Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/06/30 12:0 a.m.27 views

silverstripe framework跨站脚本漏洞

silverstripe framework is a CMS website framework. silverstripe framework version 4.10.0 and prior versions contain a cross-site scripting vulnerability, which stems from the fact that tokens within the script can be added to the website content by an authenticated CMS user via XHR. An attacker...

5.4CVSS3.8AI score0.00641EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/30 12:0 a.m.27 views

WordPress Limit Login Attempts plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. versions of the WordPress Limit Login Attempts plugin prior to 4.0.72 have a cross-site scripting...

4.8CVSS0.6AI score0.00848EPSS
Exploits2References1
CNVD
CNVD
added 2022/06/30 12:0 a.m.27 views

Vim ins_bs function buffer overflow vulnerability

Vim is a cross-platform text editor. buffer overflow vulnerability exists in versions of Vim prior to 8.2, which stems from a boundary error in the function insbs when handling untrusted input. A remote attacker could exploit this vulnerability to cause sensitive information corruption, crashes, ...

7.8CVSS5AI score0.01395EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/28 12:0 a.m.27 views

IBM Robotic Process Automation Information Disclosure Vulnerability (CNVD-2022-54644)

IBM Robotic Process Automation is a robotic process automation product from IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation versions 21.0.1 and 21.0.2 contain an information disclosure vulnerability...

4.6CVSS2.7AI score0.0027EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/27 12:0 a.m.27 views

Jenkins Cross-Site Scripting Vulnerability (CNVD-2022-65922)

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins suffers from a cross-site scripting vulnerability that stems from the title attribute and alt attribute not being...

4.3CVSS2.2AI score0.01351EPSS
Exploits0Affected Software2
CNVD
CNVD
added 2022/06/27 12:0 a.m.27 views

Jenkins Access Control Error Vulnerability (CNVD-2022-65925)

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins versions 2.335 through 2.355 contain an access control error vulnerability that stems from the lack of an effectiv...

5CVSS2.9AI score0.01288EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/06/24 12:0 a.m.27 views

Jenkins JUnit Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins JUnit Plugin 1119.vaa5e9068dad7...

3.5CVSS1.1AI score0.76878EPSS
Exploits0
CNVD
CNVD
added 2022/06/23 12:0 a.m.27 views

Hindu Matrimonial Script Authentication Bypass Vulnerability (CNVD-2022-61038)

A security vulnerability exists in Hindu Matrimonial Script, an online matrimonial service website of PHP Matrimonial Script India, which stems from improper privilege management in /admin/searchview.php. No details of the vulnerability are currently available...

8.8CVSS2.7AI score0.00778EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/22 12:0 a.m.27 views

WordPress Ocean Extra plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress Ocean Extra plugin 1.9.5, which stem...

6.1CVSS1.1AI score0.01355EPSS
Exploits2References1
CNVD
CNVD
added 2022/06/22 12:0 a.m.27 views

WordPress BestWebSoft plugin denial of service vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress BestWebSoft...

6.5CVSS3.2AI score0.01176EPSS
Exploits2References1
CNVD
CNVD
added 2022/06/22 12:0 a.m.27 views

WordPress Amazon single title links plugin跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Amazon Einzeltitellinks plugin 1.3.3 and earlier versions are vulnerable to cross-site...

6.5CVSS1.9AI score0.00393EPSS
Exploits2References1
CNVD
CNVD
added 2022/06/21 12:0 a.m.27 views

Online Ordering System SQL Injection Vulnerability (CNVD-2022-55711)

Online Ordering System is a multi-store ordering system that can be used by any small business.Online Ordering System version v2.3.2 is vulnerable to SQL injection, which originates from /ordering/index.php?q=category&search=Lack of validation of external input SQL statement validation, an attack...

9.8CVSS5AI score0.01026EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/21 12:0 a.m.27 views

NETGEAR WNAP320 Access Control Error Vulnerability

The NETGEAR WNAP320 is a wireless access point AP from NETGEAR. An access control error vulnerability exists in the NETGEAR WNAP320 version v2.0.3, which stems from incorrect access control in /recreate.php, which can be exploited by an attacker to obtain a user's cookie...

5.3CVSS5.1AI score0.01226EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/21 12:0 a.m.27 views

Rescue Dispatch Management System SQL注入漏洞(CNVD-2022-53907)

Rescue Dispatch Management System is a rescue dispatch management system from Carlo Montero's personal developer. rescue dispatch management system version 1.0 is vulnerable to SQL injection, which can be exploited by attackers to perform sql injection and steal data...

9.8CVSS3AI score0.01026EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/20 12:0 a.m.27 views

WAVLINK AERIAL X 1200M Command Injection Vulnerability

WAVLINK AERIAL X 1200M, a WiFi extender from WAVLINK China, is vulnerable to a command injection vulnerability in version M79X3.V5030.180719, which stems from the execution of a POST received in adm.cgi spliced directly into a system function, which can be exploited by an attacker to exploit this...

10CVSS6.7AI score0.02852EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/17 12:0 a.m.27 views

Online Tours And Travels Management System SQL注入漏洞

Online Tours And Travels Management System is an online tour management system. v1.0 of Online Tours And Travels Management System is vulnerable to SQL injection, which originates from /admin/operations/tax. The tname parameter in php lacks validation for external input SQL statements. An attacke...

7.2CVSS4.3AI score0.00909EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/17 12:0 a.m.27 views

WordPress Image Slider plugin跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Image...

5.4CVSS2.4AI score0.00389EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/17 12:0 a.m.27 views

WordPress Promotion Slider plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Promotion Slider plugin 3.3.4 and earlier versions contain a cross-site scripting...

5.4CVSS2AI score0.00524EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/17 12:0 a.m.27 views

Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59678)

Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. The application enables computers and devices to read High Efficiency Video Encoding or HEVC video. Microsoft HEVC Video Extensions has a remote code execution vulnerability and no details of the...

7.8CVSS3.1AI score0.02576EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/17 12:0 a.m.27 views

YoudianCMS SQL Injection Vulnerability (CNVD-2022-59020)

YouDianCMS is a website CMS. A SQL injection vulnerability exists in YoudianCMS v9.5.0, which originates from the lack of validation of the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php against external SQL input. This vulnerability can be exploited by attackers to execute...

8.8CVSS9.1AI score0.01286EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/15 12:0 a.m.27 views

WordPress Simple Membership plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress Simple Membership plugin prior to...

6.1CVSS1.9AI score0.01693EPSS
Exploits2References1
CNVD
CNVD
added 2022/06/15 12:0 a.m.27 views

HelpDeskZ Cross-Site Scripting Vulnerability

HelpDeskZ is a PHP-based software that allows you to manage your site's support using a web-based support ticket system. Provides quality support. A cross-site scripting vulnerability exists in HelpDeskZ version v2.0.2, which stems from a lack of parameter filtering and escaping in...

4.8CVSS5AI score0.00534EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/15 12:0 a.m.27 views

WordPress Like Button Rating plugin Access Control Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control error...

6.5CVSS6.4AI score0.0077EPSS
Exploits2References1
CNVD
CNVD
added 2022/06/15 12:0 a.m.27 views

Dolibarr Cross-Site Scripting Vulnerability

Dolibarr is an application. A modern software package that helps manage your organization's activities.A cross-site scripting vulnerability exists in versions prior to Dolibarr 16.0, which stems from the application's lack of filtering and escaping of data parameters. An attacker could exploit th...

3.5CVSS3.4AI score0.00863EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/06/15 12:0 a.m.27 views

WordPress One Click Plugin Updater plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.1CVSS8AI score0.00517EPSS
Exploits2References1
CNVD
CNVD
added 2022/06/14 12:0 a.m.27 views

Samsung mobile Bluetooth Information Disclosure Vulnerability (CNVD-2022-84579)

Samsung mobile Bluetooth is a Bluetooth device on Samsung cell phones. Samsung mobile Bluetooth is vulnerable to an information disclosure vulnerability that originates in the sendIntentSessionCompleted function, which includes the Bluetooth Device object The broadcast Intent in the...

3.3CVSS4.6AI score0.00109EPSS
Exploits0
CNVD
CNVD
added 2022/06/14 12:0 a.m.27 views

Google Android out-of-bounds read vulnerability (CNVD-2022-53386)

Google Android is a Linux-based open source operating system from Google, Inc. An out-of-bounds read vulnerability exists in Google Android, which originates in exynossecEnvinit in mach-gs101.c. An out-of-bounds read may occur due to a boundary checking error. An attacker could exploit this...

4.4CVSS3.4AI score0.00111EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/13 12:0 a.m.27 views

Powertek PDU Certification Bypass Vulnerability

Powertek, a company that manufactures data center-grade intelligent PDUs power distribution units, or heavy-duty power cords for server racks, has an authentication bypass vulnerability that can be exploited by an attacker to bypass active session authorization checks. It can then be used to gain...

9.8CVSS4.6AI score0.13425EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/13 12:0 a.m.27 views

WordPress WP Simple Adsense Insertion plugin跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Simple Adsense Insertion plugin prior to version 2.1 is vulnerable to cross-site request...

4.3CVSS2.3AI score0.00412EPSS
Exploits2References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.27 views

WordPress Social Share Buttons plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Social Share Buttons plugin 2.2.2 and earlier versions are vulnerable to cross-site request forgery...

4.3CVSS2.5AI score0.00396EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.27 views

Wedding Management System Arbitrary File Upload Vulnerability (CNVD-2022-54289)

Wedding Management System v1.0 is an arbitrary file upload vulnerability in the packageedit.php page, which is caused by a lack of validation of the image upload port on the packageedit.php page. The vulnerability is caused by the lack of validation of uploaded files on the packageedit.php page,...

8.8CVSS2.9AI score0.01099EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.27 views

Online Ordering System SQL Injection Vulnerability (CNVD-2022-55714)

Online Ordering System is a multi-store ordering system that can be used by any small business. version 1.0 of Online Ordering System is vulnerable to a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements on the admin/vieworders.php page, which...

9.8CVSS3.7AI score0.01081EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.27 views

Car Rental Management System SQL Injection Vulnerability (CNVD-2022-61082)

Car Rental Management System is a car rental management system. SQL injection vulnerability exists in Car Rental Management System, which can be exploited by attackers to view, add, modify or delete information in the back-end database...

7.2CVSS4.1AI score0.04522EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.27 views

Elitecms SQL Injection Vulnerability (CNVD-2022-57762)

Elitecms is a web content management from elitecms India. elitecms version 1.01 has a SQL injection vulnerability, which originates from /admin/editpage.php?page= page lack of validation of external input SQL statements, an attacker can use the vulnerability to execute illegal SQL commands to ste...

9.8CVSS6.4AI score0.01081EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.27 views

Wedding Management System Arbitrary File Upload Vulnerability (CNVD-2022-54295)

Wedding Management System v1.0 is a wedding planning management system by John Paul Lim Gabule, a personal developer. An attacker can exploit this vulnerability to upload malicious files and remotely execute arbitrary code...

8.8CVSS5.5AI score0.01099EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.27 views

SialWeb CMS SQL Injection Vulnerability

SialWeb CMS is a content management system from SialWeb Pakistan. SQL injection vulnerability exists in SialWeb CMS, which can be exploited by attackers to manipulate the parameter Id to cause sql injection...

8.8CVSS4.8AI score0.00727EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.27 views

Rescue Dispatch Management System SQL注入漏洞(CNVD-2022-53916)

Rescue Dispatch Management System is a rescue dispatch management system developed by Carlo Montero. v1.0 of Rescue Dispatch Management System is vulnerable to SQL injection, which originates from /rdms/admin/ incidents/viewincident.php?id=The page lacks validation for external input SQL...

9.8CVSS2.5AI score0.01081EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/01 12:0 a.m.27 views

Apache Tika Denial of Service Vulnerability (CNVD-2022-73263)

Apache Tika is a collection of content extraction tools from the Apache Foundation that integrates POI an open source library that uses Java programs to provide read and write functionality for Microsoft Office format documents, Pdfbox a pure Java class library for reading and creating PDF...

2.6CVSS2.9AI score0.01858EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/06/01 12:0 a.m.27 views

WordPress WP 2FA plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP 2FA plugin version 2.2.1 before version 2.2.1 has a cross-site scripting vulnerability...

6.1CVSS2.5AI score0.00815EPSS
Exploits2References1
CNVD
CNVD
added 2022/05/31 12:0 a.m.27 views

Tuxera NTFS-3G Code Injection Vulnerability

Tuxera NTFS-3G is an open-source, cross-platform set of drivers from Tuxera Finland for supporting read and write NTFS partitions.A code injection vulnerability exists in Tuxera NTFS-3G, which stems from the presence of an invalid return code in fusekernmount. No detailed vulnerability details ar...

6.7CVSS4.3AI score0.00417EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/31 12:0 a.m.27 views

Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2022-82647)

Tuxera NTFS-3G is an open source, cross-platform set of drivers from Tuxera Finland for supporting read and write NTFS partitions. tuxera NTFS-3G suffers from a buffer overflow vulnerability that stems from a boundary error in ntfsnamesfullcollate when handling untrusted input, which can be...

7.8CVSS5.3AI score0.00431EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/31 12:0 a.m.27 views

Command Execution Vulnerability in OpenSSL (CNVD-2022-51192)

OpenSSL is an open source capable general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports a variety of cryptographic algorithms , including symmetric ciphers , hash algorithms ,...

10CVSS7.6AI score0.83223EPSS
Exploits5References1
CNVD
CNVD
added 2022/05/31 12:0 a.m.27 views

Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2022-82645)

Tuxera NTFS-3G is an open source, cross-platform set of drivers from Tuxera Finland for supporting read and write NTFS partitions.A buffer overflow vulnerability exists in Tuxera NTFS-3G, which stems from a boundary error in ntfschecklogclientarray when handling untrusted input, and could be...

7.8CVSS4.7AI score0.00431EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/27 12:0 a.m.27 views

HCL Technologies BigFix Mobile/Modern Client Management信息泄露漏洞

HCL Technologies BigFix Mobile/Modern Client Management is a mobile device management software client from HCL Technologies, India. Management versions v2.0 and v2.1 contain an information disclosure vulnerability that stems from the exposure of unencrypted sensitive information in PPKG files...

4CVSS1.1AI score0.00345EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/05/25 12:0 a.m.27 views

GNU LibreDWG Heap Buffer Overflow Vulnerability (CNVD-2022-52261)

GNU LibreDWG is a C library for processing DWG files from the GNU community.A heap buffer overflow vulnerability exists in versions of GNU LibreDWG prior to 0.12.4, which stems from a boundary error in copycompressedbytes of decoder2007.c when handling untrusted input. No detailed vulnerability...

8.8CVSS3.2AI score0.00953EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/23 12:0 a.m.27 views

SPIP SQL Injection Vulnerability

SPIP is a web-based content publishing system. A SQL injection vulnerability exists in SPIP version 3.1.13 and earlier, which stems from a lack of validation of external input SQL statements in the liertrad and where parameters of /ecrire. An attacker could use this vulnerability to execute illeg...

6.5CVSS5.1AI score0.01515EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/05/23 12:0 a.m.27 views

Open Policy Agent Denial of Service Vulnerability

Open Policy Agent is a general-purpose policy engine that enables unified, context-aware policy enforcement across the stack. v0.39.0 of Open Policy Agent is vulnerable to a denial-of-service vulnerability that stems from an application misinterpreting each expression, triggering out-of-scope...

5CVSS4AI score0.0095EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/05/20 12:0 a.m.27 views

OctoPrint webcam stream test cross-site scripting vulnerability

OctoPrint is an application that provides a fast web interface for controlling consumer 3D printers. A cross-site scripting vulnerability exists in versions prior to OctoPrint 1.8.0, which stems from a lack of filtering and escaping of data in the software webcam stream test. An attacker could us...

4.6CVSS3.2AI score0.01152EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/05/20 12:0 a.m.27 views

Artifex Software Artifex MuJS Denial of Service Vulnerability

Artifex Software Artifex MuJS is a lightweight JavaScript interpreter from Artifex Software, which is used to embed into other software to provide script execution functionality. vulnerability, which stems from the existence of a null pointer dereference in jsPdumpsyntax in jsdump.c. An attacker...

4.3CVSS3.1AI score0.01083EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/05/20 12:0 a.m.27 views

Lenovo Personal Cloud Storage未知未明漏洞

Lenovo Personal Cloud Storage Lenovo Personal Cloud Storage is a personal cloud storage from Lenovo, a Chinese company. Lenovo Personal Cloud Storage has a security vulnerability that could be exploited to allow an unauthenticated user to create a standard user account...

6.3CVSS2.5AI score0.00545EPSS
Exploits0References1
Total number of security vulnerabilities5000