360 网络安全响应中心 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
4d42b2e96c478df11ac597898d1526f0 | 2024-04-17 11:18:19 | 2024-04 补丁日: Oracle多个产品漏洞安全风险通告 | 详情 | |
448cfa0216a0757ec96f5862f86eafd4 | 2024-04-01 10:42:50 | 安全事件周报 2024-03-25 第13周 | 详情 | |
1205680821e2717a58c599f99a9fb422 | 2024-03-26 07:23:13 | 安全事件周报 2024-03-18 第12周 | 详情 | |
2e93df858fc2c5b287883dc9313a87fc | 2024-03-18 07:07:47 | 安全事件周报 2024-03-11 第11周 | 详情 | |
c1cad147c12a38c089cd941022bc395e | 2024-03-13 04:34:11 | 2024-03 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
7119e349c423ea015d6f2a824c67ed63 | 2024-03-11 06:17:28 | 安全事件周报 2024-03-04 第10周 | 详情 | |
b2c0e23dcf540c0b5d2bb144ceade98d | CVE-2024-27198 | 2024-03-06 08:44:35 | CVE-2024-27198:JetBrains TeamCity 身份验证绕过漏洞通告 | 详情 |
5e103cbd4bae3244e692ba33c1d7fcf8 | 2024-03-04 07:07:59 | 安全事件周报 2024-02-26 第9周 | 详情 | |
cab02a763bf285b3dc009731f40f8c29 | CVE-2024-25065 | 2024-03-01 09:06:25 | CVE-2024-25065:Apache OFBiz目录遍历漏洞通告 | 详情 |
194761e30d263596338cc998ac88cbaa | 2024-02-28 08:51:55 | SupermanMiner挖矿木马新变种持续活跃 | 详情 | |
213a4c5c76a220c24da1c38c605fcc10 | CVE-2024-25600 | 2024-02-27 09:55:55 | CVE-2024-25600:WordPress Bricks Builder远程命令执行漏洞通告 | 详情 |
bc2c3923f651854c68f2dd6f99d69f0a | 2024-02-26 03:00:09 | 安全事件周报 2024-02-19 第8周 | 详情 | |
55c72f6f2af616fbddbb643df06c3b3a | CVE-2024-21413 | 2024-02-23 06:57:46 | CVE-2024-21413:Microsoft Outlook 远程代码执行漏洞通告 | 详情 |
f000a20bfa53fd8b0f5231b52ff34577 | 2024-02-19 10:10:13 | 2024-02 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
48ff3925c0cc22862b0d6e1f52140bdc | 2024-02-06 07:10:07 | 安全事件周报 2024-01-29 第5周 | 详情 | |
d8c34853fbcc6b39ae0a3783c6fa6d44 | CVE-2024-21626 | 2024-02-01 08:38:56 | CVE-2024-21626:runc容器逃逸漏洞通告 | 详情 |
6ff357e8344fde5ea96c964cc0161137 | 2024-01-29 10:02:54 | 安全事件周报 2024-01-22 第4周 | 详情 | |
8fc558ad63c1387fb3ed919bf754820e | CVE-2024-0204 | 2024-01-25 08:26:39 | CVE-2024-0204:GoAnywhere MFT 身份认证绕过漏洞通告 | 详情 |
f4359caac3c70e9141439aa773e1e8a5 | 2024-01-22 11:39:38 | 安全事件周报 2024-01-15 第3周 | 详情 | |
4939f25b3f3d3242726cd400c645be04 | CVE-2024-0519 | 2024-01-17 09:08:07 | CVE-2024-0519:Google Chrome V8越界访问漏洞通告 | 详情 |
300687d61adecf75afb4de6d78398518 | CVE-2024-0519 | 2024-01-17 08:09:14 | CVE-2024-0519:Google Chrome V8类型混淆漏洞通告 | 详情 |
28f74976e64bebdcd2b71df42f44817e | CVE-2023-22527 | 2024-01-16 09:50:35 | CVE-2023-22527:Atlassian Confluence 远程代码执行漏洞通告 | 详情 |
ec39eae21390157f92422897b04aad66 | 2024-01-15 08:28:24 | 安全事件周报 2024-01-08 第2周 | 详情 | |
de12aee5eaff6382190430b22e2c643f | 2024-01-11 10:55:37 | 2024-01 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
c2b35c67c2732343be5c23579ebcdd04 | 2024-01-08 07:37:47 | 安全事件周报 2024-01-01 第1周 | 详情 | |
666a3a36b86650d472f7203220b3a4f5 | 2024-01-02 09:34:01 | 安全事件周报 2023-12-25 第52周 | 详情 | |
f91862c02f62f7f8e9d01e209e59487b | CVE-2023-51467 | 2023-12-27 08:57:10 | CVE-2023-51467:Apache OFBiz 未授权远程代码执行漏洞通告 | 详情 |
0c520d1f3614bc8cba4450fee6f03f5d | 2023-12-25 08:21:40 | 安全事件周报 2023-12-18 第51周 | 详情 | |
ffb5d5f9ba0fa1576f9bd8325a8d3e66 | 2023-12-18 08:50:39 | 安全事件周报 2023-12-11 第50周 | 详情 | |
382c73d6388430b9cea6072c6c61858e | 2023-12-13 08:50:10 | 2023-12 补丁日: 微软多个漏洞安全更新通告 | 详情 |
Tenable (Nessus) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
9a64fd3ea990ec616bdbf594b16b0e6e | CVE-2024-4493 | 2024-05-05 03:15:07 | A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). Affected is the function formSetAutoPing. The manipulation of the argument ping1/ping2 leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263082 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 详情 |
72fe7aa0e375a66197448fea1aa700ca | CVE-2024-34490 | 2024-05-05 03:15:07 | In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d. | 详情 |
fc24713ce3a9173484ce6b5457714923 | CVE-2024-34489 | 2024-05-05 03:15:07 | OFPHello in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via length=0. | 详情 |
0cc1c8dd6314f422d5b4c25fa3ef8af3 | CVE-2024-34488 | 2024-05-05 03:15:07 | OFPMultipartReply in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via b.length=0. | 详情 |
db0165496031b41f4575154155f0f1e3 | CVE-2024-34487 | 2024-05-05 03:15:07 | OFPFlowStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via inst.length=0. | 详情 |
4364e0e862f93ef28657ee90fb05e3cf | CVE-2024-34486 | 2024-05-05 03:15:07 | OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPQueueProp.len=0. | 详情 |
d43a7635a07e7d333585d0738dc300fe | CVE-2024-34484 | 2024-05-05 02:15:07 | OFPBucket in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via action.len=0. | 详情 |
c36c5f3ab5c1f39bfa19caa675010301 | CVE-2024-34483 | 2024-05-05 02:15:06 | OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPBucket.len=0. | 详情 |
21c9f7c337ff541d7e2fc92a89dfb471 | CVE-2024-4492 | 2024-05-05 01:15:06 | A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.14(4656). This issue affects the function formOfflineSet of the file /goform/setStaOffline. The manipulation of the argument GO/ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263081 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 详情 |
5a052594ee52aa6cdd21db8de39c800a | CVE-2024-34478 | 2024-05-05 01:15:06 | btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds. | 详情 |
fc1a27f16e5f43377c29cad78c94340b | CVE-2024-3240 | 2024-05-04 04:15:08 | The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_info_bar' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 详情 |
a5e5f8850dde5cf63e891e107928126e | CVE-2024-3237 | 2024-05-04 04:15:08 | The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true. | 详情 |
bfb568cd314c4d8f23dd34cc6488ad4e | CVE-2024-3868 | 2024-05-04 03:15:07 | The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 详情 |
76d9f0294bfd30d96aeab78ff0845310 | CVE-2024-34455 | 2024-05-03 19:15:07 | Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. | 详情 |
8d955c1d3675c9637123c5aea288147c | CVE-2023-40695 | 2024-05-03 19:15:07 | IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938. | 详情 |
f5db04c7c066d973413371dd09c1ae33 | CVE-2022-33010 | 2024-05-03 19:15:07 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | 详情 |
da0dfdddc65eb25d967ebeecdd541962 | CVE-2022-22364 | 2024-05-03 19:15:07 | IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 220903. | 详情 |
1a892dafa93f37fa9a0dacbfa63d8b32 | CVE-2021-20451 | 2024-05-03 19:15:07 | IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643. | 详情 |
27175ba2b6e79ee0f5c750b431bc847d | CVE-2024-34453 | 2024-05-03 18:15:10 | TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=read_data&type=connectivity_test (which reaches /system/api.php). | 详情 |
bc8975127c1aff019beb186534ea5604 | CVE-2024-34075 | 2024-05-03 18:15:09 | kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the `MarkovData#getNext` method used in `Markov#generate` and `Markov#choose` allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a string contains a forbidden substring (i.e. `__proto__`) followed by a space character, the code will access a special property in `MarkovData#finalData` by removing the last character of the string, bypassing the dataset sanitization (as it is supposed to be already sanitized before this function is called). Any dataset can be contaminated with the substring making it unable to properly generate anything in some cases. This issue has been addressed in version 3.2.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 详情 |
ac66cc99274caf3291f5817da9178d35 | CVE-2023-51633 | 2024-05-03 03:16:26 | Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the sysName OID in SNMP. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-20731. | 详情 |
a0798c0f796e7021600d2ef234f58ef0 | CVE-2023-51629 | 2024-05-03 03:16:26 | D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the ONVIF API. The issue results from the use of a hardcoded PIN. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21492. | 详情 |
e80f987b9ff9b35392f2f8244d4f5d4d | CVE-2023-51628 | 2024-05-03 03:16:26 | D-Link DCS-8300LHV2 ONVIF SetHostName Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the SetHostName ONVIF call. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21322. | 详情 |
46f29bd980de06a8ebc24878742c1242 | CVE-2023-51627 | 2024-05-03 03:16:25 | D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the parsing of Duration XML elements. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21321. | 详情 |
52ad7a82b62d8d60fdae38178d490699 | CVE-2023-51626 | 2024-05-03 03:16:25 | D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Username Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Authorization header by the RTSP server, which listens on TCP port 554. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21320. | 详情 |
4431d98ea772b4629ef4c2e6b2166dac | CVE-2023-51625 | 2024-05-03 03:16:25 | D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementation of the ONVIF API, which listens on TCP port 80. When parsing the sch:TZ XML element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21319. | 详情 |
3262c3282f459575e3730674dfa6ec08 | CVE-2023-51624 | 2024-05-03 03:16:25 | D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Nonce Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Authorization header by the RTSP server, which listens on TCP port 554. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20072. | 详情 |
87b0a67caebeb6d322369e9ecb07da45 | CVE-2023-51623 | 2024-05-03 03:16:25 | D-Link DIR-X3260 prog.cgi SetAPClientSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21673. | 详情 |
8bf9873653202197861eac6240c60a2b | CVE-2023-51622 | 2024-05-03 03:16:25 | D-Link DIR-X3260 prog.cgi SetTriggerPPPoEValidate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21672. | 详情 |
9e3eb4cfbdb6d13fe19bf78ace056fe0 | CVE-2023-51621 | 2024-05-03 03:16:24 | D-Link DIR-X3260 prog.cgi SetDeviceSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21670. | 详情 |
国家信息安全漏洞共享平台(CNVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
8686fda9b2b49e4e1666b54e2248f935 | CNVD-2021-74882 | 2021-11-14 16:43:52 | 四创科技有限公司建站系统存在SQL注入漏洞 | 详情 |
8f6972d84ad188b05ff9cc14d4334949 | CNVD-2021-87021 (CVE-2020-4690) | 2021-11-12 12:43:14 | IBM Security Guardium硬编码凭证漏洞 | 详情 |
3bfe7b053a0c59d8a3d38c18f86aa143 | CNVD-2021-87022 (CVE-2021-38870) | 2021-11-12 12:43:12 | IBM Aspera跨站脚本漏洞 | 详情 |
a4649bb17f4db4d1c7f879ebceb46ed0 | CNVD-2021-87011 (CVE-2021-29753) | 2021-11-12 12:43:11 | IBM Business Automation Workflow存在未明漏洞 | 详情 |
094c613f9ed4b8b9d887dc912789043c | CNVD-2021-87025 (CVE-2021-20563) | 2021-11-12 12:43:10 | IBM Sterling File Gateway信息泄露漏洞 | 详情 |
41c47f01a4c65dcb6efc9ebf483fe762 | CNVD-2021-87010 (CVE-2021-38887) | 2021-11-12 12:43:08 | IBM InfoSphere Information Server信息泄露漏洞 | 详情 |
f51d33e7a09fd61ca90ede453515a830 | CNVD-2021-87016 (CVE-2021-29764) | 2021-11-12 12:43:07 | IBM Sterling B2B Integrator跨站脚本漏洞 | 详情 |
33615a5f78df822e82e6d3436045c48c | CNVD-2021-87026 (CVE-2021-38877) | 2021-11-12 12:43:06 | IBM Jazz for Service Management跨站脚本漏洞 | 详情 |
8e729177bcb4105dd831fb1e123ed1bb | CNVD-2021-87014 (CVE-2021-29679) | 2021-11-12 12:43:04 | IBM Cognos Analytics远程代码执行漏洞 | 详情 |
1a3b856f78e9fbdca12aeddc7d665aca | CNVD-2021-87029 (CVE-2021-29752) | 2021-11-12 12:43:03 | IBM Db2信息泄露漏洞 | 详情 |
6f1aa3a0cb819d97519baa47fd0232d5 | CNVD-2021-87015 (CVE-2021-29745) | 2021-11-12 12:43:02 | IBM Cognos Analytics权限提升漏洞 | 详情 |
cbcb12f5f51d6e7d6d8a9fa581aa863a | CNVD-2021-73908 | 2021-11-11 16:42:44 | 泛微e-cology存在SQL注入漏洞 | 详情 |
ae6fd467da55de31aa7219187cf5c2d4 | CNVD-2021-86904 (CVE-2021-20351) | 2021-11-11 08:31:46 | IBM Engineering跨站脚本漏洞 | 详情 |
412a15b40959ed9cf9330ee79f99e079 | CNVD-2021-86903 (CVE-2021-31173) | 2021-11-11 08:31:44 | Microsoft SharePoint Server信息泄露漏洞 | 详情 |
1cbc5d5faac431d3e82c9e5ea9588b5f | CNVD-2021-86902 (CVE-2021-31172) | 2021-11-11 08:31:43 | Microsoft SharePoint欺骗漏洞 | 详情 |
686c7cfb20933b41c3d679cbba79a2ad | CNVD-2021-86901 (CVE-2021-31181) | 2021-11-11 08:31:42 | Microsoft SharePoint远程代码执行漏洞 | 详情 |
72fdfb2d44c0d41d638e4632bdfc10b8 | CNVD-2021-86900 (CVE-2021-3561) | 2021-11-11 08:31:41 | fig2dev缓冲区溢出漏洞 | 详情 |
3ba6f0e9394f9414e2cadb9495e2d5f5 | CNVD-2021-85884 (CVE-2021-41210) | 2021-11-10 07:24:57 | Google TensorFlow堆分配数组越界读取漏洞 | 详情 |
4d8c4744ea972fb2fcb9673fea1fc7b7 | CNVD-2021-85883 (CVE-2021-41226) | 2021-11-10 07:24:56 | Google TensorFlow堆越界访问漏洞 | 详情 |
8778f9cd924cae585ca5e2e0b8be3b3f | CNVD-2021-85882 (CVE-2021-41224) | 2021-11-10 07:24:54 | Google TensorFlow堆越界访问漏洞 | 详情 |
e1b2722e6d5c509c680b584416d9cb20 | CNVD-2021-85881 (CVE-2021-42770) | 2021-11-10 07:24:53 | OPNsense跨站脚本漏洞 | 详情 |
ed09c9fa5586e2d4d9b4e95fe3b447a0 | CNVD-2021-85880 (CVE-2021-28024) | 2021-11-10 07:24:52 | ServiceTonic访问控制不当漏洞 | 详情 |
8a642f0922f7f915e81b2b947276a96c | CNVD-2021-85879 (CVE-2021-28023) | 2021-11-10 07:24:50 | ServiceTonic任意文件上传漏洞 | 详情 |
c00b061c2cfdee4016a869a188135db5 | CNVD-2021-85878 (CVE-2021-28022) | 2021-11-10 07:24:49 | ServiceTonic SQL注入漏洞 | 详情 |
9c4b20a28ad2bd4ab916448f0e1272bd | CNVD-2021-85877 (CVE-2021-32483) | 2021-11-10 07:24:48 | Cloudera Manager不正确访问控制漏洞 | 详情 |
4d4423857b7b1f38e49738f00e8949ba | CNVD-2021-85876 (CVE-2021-32481) | 2021-11-10 07:24:46 | Cloudera Hue跨站脚本漏洞 | 详情 |
6b12b7fc216d603e8e07351603851c86 | CNVD-2021-85875 (CVE-2021-29994) | 2021-11-10 07:24:45 | Cloudera Hue跨站脚本漏洞 | 详情 |
72894fb3a3538de240d2f6810aae63c9 | CNVD-2021-85892 (CVE-2021-42701) | 2021-11-10 02:38:27 | DAQFactory中间人攻击漏洞 | 详情 |
94a1f99a64ba24540cc1594d0a0b3152 | CNVD-2021-85893 (CVE-2021-42699) | 2021-11-10 02:38:26 | DAQFactory明文传输漏洞 | 详情 |
5d9bac33be8f2f88391f6de02fb89c73 | CNVD-2021-85894 (CVE-2021-42698) | 2021-11-10 02:38:24 | DAQFactory反序列化漏洞 | 详情 |
国家信息安全漏洞库(CNNVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
b5815af17792cf5abac5732bae3094e9 | CNNVD-202308-131 (CVE-2023-20215) | 2023-08-03 12:41:47 | Cisco Secure Web Appliance 安全漏洞 | 详情 |
8d98bb094a70919c9e881cc7da5898d4 | CNNVD-202308-132 (CVE-2023-20204) | 2023-08-03 12:40:44 | Cisco BroadWorks CommPilot 安全漏洞 | 详情 |
c65e18d821cb73d6036dc2df6a726951 | CNNVD-202308-123 (CVE-2023-29409) | 2023-08-02 12:45:03 | Google Golang 资源管理错误漏洞 | 详情 |
452c53b54ef3a658eaf6bd8e7d93fe05 | CNNVD-202308-124 (CVE-2023-4070) | 2023-08-02 12:44:01 | Google Chrome 安全漏洞 | 详情 |
ac7b17414d163c2f26008516638e3a99 | CNNVD-202308-125 (CVE-2023-39113) | 2023-08-02 12:42:59 | ngiflib 安全漏洞 | 详情 |
224fd467b813dbee234efe1e61e2ec66 | CNNVD-202308-126 (CVE-2023-39114) | 2023-08-02 12:42:57 | ngiflib 安全漏洞 | 详情 |
72d862f454eb3d0e4dd221413d85f6b2 | CNNVD-202308-127 (CVE-2023-1437) | 2023-08-02 12:42:55 | Advantech WebAccess/SCADA 安全漏洞 | 详情 |
a3b636c53a2116b7ab85ea0c29470e76 | CNNVD-202308-128 (CVE-2023-3329) | 2023-08-02 12:42:53 | SpiderControl SCADA Webserver 路径遍历漏洞 | 详情 |
0e8e3c3600e145e70920c2026bde8feb | CNNVD-202308-129 (CVE-2023-4069) | 2023-08-02 12:42:51 | Google Chrome 安全漏洞 | 详情 |
619ce483843859fb783525b2b8d00f59 | CNNVD-202308-130 (CVE-2023-4068) | 2023-08-02 12:41:48 | Google Chrome 安全漏洞 | 详情 |
6a73381eaa628503bd8c242cd313f005 | CNNVD-202308-057 (CVE-2023-36121) | 2023-08-01 12:48:12 | e107 跨站脚本漏洞 | 详情 |
086c171bc44677f87e0ad45c8ab5dab6 | CNNVD-202308-058 (CVE-2023-2164) | 2023-08-01 12:47:10 | GitLab 跨站脚本漏洞 | 详情 |
bc6915cfb72ce7e27f2aa64ff3a35ee2 | CNNVD-202308-059 (CVE-2023-31432) | 2023-08-01 12:47:08 | Brocade Fabric OS 安全漏洞 | 详情 |
915090fa2939ee9d9978125be4eeff27 | CNNVD-202308-060 (CVE-2023-3739) | 2023-08-01 12:46:07 | Google Chrome 安全漏洞 | 详情 |
b790441bc923d37c914ea50edcdfaa16 | CNNVD-202308-061 (CVE-2023-3385) | 2023-08-01 12:46:05 | GitLab 路径遍历漏洞 | 详情 |
a6be4479387eddda68e1c7808965c1bc | CNNVD-202308-062 (CVE-2022-40609) | 2023-08-01 12:46:03 | IBM SDK, Java Technology Edition 安全漏洞 | 详情 |
55409ee74ffe87168f7d61814b568334 | CNNVD-202308-063 (CVE-2023-31431) | 2023-08-01 12:46:02 | Brocade Fabric OS 安全漏洞 | 详情 |
a4340da9d26800c671fa800a080c3d01 | CNNVD-202308-064 (CVE-2023-36210) | 2023-08-01 12:45:00 | MotoCMS 安全漏洞 | 详情 |
d70ae2187ae1aa50a2af6befce15bfbd | CNNVD-202308-065 (CVE-2023-31428) | 2023-08-01 12:43:58 | Brocade Fabric OS 代码问题漏洞 | 详情 |
8b0e98f117732e813318bdec77d0fb4b | CNNVD-202308-066 (CVE-2023-31928) | 2023-08-01 12:42:57 | Brocade Fabric OS 跨站脚本漏洞 | 详情 |
73ffd9540daad0a04d3d54041ba9df14 | CNNVD-202307-2321 (CVE-2023-37772) | 2023-07-31 12:44:10 | Online Shopping Portal 安全漏洞 | 详情 |
10f462bbd81ee431ab32c6a160fc068d | CNNVD-202307-2322 (CVE-2023-3983) | 2023-07-31 12:44:08 | Advantech iView 安全漏洞 | 详情 |
91dcd4420b85064dbae045bceabb71b9 | CNNVD-202307-2323 (CVE-2023-37496) | 2023-07-31 12:44:07 | HCL Technologies HCL Verse 安全漏洞 | 详情 |
c81e50233ec479272b638b8dbddedeea | CNNVD-202307-2324 (CVE-2023-38989) | 2023-07-31 12:44:05 | jeesite 安全漏洞 | 详情 |
775849c6f8c5fe41588806137e12cfa8 | CNNVD-202307-2326 (CVE-2023-3462) | 2023-07-31 12:44:03 | HashiCorp Vault 安全漏洞 | 详情 |
f995ebc4f6961ed50c6d18ec0f7efcf4 | CNNVD-202307-2327 (CVE-2022-42183) | 2023-07-31 12:44:01 | Precisely Spectrum Spatial Analyst 安全漏洞 | 详情 |
67539644d8b06577c03aeab1ac018450 | CNNVD-202307-2328 (CVE-2022-42182) | 2023-07-31 12:43:59 | Precisely Spectrum Spatial Analyst 安全漏洞 | 详情 |
b61f0e730dfb90bb1c6f8f6e83508ae7 | CNNVD-202307-2329 (CVE-2023-39122) | 2023-07-31 12:43:56 | BMC Control-M 安全漏洞 | 详情 |
a09d1da1d10d2b5f823d7b8b41490660 | CNNVD-202307-2330 (CVE-2023-3825) | 2023-07-31 12:42:54 | PTC Kepware KEPServerEX 资源管理错误漏洞 | 详情 |
05caf2e95b7a0f72e0c071c443e1d82b | CNNVD-202307-2331 (CVE-2023-4033) | 2023-07-31 12:42:52 | Mlflow 操作系统命令注入漏洞 | 详情 |
奇安信 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
45ab4afdafe578698bcfccccd65d833e | yt | QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 | 详情 | |
74691465618764c64d52a2ff58013ac4 | yt | QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 | 详情 | |
6bd01daffa85191c80698354fc8e252f | wt | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 | |
7010355bb6ffff38cb1a885acf784ca7 | ft | QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 | 详情 | |
5edb21a58a7e21692bd0ddd622d39279 | St | QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 | 详情 | |
3e8973410ef7c04408d63fa10c230487 | St | QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 | 详情 | |
f749eac58b87d0954f0e4a84b5d67057 | CVE-2020-1350 | 2020-07-15 15:57:00 | QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 | 详情 |
90b93cb7073fe73b17746ac166a09637 | CVE-2020-6819, CVE-2020-6820 | 2020-04-08 10:34:35 | QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 | 详情 |
e318a5efa4803b50cdef480b90b1784d | 2020-03-25 13:58:51 | QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 | 详情 | |
cffc3035f7899495cfeae521451f91b2 | CVE-2020-0796 | 2020-03-12 10:32:09 | QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 | 详情 |
3e6175d47d17c6f94bd9ba10d81c3717 | CVE-2020-0674 | 2020-03-02 14:52:46 | QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 | 详情 |
d99d073afb7d248a8a62fb068921997f | CVE-2020-0601 | 2020-01-15 14:11:41 | QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 | 详情 |
b7b45b14a3af1225ef6eec72d74964df | CVE-2019-1367 | 2019-09-25 17:23:00 | QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 | 详情 |
504fc79f0123db109a11b149c334b75c | CVE-2019-0708 | 2019-09-09 10:20:47 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
5b727692d583d4a6e7cdb0f670eac12a | CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 | 2019-08-14 11:09:05 | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 |
54b48d765fccbc8dcfa3de0920459f8d | CVE-2019-11707 | 2019-06-19 16:53:47 | QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 | 详情 |
5b4d5fea09fbc2dca45be53f162d39de | CVE-2019-0708 | 2019-05-31 17:03:19 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
安全客 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
03afa8b4eaf4a0160784152fca5465b2 | CVE-2021-27308 | 2021-07-11 14:22:05 | 4images 跨站脚本漏洞 | 详情 |
8b0ace4c54a7fc20a99d21e294152a99 | CVE-2020-15261 | 2021-07-11 14:22:05 | Veyon Service 安全漏洞 | 详情 |
d4f12de949590ab346b61986a29d8b4d | CVE-2021-35039 | 2021-07-09 17:30:13 | Linux kernel 安全漏洞 | 详情 |
f790e7ef3b5de3774d42ee32b9b10c01 | CVE-2021-34626 | 2021-07-09 17:30:13 | WordPress 访问控制错误漏洞 | 详情 |
71bf261eb2113d5ff870ab9bafd29f55 | CVE-2021-25952 | 2021-07-09 17:30:13 | just-safe-set 安全漏洞 | 详情 |
152793cbc104933584f5f227606f433d | CVE-2021-0597 | 2021-07-09 17:30:13 | Google Android 信息泄露漏洞 | 详情 |
75f153c327984fdfdd2d9c463a91371d | CVE-2021-34430 | 2021-07-09 17:30:13 | Eclipse TinyDTLS 安全特征问题漏洞 | 详情 |
9610336f1a41241cc8edea22a2780ec5 | CVE-2021-3638 | 2021-07-09 17:30:13 | QEMU 安全漏洞 | 详情 |
92fe450ae5c5dfa48072aca79d64ba63 | CVE-2021-34614 | 2021-07-09 14:24:32 | Aruba ClearPass Policy Manager 安全漏洞 | 详情 |
680a4218fc32922746717210664a3d62 | CVE-2021-22144 | 2021-07-09 13:28:16 | Elasticsearch 安全漏洞 | 详情 |
373930f669f2c1f7b61101a925304779 | CVE-2021-24022 | 2021-07-09 13:28:16 | Fortinet FortiManager 安全漏洞 | 详情 |
8556f9cd0699f88c1f6cca9a43463bdd | CVE-2021-33012 | 2021-07-09 13:28:16 | Allen Bradley Micrologix 1100输入验证错误漏洞 | 详情 |
480ae713cc88cc0985e1ebc079974d83 | CVE-2021-0592 | 2021-07-09 13:28:16 | Google Android 安全漏洞 | 详情 |
8ef4dbefa6604ea2312621401c3ec0b9 | CVE-2021-1598 | 2021-07-09 13:28:16 | Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 | 详情 |
d6e8714c32df7a0dcc2f3910ec68b42d | CVE-2021-20782 | 2021-07-09 13:28:16 | Software License Manager 跨站请求伪造漏洞 | 详情 |
4e60b22611b8bb0fd7e532896498af29 | CVE-2021-20781 | 2021-07-09 13:28:16 | WordPress 跨站请求伪造漏洞 | 详情 |
5ca48ad58fb499c069ae0800c3b39875 | CVE-2021-32961 | 2021-07-09 13:28:16 | MDT AutoSave代码问题漏洞 | 详情 |
2ed854890b43f08e52340a1e8fe6d39f | CVE-2021-0577 | 2021-07-09 13:28:16 | Google Android 安全漏洞 | 详情 |
8d63110e1475bbd245715b2ee1824d13 | CVE-2021-31816 | 2021-07-09 13:28:16 | Octopus Server 安全漏洞 | 详情 |
72bef2ae2f5db7dd066e1cdefa618dc5 | CVE-2021-31817 | 2021-07-09 13:28:16 | Octopus Server 安全漏洞 | 详情 |
1f7369b2609dbd2cd40d091f7de540cd | CVE-2020-20217 | 2021-07-09 13:28:16 | Mikrotik RouterOs 安全漏洞 | 详情 |
1793176eecc5813c3348f026dc9909c9 | CVE-2020-28598 | 2021-07-09 13:28:16 | PrusaSlicer 安全漏洞 | 详情 |
7f4cf34ceb545548dcfcc3c0e7120268 | CVE-2021-32945 | 2021-07-09 13:28:16 | MDT AutoSave加密问题漏洞 | 详情 |
58553eb00d6e3e83b633f09464c4e98a | CVE-2021-29712 | 2021-07-09 13:28:16 | IBM InfoSphere Information Server 跨站脚本漏洞 | 详情 |
d8e27ec42fb0b89998fcc006f49b249b | CVE-2021-25432 | 2021-07-09 13:28:16 | Samsung Members 信息泄露漏洞 | 详情 |
8f2adc6c247725bf2eb7f53256c93ea7 | CVE-2021-25433 | 2021-07-09 13:28:16 | Samsung Tizen安全漏洞 | 详情 |
8f949676124339eb6f64f9c607af5470 | CVE-2021-25431 | 2021-07-09 13:28:16 | Samsung Mobile Device Cameralyzer 访问控制错误漏洞 | 详情 |
069818a8958f9c158fcb0956ee32fc03 | CVE-2021-25434 | 2021-07-09 13:28:16 | Samsung Tizen 代码注入漏洞 | 详情 |
55b9126220b9722ff5d730d3996877e9 | CVE-2021-32949 | 2021-07-09 13:28:16 | MDT AutoSave 路径遍历漏洞 | 详情 |
ebab009fffdee3d360dcdff74b0ed061 | CVE-2021-25435 | 2021-07-09 13:28:16 | Samsung Tizen代码注入漏洞 | 详情 |
斗象 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
096b6298d82574500dc1a14c9dba4065 | CVE-2022-22038, CVE-2022-22047, CVE-2022-30216, CVE-2022-22029 | 2022-07-15 00:38:28 | 微软2022年7月补丁日漏洞通告 | 详情 |
6018f718b2d751478bf1ce069ac65f0d | CVE-2022-2185 | 2022-07-01 09:02:05 | GitLab 远程代码执行漏洞(CVE-2022-2185) | 详情 |
844719cf0bb4843aff73d2f33cc6dd0b | CVE-2022-30190, CVE-2022-30136 | 2022-06-15 05:48:12 | 微软2022年6月补丁日漏洞通告 | 详情 |
8b47000e1abfbacdadb7df6f09152d89 | CVE-2022-26134 | 2022-06-03 05:48:38 | Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134) | 详情 |
eebe93468b36d2ca24cf4b82136a5635 | CVE-2022-30190 | 2022-05-31 13:57:17 | Microsoft Windows MSDT 远程代码执行漏洞(CVE-2022-30190) | 详情 |
95525e3f5907a776dc7cd4f87f2e2154 | 2022-05-23 07:11:04 | Fastjson 反序列化漏洞 | 详情 | |
945fd6e612634d9721f861833f1ecb75 | CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923 | 2022-05-11 03:45:48 | 微软2022年5月补丁日漏洞通告 | 详情 |
e2938ff82d0cc152508e0240697def4c | CVE-2022-1388 | 2022-05-06 05:53:04 | F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388) | 详情 |
bcf7253d2ee580c618737de137d370c4 | CVE-2022-29464 | 2022-04-22 02:21:17 | WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464) | 详情 |
07c09799b08afb04c63a9de750b70aca | CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904 | 2022-04-13 07:51:00 | 微软2022年4月补丁日漏洞通告 | 详情 |
f5b543501ed5679d423411edac502e24 | CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 | 2022-04-08 03:49:31 | VMware 产品多个高危漏洞通告 | 详情 |
f421bcdb306e2bc1ffbf58fcb024a0dd | 2022-03-29 17:11:30 | Spring 框架远程代码执行漏洞 | 详情 | |
0473358d95e58c7c3f2e7db0109f56f4 | 2022-03-29 17:11:30 | Spring Framework 远程代码执行漏洞(CVE-2022-22965) | 详情 | |
a888c948ca1172f8a06a3879479f1de4 | CVE-2022-22965 | 2022-03-29 17:11:30 | Spring Framework 远程代码执行漏洞(CVE-2022-22965) | 详情 |
71ed541bb737196268b75c7ba435e1a9 | 2022-03-28 04:57:30 | Spring Cloud Function SpEL表达式注入漏洞 | 详情 | |
f7a5dcd376be777c6593a29b8ebd411a | CVE-2022-0778 | 2022-03-18 07:09:22 | OpenSSL拒绝服务漏洞(CVE-2022-0778) | 详情 |
6c4124fed44906a79843cd2dd383c695 | CVE-2022-0847 | 2022-03-15 03:32:03 | Linux Kernel本地提权漏洞(CVE-2022-0847) | 详情 |
a2795e4829bff16f108cf191eba663c3 | CVE-2022-21990, CVE-2022-24508, CVE-2022-23277 | 2022-03-11 02:14:56 | 微软2022年3月补丁日漏洞通告 | 详情 |
d09f0641bf65c64a16d802cd78e14097 | CVE-2022-0847 | 2022-03-08 08:23:08 | Linux 内核本地提权漏洞(CVE-2022-0847) | 详情 |
69052e2a8c09416f5df674f92cba25a6 | CVE-2022-22947 | 2022-03-02 11:42:55 | Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947) | 详情 |
5f42b6f584a9ace426787dc8dfd6e6e5 | 2022-02-16 10:44:18 | 向日葵远程命令执行漏洞(CNVD-2022-10270) | 详情 | |
79556071f6236ab4674f75b3beee4d79 | CVE-2022-24112 | 2022-02-11 06:13:35 | Apache APISIX 远程代码执行漏洞 (CVE-2022-24112) | 详情 |
485f2c57713f4a39830e8c2d01e43cfe | CVE-2021-4034 | 2022-01-26 06:19:16 | Linux Polkit 权限提升漏洞(CVE-2021-4034) | 详情 |
0aa6eab412c0318b74c6a470ee774df1 | CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 | 2022-01-12 03:44:50 | 微软2022年1月补丁日漏洞通告 | 详情 |
88a8c676b52a739c0335d7c21ca810a9 | 2022-01-06 08:19:17 | MeterSphere 远程代码执行漏洞 | 详情 | |
76cad61d2d5a8750a6a714ab2c6dbc97 | CVE-2021-45232 | 2021-12-28 10:31:16 | Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) | 详情 |
af4f5f63390eb00de8705b5029d8c376 | CVE-2021-44228, CVE-2021-45046 | 2021-12-14 01:56:52 | Apache Log4j 远程代码执行漏洞 | 详情 |
43456ae172e45c12087c40c03d925e0e | CVE-2021-44228 | 2021-12-11 03:21:34 | Apache Log4j 远程代码执行漏洞 | 详情 |
392b133d98d6f61aee36ce6c8784f4df | 2021-12-09 15:20:54 | Apache Log4j 远程代码执行漏洞 | 详情 | |
1e193280a8f45427c06cb4945be4f126 | 2021-12-07 06:48:55 | Grafana 任意文件读取漏洞 | 详情 |
红后 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
6fa0a347889bf0da0cae47ef068a6a99 | CVE-2023-32836 | 2023-11-16 21:05:37 | GOOGLE ANDROID Vulnerability | 详情 |
49751f9f84ed69956c96cc87959ec666 | CVE-2021-22499 | 2023-11-16 21:05:34 | Micro Focus Application Performance Management 跨站脚本漏洞 | 详情 |
eaa040f80d817832a627456843d3e24c | CVE-2021-23883 | 2023-11-16 21:05:33 | 迈克菲 McAfee Endpoint Security 代码问题漏洞 | 详情 |
d52ddce51389f668d6fad6e7044bd974 | CVE-2021-23878 | 2023-11-16 21:05:33 | 迈克菲 McAfee Endpoint Security 加密问题漏洞 | 详情 |
b62432054e9970a34c4d9e4d9efd1075 | CVE-2023-32838 | 2023-11-16 21:05:33 | GOOGLE ANDROID Vulnerability | 详情 |
162855c32b8e1a1dafd6ef3e7a3b3da8 | CVE-2022-43554 | 2023-11-16 21:05:33 | IVANTI AVALANCHE Vulnerability | 详情 |
dff8e982c8571446fc1d46fdb5263781 | CVE-2021-21019 | 2023-11-16 21:05:33 | Adobe Magento 注入漏洞 | 详情 |
5c28bf13629d4240819bb4f492d588a9 | CVE-2022-34396 | 2023-11-15 21:56:12 | DELL OPENMANAGE_SERVER_ADMINISTRATOR Vulnerability | 详情 |
8876fd1be50182e42f17aaf033bfaf25 | CVE-2022-45098 | 2023-11-15 21:56:10 | DELL EMC_POWERSCALE_ONEFS Vulnerability | 详情 |
d8a4cb7ca4e0f29533302f9f97f22a55 | CVE-2022-45102 | 2023-11-15 21:55:56 | DELL Multiple product Vulnerability | 详情 |
72e081fb5149198ecc92f3f06383f0d5 | CVE-2023-0512 | 2023-11-15 21:55:53 | VIM VIM Vulnerability | 详情 |
741e4f08caf4baef7072136884f07ae6 | CVE-2023-24829 | 2023-11-15 21:55:48 | APACHE IOTDB Vulnerability | 详情 |
06eca26d44409544e5ec96702bf85ce0 | CVE-2023-23628 | 2023-11-15 21:54:44 | METABASE METABASE Vulnerability | 详情 |
830da4b9e4f027d37c9e39125a30cc18 | CVE-2022-3488 | 2023-11-15 21:54:27 | ISC BIND Vulnerability | 详情 |
93ceb6d645101eee2b05535717260299 | CVE-2022-45808 | 2023-11-15 21:54:21 | THIMPRESS LEARNPRESS Vulnerability | 详情 |
d79756a4e0c6522a5ba958c82d0b4c88 | CVE-2023-22482 | 2023-11-15 21:54:17 | LINUXFOUNDATION ARGO-CD Vulnerability | 详情 |
1c317622086c85695ff9266e3c5cf66f | CVE-2022-4323 | 2023-11-15 21:54:16 | SUMO GOOGLE_ANALYTICATOR Vulnerability | 详情 |
6e8e12e7cd90fd6550e5cef8c12a4a50 | CVE-2023-24069 | 2023-11-15 21:54:13 | SIGNAL SIGNAL-DESKTOP Vulnerability | 详情 |
de78bbaf8c5f6d744b657b8b7733d20e | CVE-2023-24044 | 2023-11-15 21:54:12 | PLESK OBSIDIAN Vulnerability | 详情 |
44e1e95916d186bbbc5cabca01532712 | CVE-2022-41733 | 2023-11-15 21:54:05 | IBM INFOSPHERE_INFORMATION_SERVER Vulnerability | 详情 |
136d79ca309f157fcf93764b6993609c | CVE-2022-20752 | 2023-11-15 20:59:35 | Cisco Unified Communications Manager 和 Cisco Unity Connection安全漏洞 | 详情 |
cfa598cc25996bf7c25d8622f86868f3 | CVE-2022-32208 | 2023-11-15 20:59:35 | curl 缓冲区错误漏洞 | 详情 |
5dc2248c28a031fb6cb3e94f714da748 | CVE-2021-31677 | 2023-11-15 20:59:35 | PESCMS 跨站请求伪造漏洞 | 详情 |
2df25199d06527c66c1929ede927aa18 | CVE-2022-20800 | 2023-11-15 20:59:35 | Cisco Unified Communications Manager 跨站脚本漏洞 | 详情 |
537152d5106a70b12b4e0204db3ba5b3 | CVE-2022-2304 | 2023-11-15 20:59:34 | Vim 安全漏洞 | 详情 |
dee30b1a759cdba8cda08222c3b6cf63 | CVE-2022-2309 | 2023-11-15 20:59:34 | lxml 和 libxml2 代码问题漏洞 | 详情 |
edc189cc3f6caea2e67f158e0f93dd19 | CVE-2022-31116 | 2023-11-15 20:59:34 | UltraJSON 其他漏洞 | 详情 |
3e53baf169ff30745b9dfa6f9505233b | CVE-2022-20791 | 2023-11-15 20:59:26 | Cisco Unified Communications Manager 路径遍历漏洞 | 详情 |
6ae237378a32e08e6f0495fa3dbce32b | CVE-2022-20812 | 2023-11-15 20:59:26 | Cisco Expressway Series 和 Cisco TelePresence Video Communication Server 路径遍历漏洞 | 详情 |
a2523ef82d3016d54faf64dd9af12f3f | CVE-2022-31129 | 2023-11-15 20:59:26 | Moment.js 资源管理错误漏洞 | 详情 |
绿盟 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
5d4011ca3e542aa85f2fcf7b406e1375 | CVE-2024-1237 | 2024-04-30 03:24:42 | WordPress Elementor Header & Footer Builder Plugin跨站脚本漏洞 | 详情 |
5e4887c8a36891f4c9662ff046faff4d | CVE-2024-1234 | 2024-04-30 03:24:42 | WordPress Exclusive Addons for Elementor Plugin跨站脚本漏洞 | 详情 |
a90456f5bdf04538f64f485b0d9d45d0 | CVE-2024-1203 | 2024-04-30 03:24:42 | WordPress Conversios Plugin SQL注入漏洞 | 详情 |
cbe4016c226e1fcd697b0b1a1ef33fd3 | CVE-2024-1176 | 2024-04-30 03:24:42 | WordPress HT Easy GA4 – Google Analytics Plugin未经授权数据访问漏洞 | 详情 |
5138e8a59588f2fdfb6e58cff33882b0 | CVE-2024-1158 | 2024-04-30 03:24:42 | WordPress Post Form Plugin未经授权数据访问漏洞 | 详情 |
152a7bb91f87e8da910d97151ed7ac6c | CVE-2024-1293 | 2024-04-30 03:24:42 | WordPress Brizy – Page Builder Plugin跨站脚本漏洞 | 详情 |
17def008fc2e8dd8b4415244a2cfb72c | CVE-2024-1291 | 2024-04-30 03:24:42 | WordPress Brizy – Page Builder Plugin跨站脚本漏洞 | 详情 |
01f6c023aab5ca9de3a428fe2ebbf938 | CVE-2024-1311 | 2024-04-30 03:24:42 | WordPress Brizy – Page Builder Plugin任意文件上传漏洞 | 详情 |
614cbb75e91c0d1286da303e42b60e70 | CVE-2024-1296 | 2024-04-30 03:24:42 | WordPress Brizy – Page Builder Plugin跨站脚本漏洞 | 详情 |
c3f6e3bb8498997f29d786ca0343fbf9 | CVE-2024-0828 | 2024-04-29 07:21:25 | WordPress Play.ht Plugin未经授权访问漏洞 | 详情 |
4d745deab91d6efa260ca1fbe5ff8222 | CVE-2024-0700 | 2024-04-29 07:21:25 | WordPress Play.ht Plugin跨站请求伪造漏洞 | 详情 |
c396cd275f51f52d411efdb5d6973591 | CVE-2024-0829 | 2024-04-29 07:21:25 | WordPress Comments Extra Fields For Post,Pages and CPT授权错误漏洞 | 详情 |
eb847a8d81032b0fd875935860aae3b1 | CVE-2024-0631 | 2024-04-29 07:21:25 | WordPress Duitku Payment Gateway Plugin未经授权数据修改漏洞 | 详情 |
175f8e13884b580692e6f781c36e1188 | CVE-2024-0700 | 2024-04-29 07:21:25 | WordPress Simple Tweet Plugin跨站脚本漏洞 | 详情 |
e92fd641aacf64338e4cd75aca05ede9 | CVE-2024-0614 | 2024-04-29 07:21:25 | WordPress Events Manager Plugin跨站脚本漏洞 | 详情 |
ffec44b7c9b5c454820a34ea7e81d75b | CVE-2024-0897 | 2024-04-29 07:21:25 | WordPress Beaver Builder Plugin跨站脚本漏洞 | 详情 |
de900c571fcdae243929e25e28f0954b | CVE-2024-0681 | 2024-04-29 07:21:25 | WordPress Page Restriction WordPress Plugin信息泄露漏洞 | 详情 |
516fe54989515b0ef3d280009280faff | CVE-2024-0830 | 2024-04-29 07:21:25 | WordPress Comments Extra Fields For Post,Pages and CPT跨站请求伪造漏洞 | 详情 |
fb829fb4be9e40c8717093e6d744e51b | CVE-2024-0871 | 2024-04-29 07:21:25 | WordPress Beaver Builder Plugin跨站脚本漏洞 | 详情 |
23ad19b0d9a1f1e2b8fc9a36f974020c | CVE-2024-0326 | 2024-04-29 07:21:25 | WordPress Premium Addons for Elementor Plugin跨站脚本漏洞 | 详情 |
9b5c752a63498554fc69f7d39240d962 | CVE-2024-0591 | 2024-04-29 07:21:25 | WordPress wpDataTables Plugin跨站脚本漏洞 | 详情 |
c8685b500771219df8138e15650719b9 | CVE-2023-7015 | 2024-04-29 07:21:25 | WordPress File Manager Pro Plugin跨站脚本漏洞 | 详情 |
ca35e15ca9dcb390a48b602cb6aef85e | CVE-2024-1071 | 2024-04-29 07:21:25 | WordPress Ultimate Member Plugin SQL注入漏洞 | 详情 |
a76fd9fd1b320ffb3a2ec5253cc8e13b | CVE-2024-0976 | 2024-04-29 07:21:25 | WordPress WP Event Manager Plugin跨站脚本漏洞 | 详情 |
cdf22a4762a00b817b34982257e1611a | CVE-2023-51698 | 2024-04-29 03:24:42 | MATE Desktop Atril 操作系统命令注入漏洞 | 详情 |
05b8250fda511d5eb2bbaae002f809c8 | CVE-2024-0467 | 2024-04-29 03:24:42 | Employee Profile Management System跨站脚本漏洞 | 详情 |
86672e745e4a1326778264bc68d88e61 | CVE-2010-10011 | 2024-04-29 03:24:42 | Acritum Femitter Server路径遍历漏洞 | 详情 |
d8c2187333424069680d896e5e9ca3e3 | CVE-2024-0466 | 2024-04-29 03:24:42 | Employee Profile Management System SQL注入漏洞 | 详情 |
152510ee40988d3c5b0ecfe958967ad3 | CVE-2024-0465 | 2024-04-29 03:24:42 | Employee Profile Management System路径遍历漏洞(CVE-2024-0465 ) | 详情 |
63936b54f826345e37697c2a78d9d27a | CVE-2024-0464 | 2024-04-29 03:24:42 | Online Faculty Clearance SQL注入漏洞 | 详情 |
美国国家漏洞数据库(NVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
c6b3897e8411249dddc03a2582c3afdc | CVE-2023-45955 | 2023-10-31 18:15:08 | An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands. | 详情 |
752c86d745d9d6748f49970fc6c72bf7 | CVE-2022-48189 | 2023-10-30 15:15:39 | An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | 详情 |
8e0bb5e55759a9b19da4ce8a5bf48799 | CVE-2022-4573 | 2023-10-30 15:15:39 | An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code. | 详情 |
790b026d2f9b8a38a121baf7cc9fbbe2 | CVE-2023-45797 | 2023-10-30 07:15:12 | A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code. | 详情 |
9fee627171b8e0c7c2f065dae65c293c | CVE-2023-46468 | 2023-10-28 01:15:51 | An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function. | 详情 |
1f2c404d06acfac83f7761c8ab878dee | CVE-2023-43322 | 2023-10-28 01:15:51 | ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/. | 详情 |
eea9f6fc871d45cb3672714124c1d416 | CVE-2023-46211 | 2023-10-27 21:15:09 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <=Â 3.19.14 versions. | 详情 |
8496e7ff58df6fda25c681900fb6dfb8 | CVE-2023-46209 | 2023-10-27 21:15:09 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus – Unlimited grid plugin <= 1.3.2 versions. | 详情 |
751468e26927001b02f1b97a3d980488 | CVE-2023-46208 | 2023-10-27 21:15:09 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions. | 详情 |
26e1875553f4c463d954949d41128765 | CVE-2023-46200 | 2023-10-27 21:15:09 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <=Â 1.1.3 versions. | 详情 |
a86c2cbf359259b1e38cd6e0c560a363 | CVE-2023-46509 | 2023-10-27 21:15:09 | An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. | 详情 |
c608240b549dc25f03e04b5397e48e1b | CVE-2023-46199 | 2023-10-27 08:15:31 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Triberr plugin <=Â 4.1.1 versions. | 详情 |
c4bd3098463c3624a284c838fd6ecb48 | CVE-2023-46194 | 2023-10-27 08:15:31 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.5 versions. | 详情 |
e79edbb292a519fa08055a884d86921e | CVE-2023-46192 | 2023-10-27 08:15:31 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <=Â 1.2.3 versions. | 详情 |
528422b82114eedfc8a332c895b5d475 | CVE-2023-46504 | 2023-10-27 04:15:10 | Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component. | 详情 |
4b4a8cd15c35de7b7cb3e0f5110f178b | CVE-2023-46503 | 2023-10-27 04:15:10 | Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules. | 详情 |
9637804577e375e89e0c34d1e9dc7daa | CVE-2023-46505 | 2023-10-27 01:15:32 | Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacker to execute arbitrary code via the content1 parameter in the demo.php file. | 详情 |
ccc0d1dc9e1e6371fc7ed4a7e6bc67c9 | CVE-2023-46491 | 2023-10-27 00:15:09 | ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library. | 详情 |
925767e89590e6107a882a20468a3153 | CVE-2023-42188 | 2023-10-27 00:15:09 | IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF). | 详情 |
8affd999965e83dbd42583837011424c | CVE-2023-42406 | 2023-10-26 22:15:08 | SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component. | 详情 |
7d0ccfb0da7a7225f1fd25c20c95a57e | CVE-2023-46435 | 2023-10-26 18:15:08 | Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id. | 详情 |
0ab665a469513a0f70af2e1f17519e41 | CVE-2023-5792 | 2023-10-26 17:15:10 | A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243598 is the identifier assigned to this vulnerability. | 详情 |
692b9ba4d9cf7c90b6a3e5b8396a5302 | CVE-2023-5791 | 2023-10-26 17:15:10 | A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243597 was assigned to this vulnerability. | 详情 |
7e262fff58c0ebc8ddc6cdfb7535d7e2 | CVE-2023-5790 | 2023-10-26 17:15:10 | A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595. | 详情 |
c643f1003e7a0ee28d9e54cda26d6b85 | CVE-2023-43208 | 2023-10-26 17:15:09 | NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679. | 详情 |
3d3bc04cd7ec7fdf5aaaa0aa0a140b90 | CVE-2023-46450 | 2023-10-26 15:15:09 | Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function. | 详情 |
844b1b549a5543c879cdc68d7237f444 | CVE-2023-46449 | 2023-10-26 15:15:09 | Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function. | 详情 |
f494a8af43bc7ce0e5b6f1d2f18f3740 | CVE-2023-46081 | 2023-10-26 13:15:09 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <=Â 1.1.34 versions. | 详情 |
3a451401fdd162ad57ab72c2f5d7b984 | CVE-2023-46077 | 2023-10-26 13:15:09 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions. | 详情 |
428d0a0df20b616e36d68a5b76023a38 | CVE-2023-46076 | 2023-10-26 13:15:09 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <=Â 1.2.102 versions. | 详情 |
团队GitHub | 团队公众号 |