

6.5CVSS6.4AI score0.00265EPSS
Exploits0References17
CNNVD
CNNVD
added 2022/10/11 12:0 a.m.16 views

Microsoft Office 安全漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A security vulnerability exists in Microsoft Office. The following products and editions are...

6.5CVSS7.1AI score0.01365EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.16 views

Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software IPv6 VPN. An attacker...

7.4CVSS7.3AI score0.0028EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/09/27 12:0 a.m.16 views

多款Cisco产品安全漏洞

Cisco NX-OS Software and others are products of Cisco Corporation.Cisco NX-OS Software is a set of data center-grade operating system software used by switches.Cisco IOS is an operating system developed for its network devices.Cisco IOS XE Software is an operating system.Cisco IOS XE Software is...

4.7CVSS5.5AI score0.00594EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/09/27 12:0 a.m.16 views

多款Cisco产品安全漏洞

Cisco NX-OS Software and others are products of Cisco Corporation.Cisco NX-OS Software is a set of data center-grade operating system software used by switches.Cisco IOS is an operating system developed for its network devices.Cisco IOS XE Software is an operating system.Cisco IOS XE Software is...

4.7CVSS5.5AI score0.00641EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.16 views

Siemens Parasolid 缓冲区错误漏洞

Parasolid is a 3D geometric modeling tool that supports a variety of techniques, including solid modeling, direct editing, and free-form/sheet modeling.Simcenter Femap is an advanced simulation application for creating, editing, and examining finite element models of complex products or...

7.8CVSS7.5AI score0.00241EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.16 views

Microsoft Office 安全漏洞

Pow is an open source, complete authentication and user management library built into Elixir that works out-of-the-box for Phoenix and Plug-based applications while being fully customizable. A security vulnerability exists in Microsoft Office. The following products and editions are...

7.8CVSS7.7AI score0.01198EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/09 12:0 a.m.16 views

Microsoft Windows Hyper-V 竞争条件问题漏洞

Microsoft Windows Hyper-V is an application from Microsoft USA. A system hypervisor virtualization technology that enables desktop virtualization. A vulnerability exists in Microsoft Windows Hyper-V due to a competitive condition issue. The following products and editions are affected:Windows 10...

7.8CVSS7.6AI score0.00319EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/01 12:0 a.m.16 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the American company Google Google. A security vulnerability exists in Google Android 10, 11, 12, 12L. An attacker exploiting the vulnerability could result in local elevation of privilege...

7.8CVSS7.4AI score0.00111EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.16 views

FeehiCMS 代码问题漏洞

FeehiCMS is a Php-based CMS builder from Liufee Personal Developers.FeehiCMS version v2.1.1 is vulnerable to arbitrary file uploads. The vulnerability stems from the lack of valid validation of uploaded files by the application. An attacker can exploit the vulnerability to execute arbitrary code ...

8.8CVSS6.2AI score0.01003EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/26 12:0 a.m.16 views

Mozilla Firefox 输入验证错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an input validation error vulnerability that originates from insufficient validation of URLs, which can be exploited by an attacker to trick a victim into clicking on a ver...

6.5CVSS8.4AI score0.00463EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/15 12:0 a.m.16 views

Adobe InDesign 安全漏洞

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a buffer overflow vulnerability that originates from a boundary error when handling untrusted input. A remote attacker could exploit this vulnerability to execute...

7.8CVSS6.8AI score0.00463EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/07/07 12:0 a.m.16 views

CWP Panel 操作系统命令注入漏洞

CWP Panel is a modern and advanced Linux control panel from CWP Inc. It is suitable for web hosting service providers and system administrators. A security vulnerability exists in CWP Panel version v0.9.8.1126. An attacker can exploit the vulnerability to run commands as root user...

9CVSS8AI score0.18585EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/05 12:0 a.m.16 views

Fortinet FortiManager 缓冲区错误漏洞

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and the ability to group devices into different management domains ADOM to further simplify multi-device security deployment a...

6.7CVSS7.6AI score0.00179EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.16 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. The input validation error vulnerability exists in Mozilla Firefox due to a lack of restriction and filtering of extensions in the drag-and-drop image feature. The vulnerability can be exploited to...

8.8CVSS8.4AI score0.00715EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/06/20 12:0 a.m.16 views

IBM Curam Social Program Management 代码问题漏洞

IBM Curam Social Program Management is an IBM business and technology solution that provides pre-built health and social program components, business processes, toolsets and interfaces on top of a dynamically configurable architecture. The vulnerability stems from the failure of the program to...

9.8CVSS5.6AI score0.00418EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.16 views

Microsoft Office 安全漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A security vulnerability exists in Microsoft Office. The following products and editions are...

7.8CVSS7.7AI score0.03278EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/05/18 12:0 a.m.16 views

ISC BIND 安全漏洞

ISC BIND is a suite of open source software that implements the DNS protocol from the US company ISC. A security vulnerability exists in ISC BIND9 that stems from a reachable assertion that can be triggered if a TLS connection to a configured http TLS listener with defined endpoints is prematurel...

7.5CVSS7.3AI score0.04531EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/05/10 12:0 a.m.16 views

Microsoft Exchange Server 权限许可和访问控制问题漏洞

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voice mail, email filtering and screening. A vulnerability exists in Microsoft Exchange Server with privilege permission and access control...

8.2CVSS8.3AI score0.00842EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/05/10 12:0 a.m.16 views

TOTOLINK N600R 缓冲区错误漏洞

TOTOLINK N600R is a wireless router from Taiwan, China-based Gion Electronics TOTOLINK.A buffer overflow vulnerability exists in TOTOLINK N600R V4.3.0cu.7647B20210106, which stems from a lack of length validation of the File parameter in the FUN0041309c function. An attacker could exploit this...

10CVSS8.9AI score0.01684EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/04/22 12:0 a.m.16 views

Kubernetes ingress-nginx 输入验证错误漏洞

Kubernetes ingress-nginx is the entry controller for Cloud Native Computing Foundation's Kubernetes, using NGINX as a reverse proxy and load balancer. A security vulnerability exists in Kubernetes ingress-nginx. No information about the vulnerability is available at this time, so please stay tune...

8.1CVSS7.6AI score0.01109EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.16 views

Samsung SMR 缓冲区错误漏洞

Samsung SMR is a system patch package from South Korea's Samsung Samsung. Samsung SMR contains a heap buffer overflow vulnerability that can be exploited by attackers to execute code...

10CVSS6.1AI score0.01306EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/04/03 12:0 a.m.16 views

Microsoft ALLMediaServer 缓冲区错误漏洞

Microsoft ALLMediaServer is a U.S. Microsoft can watch or play videos, listen to music or view photos on all devices TV, smartphone, Chromecast, XBOX, Smart TV. A buffer error vulnerability in Mediaserver.exe in Microsoft ALLMediaServer version 1.6, which originates from a stack-based buffer...

10CVSS9.2AI score0.68733EPSS
Exploits4References4
CNNVD
CNNVD
added 2022/03/30 12:0 a.m.16 views

Google Android 安全漏洞

Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android has a security vulnerability that stems from a privilege bypass in the settings provider program, which could be exploited by attackers to gain access to sensitive information...

5.5CVSS5.7AI score0.00099EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/03/29 12:0 a.m.16 views

Joomla! 信息泄露漏洞

Joomla! is a set of forum components used in the Joomla! content management system. An information disclosure vulnerability exists in versions 3.0.0 through 3.10.6 and 4.0.0 through 4.1.0, which stems from an error caused by uploading a file name that is too long. The error displays a screen with...

5.3CVSS5.6AI score0.00871EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/03/29 12:0 a.m.16 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc.V8 is an open source JavaScript engine. Google Chrome suffers from a resource management error vulnerability that stems from post-release reuse in the QR code generator...

8.8CVSS7.6AI score0.0075EPSS
Exploits1References9
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.16 views

gogs 代码问题漏洞

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in versions prior to gogs 0.12.6, which...

9.9CVSS9AI score0.65237EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/03/16 12:0 a.m.16 views

CKEditor 资源管理错误漏洞

An authentication vulnerability exists in CKEditor4, an open source HTML editor, in the "Dialog Box" plug-in. The vulnerability allows misuse of the dialog input validator regular expression, which can cause significant performance degradation, leading to browser tab freezes. No details of the...

7.5CVSS6.8AI score0.02448EPSS
Exploits0References12
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.16 views

cri-o 代码注入漏洞

cri-o is a lightweight container runtime environment for the Kubernetes system. A code injection vulnerability exists in cri-o that can be exploited by an attacker to bypass protections and set arbitrary kernel parameters on the host...

9CVSS8.4AI score0.18561EPSS
Exploits0References15
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.16 views

Yokogawa Exaopc 操作系统命令注入漏洞

Yokogawa Electric is a server of Yokogawa Electric Yokogawa, a Japanese company. A security vulnerability exists in several Yokogawa Electric products that originates from a root service used in the products that uses incorrect ACL configurations to create and name pipes. The following products a...

7.8CVSS7.3AI score0.00215EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/03/09 12:0 a.m.16 views

Ruby on Rails 代码注入漏洞

Ruby on Rails is a set of open source web application frameworks based on the Ruby language from the Rails team. Ruby on Rails suffers from a code injection vulnerability that stems from incorrect input validation in the Active Storage module. A remote attacker can exploit the vulnerability to se...

9.8CVSS7.9AI score0.02742EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/03/08 12:0 a.m.16 views

Icinga Web 2 路径遍历漏洞

Icinga Web 2 is an application software.Icinga Web 2 is the next generation open source monitoring web interface, framework and command line interface developed by Icinga Project to support Icinga 2, Icinga Core and any other IDO database compatible monitoring backend. Icinga Web 2 suffers from a...

8.8CVSS8.2AI score0.1467EPSS
Exploits5References8
Total number of security vulnerabilities5000