360 网络安全响应中心 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
4d42b2e96c478df11ac597898d1526f0 | 2024-04-17 11:18:19 | 2024-04 补丁日: Oracle多个产品漏洞安全风险通告 | 详情 | |
448cfa0216a0757ec96f5862f86eafd4 | 2024-04-01 10:42:50 | 安全事件周报 2024-03-25 第13周 | 详情 | |
1205680821e2717a58c599f99a9fb422 | 2024-03-26 07:23:13 | 安全事件周报 2024-03-18 第12周 | 详情 | |
2e93df858fc2c5b287883dc9313a87fc | 2024-03-18 07:07:47 | 安全事件周报 2024-03-11 第11周 | 详情 | |
c1cad147c12a38c089cd941022bc395e | 2024-03-13 04:34:11 | 2024-03 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
7119e349c423ea015d6f2a824c67ed63 | 2024-03-11 06:17:28 | 安全事件周报 2024-03-04 第10周 | 详情 | |
b2c0e23dcf540c0b5d2bb144ceade98d | CVE-2024-27198 | 2024-03-06 08:44:35 | CVE-2024-27198:JetBrains TeamCity 身份验证绕过漏洞通告 | 详情 |
5e103cbd4bae3244e692ba33c1d7fcf8 | 2024-03-04 07:07:59 | 安全事件周报 2024-02-26 第9周 | 详情 | |
cab02a763bf285b3dc009731f40f8c29 | CVE-2024-25065 | 2024-03-01 09:06:25 | CVE-2024-25065:Apache OFBiz目录遍历漏洞通告 | 详情 |
194761e30d263596338cc998ac88cbaa | 2024-02-28 08:51:55 | SupermanMiner挖矿木马新变种持续活跃 | 详情 | |
213a4c5c76a220c24da1c38c605fcc10 | CVE-2024-25600 | 2024-02-27 09:55:55 | CVE-2024-25600:WordPress Bricks Builder远程命令执行漏洞通告 | 详情 |
bc2c3923f651854c68f2dd6f99d69f0a | 2024-02-26 03:00:09 | 安全事件周报 2024-02-19 第8周 | 详情 | |
55c72f6f2af616fbddbb643df06c3b3a | CVE-2024-21413 | 2024-02-23 06:57:46 | CVE-2024-21413:Microsoft Outlook 远程代码执行漏洞通告 | 详情 |
f000a20bfa53fd8b0f5231b52ff34577 | 2024-02-19 10:10:13 | 2024-02 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
48ff3925c0cc22862b0d6e1f52140bdc | 2024-02-06 07:10:07 | 安全事件周报 2024-01-29 第5周 | 详情 | |
d8c34853fbcc6b39ae0a3783c6fa6d44 | CVE-2024-21626 | 2024-02-01 08:38:56 | CVE-2024-21626:runc容器逃逸漏洞通告 | 详情 |
6ff357e8344fde5ea96c964cc0161137 | 2024-01-29 10:02:54 | 安全事件周报 2024-01-22 第4周 | 详情 | |
8fc558ad63c1387fb3ed919bf754820e | CVE-2024-0204 | 2024-01-25 08:26:39 | CVE-2024-0204:GoAnywhere MFT 身份认证绕过漏洞通告 | 详情 |
f4359caac3c70e9141439aa773e1e8a5 | 2024-01-22 11:39:38 | 安全事件周报 2024-01-15 第3周 | 详情 | |
4939f25b3f3d3242726cd400c645be04 | CVE-2024-0519 | 2024-01-17 09:08:07 | CVE-2024-0519:Google Chrome V8越界访问漏洞通告 | 详情 |
300687d61adecf75afb4de6d78398518 | CVE-2024-0519 | 2024-01-17 08:09:14 | CVE-2024-0519:Google Chrome V8类型混淆漏洞通告 | 详情 |
28f74976e64bebdcd2b71df42f44817e | CVE-2023-22527 | 2024-01-16 09:50:35 | CVE-2023-22527:Atlassian Confluence 远程代码执行漏洞通告 | 详情 |
ec39eae21390157f92422897b04aad66 | 2024-01-15 08:28:24 | 安全事件周报 2024-01-08 第2周 | 详情 | |
de12aee5eaff6382190430b22e2c643f | 2024-01-11 10:55:37 | 2024-01 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
c2b35c67c2732343be5c23579ebcdd04 | 2024-01-08 07:37:47 | 安全事件周报 2024-01-01 第1周 | 详情 | |
666a3a36b86650d472f7203220b3a4f5 | 2024-01-02 09:34:01 | 安全事件周报 2023-12-25 第52周 | 详情 | |
f91862c02f62f7f8e9d01e209e59487b | CVE-2023-51467 | 2023-12-27 08:57:10 | CVE-2023-51467:Apache OFBiz 未授权远程代码执行漏洞通告 | 详情 |
0c520d1f3614bc8cba4450fee6f03f5d | 2023-12-25 08:21:40 | 安全事件周报 2023-12-18 第51周 | 详情 | |
ffb5d5f9ba0fa1576f9bd8325a8d3e66 | 2023-12-18 08:50:39 | 安全事件周报 2023-12-11 第50周 | 详情 | |
382c73d6388430b9cea6072c6c61858e | 2023-12-13 08:50:10 | 2023-12 补丁日: 微软多个漏洞安全更新通告 | 详情 |
Tenable (Nessus) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
e9481aacbbb9dfafb69df26298c73a28 | CVE-2024-20313 | 2024-04-24 21:15:46 | A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | 详情 |
a5ed40f8065258a4d99c4e2e7be059f3 | CVE-2023-20249 | 2024-04-24 21:15:46 | A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 详情 |
b8a713de6ca0698ed9a494397e785971 | CVE-2023-20248 | 2024-04-24 21:15:46 | A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 详情 |
02e8b8c195e240d84e9700369e27e27b | CVE-2024-4127 | 2024-04-24 20:15:08 | A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is the function guestWifiRuleRefresh. The manipulation of the argument qosGuestDownstream leads to stack-based buffer overflow. It is possible to launch the attack remotely. VDB-261870 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 详情 |
9b6e1e8547160833b0e1f1a6264099b7 | CVE-2024-4126 | 2024-04-24 20:15:08 | A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument manualTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261869 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 详情 |
18fe54b9e7126e62fd241cc628ea50ae | CVE-2024-32879 | 2024-04-24 20:15:07 | Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field. | 详情 |
1aa6f2d5e84aa1a130f3ecd06984ef6f | CVE-2024-20358 | 2024-04-24 20:15:07 | A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability exists because the contents of a backup file are improperly sanitized at restore time. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as root. | 详情 |
e298b5890aab77b846a4ee4343b71a30 | CVE-2024-20356 | 2024-04-24 20:15:07 | A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root. | 详情 |
ef2542d61fa43716271a236b1da93dc7 | CVE-2024-20295 | 2024-04-24 20:15:07 | A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | 详情 |
cb2e14c07e543abe95671cb4d31df54d | CVE-2024-4141 | 2024-04-24 19:15:47 | Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. | 详情 |
c4f42f50cb20a189a9d3a6d63affc7f7 | CVE-2024-4093 | 2024-04-24 01:15:49 | A vulnerability, which was classified as critical, was found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file view_application.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261822 is the identifier assigned to this vulnerability. | 详情 |
f049ed359656e4e3680f60c27e0342fb | CVE-2024-4075 | 2024-04-23 23:15:49 | A vulnerability classified as problematic has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file login.php. The manipulation of the argument txtAddress leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261801 was assigned to this vulnerability. | 详情 |
f2a74e88fe079dfd3da34375264be37e | CVE-2024-4074 | 2024-04-23 23:15:49 | A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file prodInfo.php. The manipulation of the argument prodId leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261800. | 详情 |
679081a1f4a307a7db3fb96bf23967c7 | CVE-2024-4073 | 2024-04-23 23:15:49 | A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file prodList.php. The manipulation of the argument prodType leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261799. | 详情 |
5e269ee38b0fe8b082603254602fe56d | CVE-2024-4072 | 2024-04-23 23:15:49 | A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been classified as problematic. Affected is an unknown function of the file search.php. The manipulation of the argument txtSearch leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261798 is the identifier assigned to this vulnerability. | 详情 |
46f5b5da2a7a3953efe6aa21c1586969 | CVE-2024-4071 | 2024-04-23 22:15:07 | A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This issue affects some unknown processing of the file prodInfo.php. The manipulation of the argument prodId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261797 was assigned to this vulnerability. | 详情 |
dd085a1fb8a511c140a3a06e95554a4a | CVE-2024-4070 | 2024-04-23 22:15:07 | A vulnerability has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file prodList.php. The manipulation of the argument prodType leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261796. | 详情 |
272bff879aaa3496118eec16a1589f82 | CVE-2024-4069 | 2024-04-23 22:15:07 | A vulnerability, which was classified as critical, was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file search.php. The manipulation of the argument txtSearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261795. | 详情 |
b4276f8e76a4b5f796add6232ecad276 | CVE-2024-31616 | 2024-04-23 22:15:07 | An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the common_quick_config.lua file. | 详情 |
0412f7e086f1a77f801f7543c17d0e67 | CVE-2024-30886 | 2024-04-23 22:15:07 | A stored cross-site scripting (XSS) vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter. | 详情 |
77e33783c65fb599dd25a95235f2bee9 | CVE-2024-3177 | 2024-04-22 23:15:51 | A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated. | 详情 |
280b2b1c7479b8e43c50efa9161e532c | CVE-2024-32657 | 2024-04-22 23:15:50 | Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is serving NixOS `.iso` files. The issue is only with html files served by Hydra. The issue has been patched on https://hydra.nixos.org around 2024-04-21 14:30 UTC. The nixpkgs package were fixed in unstable and 23.11. Users with custom Hydra packages can apply the fix commit to their local installations. The vulnerability is only triggered when opening HTML build artifacts, so not opening them until the vulnerability is fixed works around the issue. | 详情 |
62e666b89f29ff2e4e2b22e4bf0e0a42 | CVE-2024-32656 | 2024-04-22 23:15:50 | Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. This vulnerability is nearly identical to the local privilege escalation vulnerability CVE-2023-26269 identified in Apache James. Any unprivileged operating system user can connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. This allows an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the `antmedia` service account on the system. Version 2.9.0 contains a patch for the issue. As a workaround, one may remove certain parameters from the `antmedia.service` file. | 详情 |
554a0ac02706303dcded2a7cd054af14 | CVE-2024-32653 | 2024-04-22 23:15:50 | jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for the vulnerability. | 详情 |
4aa135259bd73194edced3140171ead9 | CVE-2024-32480 | 2024-04-22 23:15:50 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue. | 详情 |
298f54b7417e20b3553b685ca66b2161 | CVE-2024-32479 | 2024-04-22 22:15:08 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability. | 详情 |
9eccda989b666a21ac84d2c831c4a697 | CVE-2024-32461 | 2024-04-22 22:15:07 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability. | 详情 |
bee4c8ac511f12f49530a9e00ba8a753 | CVE-2024-32460 | 2024-04-22 22:15:07 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support. | 详情 |
01a245df26fca613f715f7ac0a80509e | CVE-2024-32459 | 2024-04-22 22:15:07 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available. | 详情 |
52ee009d2daa91b59134b9d4ea4cdf3f | CVE-2024-31036 | 2024-04-22 22:15:07 | A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams. | 详情 |
国家信息安全漏洞共享平台(CNVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
8686fda9b2b49e4e1666b54e2248f935 | CNVD-2021-74882 | 2021-11-14 16:43:52 | 四创科技有限公司建站系统存在SQL注入漏洞 | 详情 |
8f6972d84ad188b05ff9cc14d4334949 | CNVD-2021-87021 (CVE-2020-4690) | 2021-11-12 12:43:14 | IBM Security Guardium硬编码凭证漏洞 | 详情 |
3bfe7b053a0c59d8a3d38c18f86aa143 | CNVD-2021-87022 (CVE-2021-38870) | 2021-11-12 12:43:12 | IBM Aspera跨站脚本漏洞 | 详情 |
a4649bb17f4db4d1c7f879ebceb46ed0 | CNVD-2021-87011 (CVE-2021-29753) | 2021-11-12 12:43:11 | IBM Business Automation Workflow存在未明漏洞 | 详情 |
094c613f9ed4b8b9d887dc912789043c | CNVD-2021-87025 (CVE-2021-20563) | 2021-11-12 12:43:10 | IBM Sterling File Gateway信息泄露漏洞 | 详情 |
41c47f01a4c65dcb6efc9ebf483fe762 | CNVD-2021-87010 (CVE-2021-38887) | 2021-11-12 12:43:08 | IBM InfoSphere Information Server信息泄露漏洞 | 详情 |
f51d33e7a09fd61ca90ede453515a830 | CNVD-2021-87016 (CVE-2021-29764) | 2021-11-12 12:43:07 | IBM Sterling B2B Integrator跨站脚本漏洞 | 详情 |
33615a5f78df822e82e6d3436045c48c | CNVD-2021-87026 (CVE-2021-38877) | 2021-11-12 12:43:06 | IBM Jazz for Service Management跨站脚本漏洞 | 详情 |
8e729177bcb4105dd831fb1e123ed1bb | CNVD-2021-87014 (CVE-2021-29679) | 2021-11-12 12:43:04 | IBM Cognos Analytics远程代码执行漏洞 | 详情 |
1a3b856f78e9fbdca12aeddc7d665aca | CNVD-2021-87029 (CVE-2021-29752) | 2021-11-12 12:43:03 | IBM Db2信息泄露漏洞 | 详情 |
6f1aa3a0cb819d97519baa47fd0232d5 | CNVD-2021-87015 (CVE-2021-29745) | 2021-11-12 12:43:02 | IBM Cognos Analytics权限提升漏洞 | 详情 |
cbcb12f5f51d6e7d6d8a9fa581aa863a | CNVD-2021-73908 | 2021-11-11 16:42:44 | 泛微e-cology存在SQL注入漏洞 | 详情 |
ae6fd467da55de31aa7219187cf5c2d4 | CNVD-2021-86904 (CVE-2021-20351) | 2021-11-11 08:31:46 | IBM Engineering跨站脚本漏洞 | 详情 |
412a15b40959ed9cf9330ee79f99e079 | CNVD-2021-86903 (CVE-2021-31173) | 2021-11-11 08:31:44 | Microsoft SharePoint Server信息泄露漏洞 | 详情 |
1cbc5d5faac431d3e82c9e5ea9588b5f | CNVD-2021-86902 (CVE-2021-31172) | 2021-11-11 08:31:43 | Microsoft SharePoint欺骗漏洞 | 详情 |
686c7cfb20933b41c3d679cbba79a2ad | CNVD-2021-86901 (CVE-2021-31181) | 2021-11-11 08:31:42 | Microsoft SharePoint远程代码执行漏洞 | 详情 |
72fdfb2d44c0d41d638e4632bdfc10b8 | CNVD-2021-86900 (CVE-2021-3561) | 2021-11-11 08:31:41 | fig2dev缓冲区溢出漏洞 | 详情 |
3ba6f0e9394f9414e2cadb9495e2d5f5 | CNVD-2021-85884 (CVE-2021-41210) | 2021-11-10 07:24:57 | Google TensorFlow堆分配数组越界读取漏洞 | 详情 |
4d8c4744ea972fb2fcb9673fea1fc7b7 | CNVD-2021-85883 (CVE-2021-41226) | 2021-11-10 07:24:56 | Google TensorFlow堆越界访问漏洞 | 详情 |
8778f9cd924cae585ca5e2e0b8be3b3f | CNVD-2021-85882 (CVE-2021-41224) | 2021-11-10 07:24:54 | Google TensorFlow堆越界访问漏洞 | 详情 |
e1b2722e6d5c509c680b584416d9cb20 | CNVD-2021-85881 (CVE-2021-42770) | 2021-11-10 07:24:53 | OPNsense跨站脚本漏洞 | 详情 |
ed09c9fa5586e2d4d9b4e95fe3b447a0 | CNVD-2021-85880 (CVE-2021-28024) | 2021-11-10 07:24:52 | ServiceTonic访问控制不当漏洞 | 详情 |
8a642f0922f7f915e81b2b947276a96c | CNVD-2021-85879 (CVE-2021-28023) | 2021-11-10 07:24:50 | ServiceTonic任意文件上传漏洞 | 详情 |
c00b061c2cfdee4016a869a188135db5 | CNVD-2021-85878 (CVE-2021-28022) | 2021-11-10 07:24:49 | ServiceTonic SQL注入漏洞 | 详情 |
9c4b20a28ad2bd4ab916448f0e1272bd | CNVD-2021-85877 (CVE-2021-32483) | 2021-11-10 07:24:48 | Cloudera Manager不正确访问控制漏洞 | 详情 |
4d4423857b7b1f38e49738f00e8949ba | CNVD-2021-85876 (CVE-2021-32481) | 2021-11-10 07:24:46 | Cloudera Hue跨站脚本漏洞 | 详情 |
6b12b7fc216d603e8e07351603851c86 | CNVD-2021-85875 (CVE-2021-29994) | 2021-11-10 07:24:45 | Cloudera Hue跨站脚本漏洞 | 详情 |
72894fb3a3538de240d2f6810aae63c9 | CNVD-2021-85892 (CVE-2021-42701) | 2021-11-10 02:38:27 | DAQFactory中间人攻击漏洞 | 详情 |
94a1f99a64ba24540cc1594d0a0b3152 | CNVD-2021-85893 (CVE-2021-42699) | 2021-11-10 02:38:26 | DAQFactory明文传输漏洞 | 详情 |
5d9bac33be8f2f88391f6de02fb89c73 | CNVD-2021-85894 (CVE-2021-42698) | 2021-11-10 02:38:24 | DAQFactory反序列化漏洞 | 详情 |
国家信息安全漏洞库(CNNVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
b5815af17792cf5abac5732bae3094e9 | CNNVD-202308-131 (CVE-2023-20215) | 2023-08-03 12:41:47 | Cisco Secure Web Appliance 安全漏洞 | 详情 |
8d98bb094a70919c9e881cc7da5898d4 | CNNVD-202308-132 (CVE-2023-20204) | 2023-08-03 12:40:44 | Cisco BroadWorks CommPilot 安全漏洞 | 详情 |
c65e18d821cb73d6036dc2df6a726951 | CNNVD-202308-123 (CVE-2023-29409) | 2023-08-02 12:45:03 | Google Golang 资源管理错误漏洞 | 详情 |
452c53b54ef3a658eaf6bd8e7d93fe05 | CNNVD-202308-124 (CVE-2023-4070) | 2023-08-02 12:44:01 | Google Chrome 安全漏洞 | 详情 |
ac7b17414d163c2f26008516638e3a99 | CNNVD-202308-125 (CVE-2023-39113) | 2023-08-02 12:42:59 | ngiflib 安全漏洞 | 详情 |
224fd467b813dbee234efe1e61e2ec66 | CNNVD-202308-126 (CVE-2023-39114) | 2023-08-02 12:42:57 | ngiflib 安全漏洞 | 详情 |
72d862f454eb3d0e4dd221413d85f6b2 | CNNVD-202308-127 (CVE-2023-1437) | 2023-08-02 12:42:55 | Advantech WebAccess/SCADA 安全漏洞 | 详情 |
a3b636c53a2116b7ab85ea0c29470e76 | CNNVD-202308-128 (CVE-2023-3329) | 2023-08-02 12:42:53 | SpiderControl SCADA Webserver 路径遍历漏洞 | 详情 |
0e8e3c3600e145e70920c2026bde8feb | CNNVD-202308-129 (CVE-2023-4069) | 2023-08-02 12:42:51 | Google Chrome 安全漏洞 | 详情 |
619ce483843859fb783525b2b8d00f59 | CNNVD-202308-130 (CVE-2023-4068) | 2023-08-02 12:41:48 | Google Chrome 安全漏洞 | 详情 |
6a73381eaa628503bd8c242cd313f005 | CNNVD-202308-057 (CVE-2023-36121) | 2023-08-01 12:48:12 | e107 跨站脚本漏洞 | 详情 |
086c171bc44677f87e0ad45c8ab5dab6 | CNNVD-202308-058 (CVE-2023-2164) | 2023-08-01 12:47:10 | GitLab 跨站脚本漏洞 | 详情 |
bc6915cfb72ce7e27f2aa64ff3a35ee2 | CNNVD-202308-059 (CVE-2023-31432) | 2023-08-01 12:47:08 | Brocade Fabric OS 安全漏洞 | 详情 |
915090fa2939ee9d9978125be4eeff27 | CNNVD-202308-060 (CVE-2023-3739) | 2023-08-01 12:46:07 | Google Chrome 安全漏洞 | 详情 |
b790441bc923d37c914ea50edcdfaa16 | CNNVD-202308-061 (CVE-2023-3385) | 2023-08-01 12:46:05 | GitLab 路径遍历漏洞 | 详情 |
a6be4479387eddda68e1c7808965c1bc | CNNVD-202308-062 (CVE-2022-40609) | 2023-08-01 12:46:03 | IBM SDK, Java Technology Edition 安全漏洞 | 详情 |
55409ee74ffe87168f7d61814b568334 | CNNVD-202308-063 (CVE-2023-31431) | 2023-08-01 12:46:02 | Brocade Fabric OS 安全漏洞 | 详情 |
a4340da9d26800c671fa800a080c3d01 | CNNVD-202308-064 (CVE-2023-36210) | 2023-08-01 12:45:00 | MotoCMS 安全漏洞 | 详情 |
d70ae2187ae1aa50a2af6befce15bfbd | CNNVD-202308-065 (CVE-2023-31428) | 2023-08-01 12:43:58 | Brocade Fabric OS 代码问题漏洞 | 详情 |
8b0e98f117732e813318bdec77d0fb4b | CNNVD-202308-066 (CVE-2023-31928) | 2023-08-01 12:42:57 | Brocade Fabric OS 跨站脚本漏洞 | 详情 |
73ffd9540daad0a04d3d54041ba9df14 | CNNVD-202307-2321 (CVE-2023-37772) | 2023-07-31 12:44:10 | Online Shopping Portal 安全漏洞 | 详情 |
10f462bbd81ee431ab32c6a160fc068d | CNNVD-202307-2322 (CVE-2023-3983) | 2023-07-31 12:44:08 | Advantech iView 安全漏洞 | 详情 |
91dcd4420b85064dbae045bceabb71b9 | CNNVD-202307-2323 (CVE-2023-37496) | 2023-07-31 12:44:07 | HCL Technologies HCL Verse 安全漏洞 | 详情 |
c81e50233ec479272b638b8dbddedeea | CNNVD-202307-2324 (CVE-2023-38989) | 2023-07-31 12:44:05 | jeesite 安全漏洞 | 详情 |
775849c6f8c5fe41588806137e12cfa8 | CNNVD-202307-2326 (CVE-2023-3462) | 2023-07-31 12:44:03 | HashiCorp Vault 安全漏洞 | 详情 |
f995ebc4f6961ed50c6d18ec0f7efcf4 | CNNVD-202307-2327 (CVE-2022-42183) | 2023-07-31 12:44:01 | Precisely Spectrum Spatial Analyst 安全漏洞 | 详情 |
67539644d8b06577c03aeab1ac018450 | CNNVD-202307-2328 (CVE-2022-42182) | 2023-07-31 12:43:59 | Precisely Spectrum Spatial Analyst 安全漏洞 | 详情 |
b61f0e730dfb90bb1c6f8f6e83508ae7 | CNNVD-202307-2329 (CVE-2023-39122) | 2023-07-31 12:43:56 | BMC Control-M 安全漏洞 | 详情 |
a09d1da1d10d2b5f823d7b8b41490660 | CNNVD-202307-2330 (CVE-2023-3825) | 2023-07-31 12:42:54 | PTC Kepware KEPServerEX 资源管理错误漏洞 | 详情 |
05caf2e95b7a0f72e0c071c443e1d82b | CNNVD-202307-2331 (CVE-2023-4033) | 2023-07-31 12:42:52 | Mlflow 操作系统命令注入漏洞 | 详情 |
奇安信 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
45ab4afdafe578698bcfccccd65d833e | yt | QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 | 详情 | |
74691465618764c64d52a2ff58013ac4 | yt | QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 | 详情 | |
6bd01daffa85191c80698354fc8e252f | wt | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 | |
7010355bb6ffff38cb1a885acf784ca7 | ft | QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 | 详情 | |
5edb21a58a7e21692bd0ddd622d39279 | St | QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 | 详情 | |
3e8973410ef7c04408d63fa10c230487 | St | QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 | 详情 | |
f749eac58b87d0954f0e4a84b5d67057 | CVE-2020-1350 | 2020-07-15 15:57:00 | QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 | 详情 |
90b93cb7073fe73b17746ac166a09637 | CVE-2020-6819, CVE-2020-6820 | 2020-04-08 10:34:35 | QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 | 详情 |
e318a5efa4803b50cdef480b90b1784d | 2020-03-25 13:58:51 | QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 | 详情 | |
cffc3035f7899495cfeae521451f91b2 | CVE-2020-0796 | 2020-03-12 10:32:09 | QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 | 详情 |
3e6175d47d17c6f94bd9ba10d81c3717 | CVE-2020-0674 | 2020-03-02 14:52:46 | QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 | 详情 |
d99d073afb7d248a8a62fb068921997f | CVE-2020-0601 | 2020-01-15 14:11:41 | QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 | 详情 |
b7b45b14a3af1225ef6eec72d74964df | CVE-2019-1367 | 2019-09-25 17:23:00 | QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 | 详情 |
504fc79f0123db109a11b149c334b75c | CVE-2019-0708 | 2019-09-09 10:20:47 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
5b727692d583d4a6e7cdb0f670eac12a | CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 | 2019-08-14 11:09:05 | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 |
54b48d765fccbc8dcfa3de0920459f8d | CVE-2019-11707 | 2019-06-19 16:53:47 | QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 | 详情 |
5b4d5fea09fbc2dca45be53f162d39de | CVE-2019-0708 | 2019-05-31 17:03:19 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
安全客 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
03afa8b4eaf4a0160784152fca5465b2 | CVE-2021-27308 | 2021-07-11 14:22:05 | 4images 跨站脚本漏洞 | 详情 |
8b0ace4c54a7fc20a99d21e294152a99 | CVE-2020-15261 | 2021-07-11 14:22:05 | Veyon Service 安全漏洞 | 详情 |
d4f12de949590ab346b61986a29d8b4d | CVE-2021-35039 | 2021-07-09 17:30:13 | Linux kernel 安全漏洞 | 详情 |
f790e7ef3b5de3774d42ee32b9b10c01 | CVE-2021-34626 | 2021-07-09 17:30:13 | WordPress 访问控制错误漏洞 | 详情 |
71bf261eb2113d5ff870ab9bafd29f55 | CVE-2021-25952 | 2021-07-09 17:30:13 | just-safe-set 安全漏洞 | 详情 |
152793cbc104933584f5f227606f433d | CVE-2021-0597 | 2021-07-09 17:30:13 | Google Android 信息泄露漏洞 | 详情 |
75f153c327984fdfdd2d9c463a91371d | CVE-2021-34430 | 2021-07-09 17:30:13 | Eclipse TinyDTLS 安全特征问题漏洞 | 详情 |
9610336f1a41241cc8edea22a2780ec5 | CVE-2021-3638 | 2021-07-09 17:30:13 | QEMU 安全漏洞 | 详情 |
92fe450ae5c5dfa48072aca79d64ba63 | CVE-2021-34614 | 2021-07-09 14:24:32 | Aruba ClearPass Policy Manager 安全漏洞 | 详情 |
680a4218fc32922746717210664a3d62 | CVE-2021-22144 | 2021-07-09 13:28:16 | Elasticsearch 安全漏洞 | 详情 |
373930f669f2c1f7b61101a925304779 | CVE-2021-24022 | 2021-07-09 13:28:16 | Fortinet FortiManager 安全漏洞 | 详情 |
8556f9cd0699f88c1f6cca9a43463bdd | CVE-2021-33012 | 2021-07-09 13:28:16 | Allen Bradley Micrologix 1100输入验证错误漏洞 | 详情 |
480ae713cc88cc0985e1ebc079974d83 | CVE-2021-0592 | 2021-07-09 13:28:16 | Google Android 安全漏洞 | 详情 |
8ef4dbefa6604ea2312621401c3ec0b9 | CVE-2021-1598 | 2021-07-09 13:28:16 | Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 | 详情 |
d6e8714c32df7a0dcc2f3910ec68b42d | CVE-2021-20782 | 2021-07-09 13:28:16 | Software License Manager 跨站请求伪造漏洞 | 详情 |
4e60b22611b8bb0fd7e532896498af29 | CVE-2021-20781 | 2021-07-09 13:28:16 | WordPress 跨站请求伪造漏洞 | 详情 |
5ca48ad58fb499c069ae0800c3b39875 | CVE-2021-32961 | 2021-07-09 13:28:16 | MDT AutoSave代码问题漏洞 | 详情 |
2ed854890b43f08e52340a1e8fe6d39f | CVE-2021-0577 | 2021-07-09 13:28:16 | Google Android 安全漏洞 | 详情 |
8d63110e1475bbd245715b2ee1824d13 | CVE-2021-31816 | 2021-07-09 13:28:16 | Octopus Server 安全漏洞 | 详情 |
72bef2ae2f5db7dd066e1cdefa618dc5 | CVE-2021-31817 | 2021-07-09 13:28:16 | Octopus Server 安全漏洞 | 详情 |
1f7369b2609dbd2cd40d091f7de540cd | CVE-2020-20217 | 2021-07-09 13:28:16 | Mikrotik RouterOs 安全漏洞 | 详情 |
1793176eecc5813c3348f026dc9909c9 | CVE-2020-28598 | 2021-07-09 13:28:16 | PrusaSlicer 安全漏洞 | 详情 |
7f4cf34ceb545548dcfcc3c0e7120268 | CVE-2021-32945 | 2021-07-09 13:28:16 | MDT AutoSave加密问题漏洞 | 详情 |
58553eb00d6e3e83b633f09464c4e98a | CVE-2021-29712 | 2021-07-09 13:28:16 | IBM InfoSphere Information Server 跨站脚本漏洞 | 详情 |
d8e27ec42fb0b89998fcc006f49b249b | CVE-2021-25432 | 2021-07-09 13:28:16 | Samsung Members 信息泄露漏洞 | 详情 |
8f2adc6c247725bf2eb7f53256c93ea7 | CVE-2021-25433 | 2021-07-09 13:28:16 | Samsung Tizen安全漏洞 | 详情 |
8f949676124339eb6f64f9c607af5470 | CVE-2021-25431 | 2021-07-09 13:28:16 | Samsung Mobile Device Cameralyzer 访问控制错误漏洞 | 详情 |
069818a8958f9c158fcb0956ee32fc03 | CVE-2021-25434 | 2021-07-09 13:28:16 | Samsung Tizen 代码注入漏洞 | 详情 |
55b9126220b9722ff5d730d3996877e9 | CVE-2021-32949 | 2021-07-09 13:28:16 | MDT AutoSave 路径遍历漏洞 | 详情 |
ebab009fffdee3d360dcdff74b0ed061 | CVE-2021-25435 | 2021-07-09 13:28:16 | Samsung Tizen代码注入漏洞 | 详情 |
斗象 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
096b6298d82574500dc1a14c9dba4065 | CVE-2022-22038, CVE-2022-22047, CVE-2022-30216, CVE-2022-22029 | 2022-07-15 00:38:28 | 微软2022年7月补丁日漏洞通告 | 详情 |
6018f718b2d751478bf1ce069ac65f0d | CVE-2022-2185 | 2022-07-01 09:02:05 | GitLab 远程代码执行漏洞(CVE-2022-2185) | 详情 |
844719cf0bb4843aff73d2f33cc6dd0b | CVE-2022-30190, CVE-2022-30136 | 2022-06-15 05:48:12 | 微软2022年6月补丁日漏洞通告 | 详情 |
8b47000e1abfbacdadb7df6f09152d89 | CVE-2022-26134 | 2022-06-03 05:48:38 | Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134) | 详情 |
eebe93468b36d2ca24cf4b82136a5635 | CVE-2022-30190 | 2022-05-31 13:57:17 | Microsoft Windows MSDT 远程代码执行漏洞(CVE-2022-30190) | 详情 |
95525e3f5907a776dc7cd4f87f2e2154 | 2022-05-23 07:11:04 | Fastjson 反序列化漏洞 | 详情 | |
945fd6e612634d9721f861833f1ecb75 | CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923 | 2022-05-11 03:45:48 | 微软2022年5月补丁日漏洞通告 | 详情 |
e2938ff82d0cc152508e0240697def4c | CVE-2022-1388 | 2022-05-06 05:53:04 | F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388) | 详情 |
bcf7253d2ee580c618737de137d370c4 | CVE-2022-29464 | 2022-04-22 02:21:17 | WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464) | 详情 |
07c09799b08afb04c63a9de750b70aca | CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904 | 2022-04-13 07:51:00 | 微软2022年4月补丁日漏洞通告 | 详情 |
f5b543501ed5679d423411edac502e24 | CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 | 2022-04-08 03:49:31 | VMware 产品多个高危漏洞通告 | 详情 |
f421bcdb306e2bc1ffbf58fcb024a0dd | 2022-03-29 17:11:30 | Spring 框架远程代码执行漏洞 | 详情 | |
0473358d95e58c7c3f2e7db0109f56f4 | 2022-03-29 17:11:30 | Spring Framework 远程代码执行漏洞(CVE-2022-22965) | 详情 | |
a888c948ca1172f8a06a3879479f1de4 | CVE-2022-22965 | 2022-03-29 17:11:30 | Spring Framework 远程代码执行漏洞(CVE-2022-22965) | 详情 |
71ed541bb737196268b75c7ba435e1a9 | 2022-03-28 04:57:30 | Spring Cloud Function SpEL表达式注入漏洞 | 详情 | |
f7a5dcd376be777c6593a29b8ebd411a | CVE-2022-0778 | 2022-03-18 07:09:22 | OpenSSL拒绝服务漏洞(CVE-2022-0778) | 详情 |
6c4124fed44906a79843cd2dd383c695 | CVE-2022-0847 | 2022-03-15 03:32:03 | Linux Kernel本地提权漏洞(CVE-2022-0847) | 详情 |
a2795e4829bff16f108cf191eba663c3 | CVE-2022-21990, CVE-2022-24508, CVE-2022-23277 | 2022-03-11 02:14:56 | 微软2022年3月补丁日漏洞通告 | 详情 |
d09f0641bf65c64a16d802cd78e14097 | CVE-2022-0847 | 2022-03-08 08:23:08 | Linux 内核本地提权漏洞(CVE-2022-0847) | 详情 |
69052e2a8c09416f5df674f92cba25a6 | CVE-2022-22947 | 2022-03-02 11:42:55 | Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947) | 详情 |
5f42b6f584a9ace426787dc8dfd6e6e5 | 2022-02-16 10:44:18 | 向日葵远程命令执行漏洞(CNVD-2022-10270) | 详情 | |
79556071f6236ab4674f75b3beee4d79 | CVE-2022-24112 | 2022-02-11 06:13:35 | Apache APISIX 远程代码执行漏洞 (CVE-2022-24112) | 详情 |
485f2c57713f4a39830e8c2d01e43cfe | CVE-2021-4034 | 2022-01-26 06:19:16 | Linux Polkit 权限提升漏洞(CVE-2021-4034) | 详情 |
0aa6eab412c0318b74c6a470ee774df1 | CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 | 2022-01-12 03:44:50 | 微软2022年1月补丁日漏洞通告 | 详情 |
88a8c676b52a739c0335d7c21ca810a9 | 2022-01-06 08:19:17 | MeterSphere 远程代码执行漏洞 | 详情 | |
76cad61d2d5a8750a6a714ab2c6dbc97 | CVE-2021-45232 | 2021-12-28 10:31:16 | Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) | 详情 |
af4f5f63390eb00de8705b5029d8c376 | CVE-2021-44228, CVE-2021-45046 | 2021-12-14 01:56:52 | Apache Log4j 远程代码执行漏洞 | 详情 |
43456ae172e45c12087c40c03d925e0e | CVE-2021-44228 | 2021-12-11 03:21:34 | Apache Log4j 远程代码执行漏洞 | 详情 |
392b133d98d6f61aee36ce6c8784f4df | 2021-12-09 15:20:54 | Apache Log4j 远程代码执行漏洞 | 详情 | |
1e193280a8f45427c06cb4945be4f126 | 2021-12-07 06:48:55 | Grafana 任意文件读取漏洞 | 详情 |
红后 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
6fa0a347889bf0da0cae47ef068a6a99 | CVE-2023-32836 | 2023-11-16 21:05:37 | GOOGLE ANDROID Vulnerability | 详情 |
49751f9f84ed69956c96cc87959ec666 | CVE-2021-22499 | 2023-11-16 21:05:34 | Micro Focus Application Performance Management 跨站脚本漏洞 | 详情 |
eaa040f80d817832a627456843d3e24c | CVE-2021-23883 | 2023-11-16 21:05:33 | 迈克菲 McAfee Endpoint Security 代码问题漏洞 | 详情 |
d52ddce51389f668d6fad6e7044bd974 | CVE-2021-23878 | 2023-11-16 21:05:33 | 迈克菲 McAfee Endpoint Security 加密问题漏洞 | 详情 |
b62432054e9970a34c4d9e4d9efd1075 | CVE-2023-32838 | 2023-11-16 21:05:33 | GOOGLE ANDROID Vulnerability | 详情 |
162855c32b8e1a1dafd6ef3e7a3b3da8 | CVE-2022-43554 | 2023-11-16 21:05:33 | IVANTI AVALANCHE Vulnerability | 详情 |
dff8e982c8571446fc1d46fdb5263781 | CVE-2021-21019 | 2023-11-16 21:05:33 | Adobe Magento 注入漏洞 | 详情 |
5c28bf13629d4240819bb4f492d588a9 | CVE-2022-34396 | 2023-11-15 21:56:12 | DELL OPENMANAGE_SERVER_ADMINISTRATOR Vulnerability | 详情 |
8876fd1be50182e42f17aaf033bfaf25 | CVE-2022-45098 | 2023-11-15 21:56:10 | DELL EMC_POWERSCALE_ONEFS Vulnerability | 详情 |
d8a4cb7ca4e0f29533302f9f97f22a55 | CVE-2022-45102 | 2023-11-15 21:55:56 | DELL Multiple product Vulnerability | 详情 |
72e081fb5149198ecc92f3f06383f0d5 | CVE-2023-0512 | 2023-11-15 21:55:53 | VIM VIM Vulnerability | 详情 |
741e4f08caf4baef7072136884f07ae6 | CVE-2023-24829 | 2023-11-15 21:55:48 | APACHE IOTDB Vulnerability | 详情 |
06eca26d44409544e5ec96702bf85ce0 | CVE-2023-23628 | 2023-11-15 21:54:44 | METABASE METABASE Vulnerability | 详情 |
830da4b9e4f027d37c9e39125a30cc18 | CVE-2022-3488 | 2023-11-15 21:54:27 | ISC BIND Vulnerability | 详情 |
93ceb6d645101eee2b05535717260299 | CVE-2022-45808 | 2023-11-15 21:54:21 | THIMPRESS LEARNPRESS Vulnerability | 详情 |
d79756a4e0c6522a5ba958c82d0b4c88 | CVE-2023-22482 | 2023-11-15 21:54:17 | LINUXFOUNDATION ARGO-CD Vulnerability | 详情 |
1c317622086c85695ff9266e3c5cf66f | CVE-2022-4323 | 2023-11-15 21:54:16 | SUMO GOOGLE_ANALYTICATOR Vulnerability | 详情 |
6e8e12e7cd90fd6550e5cef8c12a4a50 | CVE-2023-24069 | 2023-11-15 21:54:13 | SIGNAL SIGNAL-DESKTOP Vulnerability | 详情 |
de78bbaf8c5f6d744b657b8b7733d20e | CVE-2023-24044 | 2023-11-15 21:54:12 | PLESK OBSIDIAN Vulnerability | 详情 |
44e1e95916d186bbbc5cabca01532712 | CVE-2022-41733 | 2023-11-15 21:54:05 | IBM INFOSPHERE_INFORMATION_SERVER Vulnerability | 详情 |
136d79ca309f157fcf93764b6993609c | CVE-2022-20752 | 2023-11-15 20:59:35 | Cisco Unified Communications Manager 和 Cisco Unity Connection安全漏洞 | 详情 |
cfa598cc25996bf7c25d8622f86868f3 | CVE-2022-32208 | 2023-11-15 20:59:35 | curl 缓冲区错误漏洞 | 详情 |
5dc2248c28a031fb6cb3e94f714da748 | CVE-2021-31677 | 2023-11-15 20:59:35 | PESCMS 跨站请求伪造漏洞 | 详情 |
2df25199d06527c66c1929ede927aa18 | CVE-2022-20800 | 2023-11-15 20:59:35 | Cisco Unified Communications Manager 跨站脚本漏洞 | 详情 |
537152d5106a70b12b4e0204db3ba5b3 | CVE-2022-2304 | 2023-11-15 20:59:34 | Vim 安全漏洞 | 详情 |
dee30b1a759cdba8cda08222c3b6cf63 | CVE-2022-2309 | 2023-11-15 20:59:34 | lxml 和 libxml2 代码问题漏洞 | 详情 |
edc189cc3f6caea2e67f158e0f93dd19 | CVE-2022-31116 | 2023-11-15 20:59:34 | UltraJSON 其他漏洞 | 详情 |
3e53baf169ff30745b9dfa6f9505233b | CVE-2022-20791 | 2023-11-15 20:59:26 | Cisco Unified Communications Manager 路径遍历漏洞 | 详情 |
6ae237378a32e08e6f0495fa3dbce32b | CVE-2022-20812 | 2023-11-15 20:59:26 | Cisco Expressway Series 和 Cisco TelePresence Video Communication Server 路径遍历漏洞 | 详情 |
a2523ef82d3016d54faf64dd9af12f3f | CVE-2022-31129 | 2023-11-15 20:59:26 | Moment.js 资源管理错误漏洞 | 详情 |
绿盟 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
875bb675a73e20aec42cee75dbb1f37c | CVE-2024-1328 | 2024-04-25 07:22:05 | WordPress Newsletter2Go Plugin跨站脚本漏洞 | 详情 |
efd6f912f8f0e243c68474c554260dd1 | CVE-2023-6814 | 2024-04-25 07:22:05 | Hitachi Cosminexus信息泄露漏洞 | 详情 |
084a3a7b8b9865afef22f7d5273bbea9 | CVE-2024-25331 | 2024-04-25 07:22:05 | D-Link DIR-822和DIR-822-CA远程代码执行漏洞 | 详情 |
24654bc968df520e4b1692c088b6c059 | CVE-2024-26521 | 2024-04-25 07:22:05 | CE Phoenix Cart HTML注入漏洞 | 详情 |
ea4315593bc948451349a62db9c939ae | CVE-2024-28163 | 2024-04-25 07:22:05 | SAP NetWeaver Process Integration(PI)信息泄露漏洞 | 详情 |
45404f0733a972ab85c7d16a74aea708 | CVE-2023-49453 | 2024-04-25 07:22:05 | Racktables跨站脚本漏洞 | 详情 |
96194b3303a1bd3cec052c4ee74b8b0c | CVE-2024-21584 | 2024-04-25 07:22:05 | Pleasanter跨站脚本漏洞 | 详情 |
bf3d800e80ff3a32bc332871d7701c3f | CVE-2024-25999 | 2024-04-25 07:22:05 | PHOENIX CONTACT CHARX SEC输入验证错误漏洞 | 详情 |
f693c98a214f024dd5eb11ae320121b9 | CVE-2024-25996 | 2024-04-25 07:22:05 | PHOENIX CONTACT CHARX SEC源验证错误漏洞 | 详情 |
b7eda7b8fd169d557c1b1fb0883d6709 | CVE-2024-25998 | 2024-04-25 07:22:05 | PHOENIX CONTACT CHARX SEC输入验证错误漏洞 | 详情 |
a97f54c3568e80c9601eb00213a2e682 | CVE-2024-25995 | 2024-04-25 07:22:05 | PHOENIX CONTACT CHARX SEC身份认证错误漏洞 | 详情 |
c7d45539f7ed70cd01366f66bfc9f8b9 | CVE-2024-25994 | 2024-04-25 07:22:05 | PHOENIX CONTACT CHARX SEC输入验证错误漏洞 | 详情 |
42e392f592288339f51cb33f1eaf21bc | CVE-2024-27121 | 2024-04-25 07:22:05 | Omron Machine Automation Controller NJ Series和NX Series路径遍历漏洞 | 详情 |
a1ec46fcb6ef79449d1f85c80f4e456b | CVE-2024-21805 | 2024-04-25 07:22:05 | SKYSEA Client View访问控制错误漏洞 | 详情 |
6f5d25a12e9b936c12438e3cb3649b95 | CVE-2024-0906 | 2024-04-25 07:22:05 | WordPress fx Private Site Plugin信息泄露漏洞 | 详情 |
567431a4283ad2e12a5cb7067f11a11d | CVE-2023-50933 | 2024-04-25 03:23:04 | IBM PowerSC HTML注入漏洞 | 详情 |
67647d5cc7c09321f72d76467021df0d | CVE-2023-51506 | 2024-04-25 03:23:04 | WordPress plugin WPCS跨站脚本漏洞 | 详情 |
aebf558e9b1c37fa58d780f32a2a7872 | CVE-2023-6223 | 2024-04-25 03:23:04 | WordPress Plugin LearnPress身份验证绕过漏洞 | 详情 |
f144fc6630219bd878236954bf3f120f | CVE-2023-51695 | 2024-04-25 03:23:04 | WordPress plugin Everest Forms跨站脚本漏洞 | 详情 |
d46a0c52521c49bd5d4df38b4340b2d2 | CVE-2023-47144 | 2024-04-25 03:23:04 | IBM Tivoli Application Dependency Discovery Manager跨站脚本漏洞 | 详情 |
580e58ed6e6bd1cb9e3154a51237daca | CVE-2023-6582 | 2024-04-25 03:23:04 | WordPress ElementsKit Elementor addons plugin信息泄露漏洞 | 详情 |
6c79fb1e6662b1c1ae0f3a02e4ef24f5 | CVE-2023-47143 | 2024-04-25 03:23:04 | IBM Tivoli Application Dependency Discovery Manager HTTP标头注入漏洞 | 详情 |
b7f30643afbdb1d7df0a609ccc2784d8 | CVE-2023-6875 | 2024-04-25 03:23:04 | WordPress POST SMTP Mailer不合理授权漏洞 | 详情 |
f8376b05f122a5cbe12439eea01499e8 | CVE-2023-51509 | 2024-04-25 03:23:04 | WordPress plugin RegistrationMagic跨站脚本漏洞 | 详情 |
512981509e4442909ecd75932ce0f3ce | CVE-2023-6561 | 2024-04-25 03:23:04 | WordPress Plugin Featured Image from URL跨站脚本执行漏洞 | 详情 |
aacd0b4a71126b2e578f5f1a3a78445a | CVE-2024-22096 | 2024-04-25 03:23:04 | Rapid Software Rapid SCADA路径遍历漏洞 | 详情 |
321a3076fa689cc83bd15db10929cba7 | CVE-2023-6782 | 2024-04-25 03:23:04 | WordPress AMP for WP Plugin跨站脚本执行漏洞 | 详情 |
da34fd1cce20f9eb618bace073265b22 | CVE-2024-1201 | 2024-04-25 03:23:04 | PanteraSoft HDD Health DLL劫持漏洞 | 详情 |
aff24424388dbbe3da897958bd9ade53 | CVE-2024-0963 | 2024-04-25 03:23:04 | WordPress plugin Calculated Fields Form存储型跨站脚本漏洞 | 详情 |
2e86c3c1241581e57ae5041ebe7f1e94 | CVE-2024-23895 | 2024-04-25 03:23:04 | Cups Easy跨站脚本漏洞 | 详情 |
美国国家漏洞数据库(NVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
c6b3897e8411249dddc03a2582c3afdc | CVE-2023-45955 | 2023-10-31 18:15:08 | An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands. | 详情 |
752c86d745d9d6748f49970fc6c72bf7 | CVE-2022-48189 | 2023-10-30 15:15:39 | An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | 详情 |
8e0bb5e55759a9b19da4ce8a5bf48799 | CVE-2022-4573 | 2023-10-30 15:15:39 | An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code. | 详情 |
790b026d2f9b8a38a121baf7cc9fbbe2 | CVE-2023-45797 | 2023-10-30 07:15:12 | A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code. | 详情 |
9fee627171b8e0c7c2f065dae65c293c | CVE-2023-46468 | 2023-10-28 01:15:51 | An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function. | 详情 |
1f2c404d06acfac83f7761c8ab878dee | CVE-2023-43322 | 2023-10-28 01:15:51 | ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/. | 详情 |
eea9f6fc871d45cb3672714124c1d416 | CVE-2023-46211 | 2023-10-27 21:15:09 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <=Â 3.19.14 versions. | 详情 |
8496e7ff58df6fda25c681900fb6dfb8 | CVE-2023-46209 | 2023-10-27 21:15:09 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus – Unlimited grid plugin <= 1.3.2 versions. | 详情 |
751468e26927001b02f1b97a3d980488 | CVE-2023-46208 | 2023-10-27 21:15:09 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions. | 详情 |
26e1875553f4c463d954949d41128765 | CVE-2023-46200 | 2023-10-27 21:15:09 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <=Â 1.1.3 versions. | 详情 |
a86c2cbf359259b1e38cd6e0c560a363 | CVE-2023-46509 | 2023-10-27 21:15:09 | An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. | 详情 |
c608240b549dc25f03e04b5397e48e1b | CVE-2023-46199 | 2023-10-27 08:15:31 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Triberr plugin <=Â 4.1.1 versions. | 详情 |
c4bd3098463c3624a284c838fd6ecb48 | CVE-2023-46194 | 2023-10-27 08:15:31 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.5 versions. | 详情 |
e79edbb292a519fa08055a884d86921e | CVE-2023-46192 | 2023-10-27 08:15:31 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <=Â 1.2.3 versions. | 详情 |
528422b82114eedfc8a332c895b5d475 | CVE-2023-46504 | 2023-10-27 04:15:10 | Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component. | 详情 |
4b4a8cd15c35de7b7cb3e0f5110f178b | CVE-2023-46503 | 2023-10-27 04:15:10 | Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules. | 详情 |
9637804577e375e89e0c34d1e9dc7daa | CVE-2023-46505 | 2023-10-27 01:15:32 | Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacker to execute arbitrary code via the content1 parameter in the demo.php file. | 详情 |
ccc0d1dc9e1e6371fc7ed4a7e6bc67c9 | CVE-2023-46491 | 2023-10-27 00:15:09 | ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library. | 详情 |
925767e89590e6107a882a20468a3153 | CVE-2023-42188 | 2023-10-27 00:15:09 | IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF). | 详情 |
8affd999965e83dbd42583837011424c | CVE-2023-42406 | 2023-10-26 22:15:08 | SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component. | 详情 |
7d0ccfb0da7a7225f1fd25c20c95a57e | CVE-2023-46435 | 2023-10-26 18:15:08 | Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id. | 详情 |
0ab665a469513a0f70af2e1f17519e41 | CVE-2023-5792 | 2023-10-26 17:15:10 | A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243598 is the identifier assigned to this vulnerability. | 详情 |
692b9ba4d9cf7c90b6a3e5b8396a5302 | CVE-2023-5791 | 2023-10-26 17:15:10 | A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243597 was assigned to this vulnerability. | 详情 |
7e262fff58c0ebc8ddc6cdfb7535d7e2 | CVE-2023-5790 | 2023-10-26 17:15:10 | A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595. | 详情 |
c643f1003e7a0ee28d9e54cda26d6b85 | CVE-2023-43208 | 2023-10-26 17:15:09 | NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679. | 详情 |
3d3bc04cd7ec7fdf5aaaa0aa0a140b90 | CVE-2023-46450 | 2023-10-26 15:15:09 | Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function. | 详情 |
844b1b549a5543c879cdc68d7237f444 | CVE-2023-46449 | 2023-10-26 15:15:09 | Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function. | 详情 |
f494a8af43bc7ce0e5b6f1d2f18f3740 | CVE-2023-46081 | 2023-10-26 13:15:09 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <=Â 1.1.34 versions. | 详情 |
3a451401fdd162ad57ab72c2f5d7b984 | CVE-2023-46077 | 2023-10-26 13:15:09 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions. | 详情 |
428d0a0df20b616e36d68a5b76023a38 | CVE-2023-46076 | 2023-10-26 13:15:09 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <=Â 1.2.102 versions. | 详情 |