返回博客 | 威胁情报播报


360 网络安全响应中心 [TOP 30] CVES TIME TITLE URL
76940954759f4d1122fd6cf1ba59354e 2023-05-29 07:13:01 安全事件周报 2023-05-22 第21周 详情
ad4254fec631c297a09f71812f05a763 CVE-2023-2825 2023-05-24 07:34:45 CVE-2023-2825:GitLab 目录遍历漏洞通告 详情
c22654761dfc4bd86106c5b7f1f5ab1c 2023-05-22 08:52:33 安全事件周报 2023-05-15 第20周 详情
b13f7a6b041480cf34bb8732805b6230 2023-05-19 10:09:41 Apple WebKit 多个漏洞通告 详情
db011599bbee4c7eaf7f5de90aace14f 2023-05-17 08:59:38 泛微多个漏洞通告 详情
ff7b2a220ee1ae11386b5fede1c2884b CVE-2023-32233 2023-05-17 08:58:18 CVE-2023-32233:Linux Kernel 权限提升漏洞通告 详情
46c67d8b625a3844f6de918103d0f1be 2023-05-15 06:57:11 安全事件周报 2023-05-08 第19周 详情
bd54dff060c7e58a91843c0e8e1b8c99 CVE-2023-29324 2023-05-12 07:29:55 CVE-2023-29324:Windows MSHTML Platform安全功能绕过漏洞通告 详情
0c30c8f97c81bc0c5862f2959e074cc9 2023-05-10 09:44:19 2023-05 补丁日: 微软多个漏洞安全更新通告 详情
51077656fe9fc37d4140d4ce8100cf7c CVE-2023-2478 2023-05-08 09:58:45 CVE-2023-2478:GitLab代码执行漏洞通告 详情
7b6e1c8a54653e59e6b19bc5e127c801 2023-05-08 08:59:54 安全事件周报 第17周 详情
be9e00aa3d8a28a4c078ee7b3fa4865b CVE-2023-0386 2023-05-06 08:22:44 CVE-2023-0386:Linux Kernel 权限提升漏洞通告 详情
b6b572fb400edf12ce0e6a34938ea6f3 CVE-2023-20869 2023-04-27 07:26:46 CVE-2023-20869/20870:VMware Workstation/Fusion 漏洞通告 详情
c7d9bbfa38870b35908acfd1e3942570 CVE-2023-27524 2023-04-26 09:46:30 CVE-2023-27524:Apache Superset身份认证绕过漏洞通告 详情
6ddbce6f8b25039edb7b13a95a2cb23e 2023-04-24 09:44:49 安全事件周报 2023-04-17 第16周 详情
9a6490d0223213fdea507a92b46e70c1 CVE-2023-20864 2023-04-21 09:06:27 VMware Aria Operations for Logs远程代码执行漏洞 详情
60b78b7988aacb38f5884e0fbab9c5b6 2023-04-19 06:30:30 2023-04 补丁日: Oracle多个产品漏洞安全风险通告 详情
d1a48a9c9af9070d037efc5d1b556420 CVE-2023-2136 2023-04-19 04:10:07 CVE-2023-2136:Google Chrome Skia整型溢出漏洞通告 详情
65289db6316398217acf197362db4989 2023-04-17 07:52:39 安全事件周报 2023-04-10 第15周 详情
bac04757fb29e6f5a68d734e1b55972d CVE-2023-2033 2023-04-17 00:43:33 CVE-2023-2033:Google Chrome V8类型混淆漏洞通告 详情
7b8df1f07a241983726b162aaec16e09 2023-04-12 08:26:21 2023-04 补丁日: 微软多个漏洞安全更新通告 详情
e5210dc9430bc51ba2e6e406c4f32adb 2023-04-11 07:09:42 瑞友天翼应用虚拟化系统远程代码执行漏洞通告 详情
d60717f31dc6a08a080990fcf8676fdc CVE-2023-29017 2023-04-10 08:59:38 vm2沙箱逃逸漏洞通告 详情
2b4c95f816268f18f5cb57a0071a4125 2023-04-10 06:58:16 安全事件周报 2023-04-03 第14周 详情
638b08e6df884cc1a5c0dd7c8ce8c08d 2023-04-03 09:32:42 安全事件周报 2023-03-27 第13周 详情
4ad53fb76838f4a82d7e011825d5934b CVE-2023-29059 2023-03-31 07:37:06 CVE-2023-29059:3CXDesktop App 代码执行漏洞通告 详情
c8989d2e807ceb53d24ad02bd54fbe60 CVE-2023-22809 2023-03-30 08:49:36 CVE-2023-22809:Sudo权限提升漏洞通告 详情
55fd37b2456c87556f03a593901b743a 2023-03-27 08:47:34 安全事件周报 2023-03-20 第12周 详情
c571983fae71cfe11b5bb86c67159080 CVE-2023-28432 2023-03-23 09:46:17 MinIO信息泄露漏洞通告 详情
96f44e31e7ad34d978d34d8fa828b8a5 CVE-2023-20860 2023-03-22 09:19:30 CVE-2023-20860:Spring Framework身份验证绕过漏洞通告 详情

Tenable (Nessus) [TOP 30] CVES TIME TITLE URL
075dfa7a7536b406798ae010b7c28d56 CVE-2023-2836 2023-05-31 04:15:00 The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 详情
91f35f4de0d794e211ab1050f11066df CVE-2023-2434 2023-05-31 04:15:00 The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings. 详情
0372d45c15006c9e6e0da2918031e712 CVE-2023-1661 2023-05-31 04:15:00 The Display post meta, term meta, comment meta, and user meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post metadata in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 详情
f57448475fe119b6fa01a9c60355dbeb CVE-2023-2987 2023-05-31 03:15:00 The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to the plugin to change the 'validation_token' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. 详情
9a3347ba02cafd326cb7a0b1d010e1a2 CVE-2023-2549 2023-05-31 03:15:00 The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the 'createTempAccountLink' function. This makes it possible for unauthenticated attackers to create a new user with administrator role via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. An attacker can leverage CVE-2023-2545 to get the login link or request a password reset to the new user's email address. 详情
93e1c5eb268b40244fa2381c371bdf07 CVE-2023-2547 2023-05-31 03:15:00 The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the temp user generated by the plugin. 详情
d248ebc849c221de9f71da955bbd0356 CVE-2023-2545 2023-05-31 03:15:00 The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to access the login links, which can be used for privilege escalation. 详情
2a747662bb9366d59ba594d16f4e8d6e CVE-2023-2436 2023-05-31 03:15:00 The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blog_in_blog' shortcode in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 详情
d308c51f749ac449691159ddd2ebd50c CVE-2023-2435 2023-05-31 03:15:00 The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.1 via a shortcode attribute. This allows editor-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. 详情
8f2aafe23a677d2d94626ac89184a186 CVE-2015-10107 2023-05-31 03:15:00 A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.3.5 is able to address this issue. The name of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB-230153 was assigned to this vulnerability. 详情
ba25c2a4e97e67e1ec285bd75c48921e CVE-2023-29743 2023-05-30 23:15:00 An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database. 详情
2ac9ba298d53c66cafb5b1c8999735ae CVE-2023-29741 2023-05-30 23:15:00 An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database. 详情
22755873cff0a951d85c0831544c841e CVE-2023-29740 2023-05-30 23:15:00 An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause a denial of service attack by manipulating the database. 详情
9e93a1fe76fba4309357fb8441e8ec74 CVE-2023-29739 2023-05-30 23:15:00 An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component. 详情
e380fb93dc26833a613d6fdf2927124d CVE-2023-29738 2023-05-30 23:15:00 An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause code execution and escalation of Privileges via the database files. 详情
e1b0c823db8191052effe1d776fa3017 CVE-2023-29728 2023-05-30 23:15:00 The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack. 详情
694309a0e01aa43b9343632a977d635f CVE-2023-29727 2023-05-30 23:15:00 The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects the implementation of the normal functionality of the application. An attacker can use this to cause an escalation of privilege attack. 详情
713c7c0bb55a624b7aef5ca69e9faa1c CVE-2023-29726 2023-05-30 23:15:00 The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker can use to inject large amounts of dirty data into the application's database. When the application starts, it loads the data from the database into memory. Once the attacker injects too much data, the application triggers an OOM error and crashes, resulting in a persistent denial of service. 详情
869868223951dbdcc3a10e3ff800facf CVE-2023-2952 2023-05-30 23:15:00 XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file 详情
0508885ca2cbd747e1db79cb32248727 CVE-2022-39075 2023-05-30 23:15:00 There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission. 详情
d0a3c74956cd0b7ee9a52c5154a6e1c0 CVE-2023-32699 2023-05-30 19:15:00 MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. ?The `checkUserPassword` method is used to check whether the password provided by the user matches the password saved in the database, and the `CodingUtil.md5` method is used to encrypt the original password with MD5 to ensure that the password will not be saved in plain text when it is stored. If a user submits a very long password when logging in, the system will be forced to execute the long password MD5 encryption process, causing the server CPU and memory to be exhausted, thereby causing a denial of service attack on the server. This issue is fixed in version 2.10.0-lts with a maximum password length. 详情
2eb1529eae4e0b191891e378174cc721 CVE-2023-32696 2023-05-30 19:15:00 CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to www-data) owned code and configuration files in the docker container and the `ckan` user had the permissions to use sudo. These issues allowed for code execution or privilege escalation if an arbitrary file write bug was available. Versions 2.9.9, 2.9.9-dev, 2.10.1, and 2.10.1-dev contain a patch. 详情
4676b78f0f20e7d43b1a2539f6d08b39 CVE-2023-1711 2023-05-30 19:15:00 A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information.List of CPEs: * cpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R16A:*:*:*:*:*:*:* * * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R16A:*:*:*:*:*:*:* 详情
96507efa55db86fde71af57b52251196 CVE-2023-33975 2023-05-30 18:15:00 RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. This issue is fixed in pull request 19680. As a workaround, disable support for fragmented IP datagrams. 详情
488f2659e2abd251d7973ed6dd02d239 CVE-2023-33656 2023-05-30 18:15:00 A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by causing the program to consume all available memory resources. 详情
c46c8972936c3439a04b45171a095de7 CVE-2023-32689 2023-05-30 18:15:00 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server via its public API. That HTML file would then be accessible at the internet domain at which Parse Server is hosted. The URL of the the uploaded HTML could be shared for phishing attacks. The HTML page may seem legitimate because it is served under the internet domain where Parse Server is hosted, which may be the same as a company's official website domain.An additional security issue arises when the Parse JavaScript SDK is used. The SDK stores sessions in the internet browser's local storage, which usually restricts data access depending on the internet domain. A malicious HTML file could contain a script that retrieves the user's session token from local storage and then share it with the attacker.The fix included in versions 5.4.4 and 6.1.1 adds a new Parse Server option `fileUpload.fileExtensions` to restrict file upload on Parse Server by file extension. It is recommended to restrict file upload for HTML file extensions, which this fix disables by default. If an app requires upload of files with HTML file extensions, the option can be set to `['.*']` or another custom value to override the default. 详情
7de4f2ad61fc7f506eb8ad4e447568ea CVE-2023-32684 2023-05-30 18:15:00 Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and the well-known third party products (Colima, Rancher Desktop, and Finch) are unlikely to be affected by this issue. To exploit this issue, the attacker has to embed the target file path (an absolute or a relative path from the instance directory) in a malicious disk image, as the qcow2 (or vmdk) backing file path string. As Lima refuses to run as the root, it is practically impossible for the attacker to read the entire host disk via `/dev/rdiskN`. Also, practically, the attacker cannot read at least the first 512 bytes (MBR) of the target file. The issue has been patched in Lima in version 0.16.0 by prohibiting using a backing file path in the VM base image. 详情
5c581696dce501c95aeae63c0fa8d6be CVE-2023-2994 2023-05-30 18:15:00 ** REJECT ** This 2023 CVE was incorrectly assigned instead of a 2022 CVE. 详情
fe237923d4c61f490194cec754466a8c CVE-2023-2968 2023-05-30 18:15:00 A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception. 详情
1b8ca8aed9c4a4a0a1c0b5d64bc1feaf CVE-2018-8661 2023-05-30 18:15:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none. 详情

国家信息安全漏洞共享平台(CNVD) [TOP 30] CVES TIME TITLE URL
8686fda9b2b49e4e1666b54e2248f935 CNVD-2021-74882 2021-11-14 16:43:52 四创科技有限公司建站系统存在SQL注入漏洞 详情
8f6972d84ad188b05ff9cc14d4334949 CNVD-2021-87021 (CVE-2020-4690) 2021-11-12 12:43:14 IBM Security Guardium硬编码凭证漏洞 详情
3bfe7b053a0c59d8a3d38c18f86aa143 CNVD-2021-87022 (CVE-2021-38870) 2021-11-12 12:43:12 IBM Aspera跨站脚本漏洞 详情
a4649bb17f4db4d1c7f879ebceb46ed0 CNVD-2021-87011 (CVE-2021-29753) 2021-11-12 12:43:11 IBM Business Automation Workflow存在未明漏洞 详情
094c613f9ed4b8b9d887dc912789043c CNVD-2021-87025 (CVE-2021-20563) 2021-11-12 12:43:10 IBM Sterling File Gateway信息泄露漏洞 详情
41c47f01a4c65dcb6efc9ebf483fe762 CNVD-2021-87010 (CVE-2021-38887) 2021-11-12 12:43:08 IBM InfoSphere Information Server信息泄露漏洞 详情
f51d33e7a09fd61ca90ede453515a830 CNVD-2021-87016 (CVE-2021-29764) 2021-11-12 12:43:07 IBM Sterling B2B Integrator跨站脚本漏洞 详情
33615a5f78df822e82e6d3436045c48c CNVD-2021-87026 (CVE-2021-38877) 2021-11-12 12:43:06 IBM Jazz for Service Management跨站脚本漏洞 详情
8e729177bcb4105dd831fb1e123ed1bb CNVD-2021-87014 (CVE-2021-29679) 2021-11-12 12:43:04 IBM Cognos Analytics远程代码执行漏洞 详情
1a3b856f78e9fbdca12aeddc7d665aca CNVD-2021-87029 (CVE-2021-29752) 2021-11-12 12:43:03 IBM Db2信息泄露漏洞 详情
6f1aa3a0cb819d97519baa47fd0232d5 CNVD-2021-87015 (CVE-2021-29745) 2021-11-12 12:43:02 IBM Cognos Analytics权限提升漏洞 详情
cbcb12f5f51d6e7d6d8a9fa581aa863a CNVD-2021-73908 2021-11-11 16:42:44 泛微e-cology存在SQL注入漏洞 详情
ae6fd467da55de31aa7219187cf5c2d4 CNVD-2021-86904 (CVE-2021-20351) 2021-11-11 08:31:46 IBM Engineering跨站脚本漏洞 详情
412a15b40959ed9cf9330ee79f99e079 CNVD-2021-86903 (CVE-2021-31173) 2021-11-11 08:31:44 Microsoft SharePoint Server信息泄露漏洞 详情
1cbc5d5faac431d3e82c9e5ea9588b5f CNVD-2021-86902 (CVE-2021-31172) 2021-11-11 08:31:43 Microsoft SharePoint欺骗漏洞 详情
686c7cfb20933b41c3d679cbba79a2ad CNVD-2021-86901 (CVE-2021-31181) 2021-11-11 08:31:42 Microsoft SharePoint远程代码执行漏洞 详情
72fdfb2d44c0d41d638e4632bdfc10b8 CNVD-2021-86900 (CVE-2021-3561) 2021-11-11 08:31:41 fig2dev缓冲区溢出漏洞 详情
3ba6f0e9394f9414e2cadb9495e2d5f5 CNVD-2021-85884 (CVE-2021-41210) 2021-11-10 07:24:57 Google TensorFlow堆分配数组越界读取漏洞 详情
4d8c4744ea972fb2fcb9673fea1fc7b7 CNVD-2021-85883 (CVE-2021-41226) 2021-11-10 07:24:56 Google TensorFlow堆越界访问漏洞 详情
8778f9cd924cae585ca5e2e0b8be3b3f CNVD-2021-85882 (CVE-2021-41224) 2021-11-10 07:24:54 Google TensorFlow堆越界访问漏洞 详情
e1b2722e6d5c509c680b584416d9cb20 CNVD-2021-85881 (CVE-2021-42770) 2021-11-10 07:24:53 OPNsense跨站脚本漏洞 详情
ed09c9fa5586e2d4d9b4e95fe3b447a0 CNVD-2021-85880 (CVE-2021-28024) 2021-11-10 07:24:52 ServiceTonic访问控制不当漏洞 详情
8a642f0922f7f915e81b2b947276a96c CNVD-2021-85879 (CVE-2021-28023) 2021-11-10 07:24:50 ServiceTonic任意文件上传漏洞 详情
c00b061c2cfdee4016a869a188135db5 CNVD-2021-85878 (CVE-2021-28022) 2021-11-10 07:24:49 ServiceTonic SQL注入漏洞 详情
9c4b20a28ad2bd4ab916448f0e1272bd CNVD-2021-85877 (CVE-2021-32483) 2021-11-10 07:24:48 Cloudera Manager不正确访问控制漏洞 详情
4d4423857b7b1f38e49738f00e8949ba CNVD-2021-85876 (CVE-2021-32481) 2021-11-10 07:24:46 Cloudera Hue跨站脚本漏洞 详情
6b12b7fc216d603e8e07351603851c86 CNVD-2021-85875 (CVE-2021-29994) 2021-11-10 07:24:45 Cloudera Hue跨站脚本漏洞 详情
72894fb3a3538de240d2f6810aae63c9 CNVD-2021-85892 (CVE-2021-42701) 2021-11-10 02:38:27 DAQFactory中间人攻击漏洞 详情
94a1f99a64ba24540cc1594d0a0b3152 CNVD-2021-85893 (CVE-2021-42699) 2021-11-10 02:38:26 DAQFactory明文传输漏洞 详情
5d9bac33be8f2f88391f6de02fb89c73 CNVD-2021-85894 (CVE-2021-42698) 2021-11-10 02:38:24 DAQFactory反序列化漏洞 详情

国家信息安全漏洞库(CNNVD) [TOP 30] CVES TIME TITLE URL
56358b73280e18ed2eaf62bf4b7fba5f CNNVD-202210-1696 (CVE-2021-44776) 2022-10-24 13:13:44 Lanner IAC-AST2500A 安全漏洞 详情
07eddc3a7e5e3731956c02a50f538970 CNNVD-202210-1697 (CVE-2021-26732) 2022-10-24 13:13:42 Lanner IAC-AST2500A 安全漏洞 详情
4b051d50f18e2bb4a1f272b12f873223 CNNVD-202210-1698 (CVE-2021-26731) 2022-10-24 13:13:40 Lanner IAC-AST2500A 缓冲区错误漏洞 详情
0d79d7ad89e7b6f52a89de2e3762a492 CNNVD-202210-1699 (CVE-2021-42010) 2022-10-24 13:13:38 Apache Heron 注入漏洞 详情
9596051a8fb75da90bf94bd495b53e94 CNNVD-202210-1700 (CVE-2021-26733) 2022-10-24 13:13:36 Lanner IAC-AST2500A 安全漏洞 详情
883bec62dd4552d68130c0f925873e93 CNNVD-202210-1701 (CVE-2022-42432) 2022-10-24 13:13:34 Linux kernel 安全漏洞 详情
755328fe5484ce3f71a4940d10f50b34 CNNVD-202210-1702 (CVE-2021-44769) 2022-10-24 13:13:31 Lanner IAC-AST2500A 输入验证错误漏洞 详情
9c53a984103cd446d6e447c12c9c66c6 CNNVD-202210-1703 (CVE-2021-44467) 2022-10-24 13:13:29 Lanner IAC-AST2500A 安全漏洞 详情
30dfa903ed49845732fc6cef266206e9 CNNVD-202210-1704 (CVE-2022-41974) 2022-10-24 13:13:27 Red Hat device-mapper-multipath 安全漏洞 详情
9c6324677d17c72db81aec2e1797791f CNNVD-202210-1705 (CVE-2022-41973) 2022-10-24 13:13:25 Red Hat device-mapper-multipath 安全漏洞 详情
4ec5a4ccefd5879e573cd53c2123dd3a CNNVD-202210-1612 (CVE-2022-39272) 2022-10-22 13:10:57 Flux2 安全漏洞 详情
c3846b92a4965777ef3e53a1f4618717 CNNVD-202210-1600 (CVE-2022-3646) 2022-10-21 13:11:18 Linux kernel 安全漏洞 详情
9a761144255ce6f90bb54e219ea40282 CNNVD-202210-1601 (CVE-2022-34438) 2022-10-21 13:11:15 Dell PowerScale OneFS 安全漏洞 详情
44290d228b51ffbf0aab6efd4d6e678e CNNVD-202210-1602 (CVE-2022-31239) 2022-10-21 13:11:13 Dell PowerScale OneFS 安全漏洞 详情
9ca9cbb2a337c33899bcdf19d91d7d78 CNNVD-202210-1603 (CVE-2022-34437) 2022-10-21 13:11:11 Dell PowerScale OneFS 安全漏洞 详情
0a96e1daad10fc7b842abaa350831db2 CNNVD-202210-1605 (CVE-2022-26870) 2022-10-21 13:11:09 Dell EMC PowerStore 安全漏洞 详情
35f41caeb97feaaa8373f4dbbbd7a249 CNNVD-202210-1606 (CVE-2020-5355) 2022-10-21 13:11:06 Dell EMC Isilon OneFS 安全漏洞 详情
d314bbe34de68aa67eddd75a9f4ce40c CNNVD-202210-1609 (CVE-2022-3649) 2022-10-21 13:11:04 Linux kernel 资源管理错误漏洞 详情
351642a659185d5b0604973397c7fa3b CNNVD-202210-1610 (CVE-2022-39259) 2022-10-21 13:11:02 Skylot Jadx 安全漏洞 详情
ebbdab47bb0184312da10141d7d010e7 CNNVD-202210-1611 (CVE-2022-23462) 2022-10-21 13:10:59 Softmotions IOWOW 安全漏洞 详情
8c86f10ec92b3124f4395faa27ee8ae3 CNNVD-202210-1517 (CVE-2022-29477) 2022-10-20 13:11:07 Adobe Iota 信任管理问题漏洞 详情
3c33a32472c03f27b2b606714eb74e0a CNNVD-202210-1518 (CVE-2022-36966) 2022-10-20 13:11:02 SolarWinds Platform 安全漏洞 详情
280b662d6c30e683e90c26748fa86a26 CNNVD-202210-1519 (CVE-2022-36958) 2022-10-20 13:10:53 SolarWinds Platform 代码问题漏洞 详情
1d1787e08b1093c5bd9723a8b9465e0f CNNVD-202210-1520 (CVE-2022-27805) 2022-10-20 13:10:47 Adobe Iota 访问控制错误漏洞 详情
632da31aee8b02c08d2e63767809782a CNNVD-202210-1521 (CVE-2022-36957) 2022-10-20 13:10:44 SolarWinds Platform 安全漏洞 详情
28743e448b695bd2eee529e66954d3c4 CNNVD-202210-1522 (CVE-2022-3623) 2022-10-20 13:10:36 Linux kernel 竞争条件问题漏洞 详情
92679bd487d2a90451cf297905a8f3c3 CNNVD-202210-1523 (CVE-2022-32586) 2022-10-20 13:10:34 Adobe Iota 操作系统命令注入漏洞 详情
bcd4eca45c95707bab85d60a3c30d643 CNNVD-202210-1524 (CVE-2022-3619) 2022-10-20 13:10:32 Linux kernel 安全漏洞 详情
95cdab65f668ebae996fbf3df854d1e9 CNNVD-202210-1525 (CVE-2022-3620) 2022-10-20 13:10:27 Exim 资源管理错误漏洞 详情
9e701d3b09a7f774ceea498474bc4d40 CNNVD-202210-1526 (CVE-2022-3621) 2022-10-20 13:10:25 Linux kernel 安全漏洞 详情

奇安信 [TOP 30] CVES TIME TITLE URL
45ab4afdafe578698bcfccccd65d833e yt QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 详情
74691465618764c64d52a2ff58013ac4 yt QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 详情
6bd01daffa85191c80698354fc8e252f wt QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
7010355bb6ffff38cb1a885acf784ca7 ft QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 详情
5edb21a58a7e21692bd0ddd622d39279 St QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 详情
3e8973410ef7c04408d63fa10c230487 St QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 详情
f749eac58b87d0954f0e4a84b5d67057 CVE-2020-1350 2020-07-15 15:57:00 QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 详情
90b93cb7073fe73b17746ac166a09637 CVE-2020-6819, CVE-2020-6820 2020-04-08 10:34:35 QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 详情
e318a5efa4803b50cdef480b90b1784d 2020-03-25 13:58:51 QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 详情
cffc3035f7899495cfeae521451f91b2 CVE-2020-0796 2020-03-12 10:32:09 QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 详情
3e6175d47d17c6f94bd9ba10d81c3717 CVE-2020-0674 2020-03-02 14:52:46 QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 详情
d99d073afb7d248a8a62fb068921997f CVE-2020-0601 2020-01-15 14:11:41 QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 详情
b7b45b14a3af1225ef6eec72d74964df CVE-2019-1367 2019-09-25 17:23:00 QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 详情
504fc79f0123db109a11b149c334b75c CVE-2019-0708 2019-09-09 10:20:47 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情
5b727692d583d4a6e7cdb0f670eac12a CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 2019-08-14 11:09:05 QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
54b48d765fccbc8dcfa3de0920459f8d CVE-2019-11707 2019-06-19 16:53:47 QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 详情
5b4d5fea09fbc2dca45be53f162d39de CVE-2019-0708 2019-05-31 17:03:19 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情

安全客 [TOP 30] CVES TIME TITLE URL
03afa8b4eaf4a0160784152fca5465b2 CVE-2021-27308 2021-07-11 14:22:05 4images 跨站脚本漏洞 详情
8b0ace4c54a7fc20a99d21e294152a99 CVE-2020-15261 2021-07-11 14:22:05 Veyon Service 安全漏洞 详情
d4f12de949590ab346b61986a29d8b4d CVE-2021-35039 2021-07-09 17:30:13 Linux kernel 安全漏洞 详情
f790e7ef3b5de3774d42ee32b9b10c01 CVE-2021-34626 2021-07-09 17:30:13 WordPress 访问控制错误漏洞 详情
71bf261eb2113d5ff870ab9bafd29f55 CVE-2021-25952 2021-07-09 17:30:13 just-safe-set 安全漏洞 详情
152793cbc104933584f5f227606f433d CVE-2021-0597 2021-07-09 17:30:13 Google Android 信息泄露漏洞 详情
75f153c327984fdfdd2d9c463a91371d CVE-2021-34430 2021-07-09 17:30:13 Eclipse TinyDTLS 安全特征问题漏洞 详情
9610336f1a41241cc8edea22a2780ec5 CVE-2021-3638 2021-07-09 17:30:13 QEMU 安全漏洞 详情
92fe450ae5c5dfa48072aca79d64ba63 CVE-2021-34614 2021-07-09 14:24:32 Aruba ClearPass Policy Manager 安全漏洞 详情
680a4218fc32922746717210664a3d62 CVE-2021-22144 2021-07-09 13:28:16 Elasticsearch 安全漏洞 详情
373930f669f2c1f7b61101a925304779 CVE-2021-24022 2021-07-09 13:28:16 Fortinet FortiManager 安全漏洞 详情
8556f9cd0699f88c1f6cca9a43463bdd CVE-2021-33012 2021-07-09 13:28:16 Allen Bradley Micrologix 1100输入验证错误漏洞 详情
480ae713cc88cc0985e1ebc079974d83 CVE-2021-0592 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8ef4dbefa6604ea2312621401c3ec0b9 CVE-2021-1598 2021-07-09 13:28:16 Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 详情
d6e8714c32df7a0dcc2f3910ec68b42d CVE-2021-20782 2021-07-09 13:28:16 Software License Manager 跨站请求伪造漏洞 详情
4e60b22611b8bb0fd7e532896498af29 CVE-2021-20781 2021-07-09 13:28:16 WordPress 跨站请求伪造漏洞 详情
5ca48ad58fb499c069ae0800c3b39875 CVE-2021-32961 2021-07-09 13:28:16 MDT AutoSave代码问题漏洞 详情
2ed854890b43f08e52340a1e8fe6d39f CVE-2021-0577 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8d63110e1475bbd245715b2ee1824d13 CVE-2021-31816 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
72bef2ae2f5db7dd066e1cdefa618dc5 CVE-2021-31817 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
1f7369b2609dbd2cd40d091f7de540cd CVE-2020-20217 2021-07-09 13:28:16 Mikrotik RouterOs 安全漏洞 详情
1793176eecc5813c3348f026dc9909c9 CVE-2020-28598 2021-07-09 13:28:16 PrusaSlicer 安全漏洞 详情
7f4cf34ceb545548dcfcc3c0e7120268 CVE-2021-32945 2021-07-09 13:28:16 MDT AutoSave加密问题漏洞 详情
58553eb00d6e3e83b633f09464c4e98a CVE-2021-29712 2021-07-09 13:28:16 IBM InfoSphere Information Server 跨站脚本漏洞 详情
d8e27ec42fb0b89998fcc006f49b249b CVE-2021-25432 2021-07-09 13:28:16 Samsung Members 信息泄露漏洞 详情
8f2adc6c247725bf2eb7f53256c93ea7 CVE-2021-25433 2021-07-09 13:28:16 Samsung Tizen安全漏洞 详情
8f949676124339eb6f64f9c607af5470 CVE-2021-25431 2021-07-09 13:28:16 Samsung Mobile Device Cameralyzer 访问控制错误漏洞 详情
069818a8958f9c158fcb0956ee32fc03 CVE-2021-25434 2021-07-09 13:28:16 Samsung Tizen 代码注入漏洞 详情
55b9126220b9722ff5d730d3996877e9 CVE-2021-32949 2021-07-09 13:28:16 MDT AutoSave 路径遍历漏洞 详情
ebab009fffdee3d360dcdff74b0ed061 CVE-2021-25435 2021-07-09 13:28:16 Samsung Tizen代码注入漏洞 详情

斗象 [TOP 30] CVES TIME TITLE URL
096b6298d82574500dc1a14c9dba4065 CVE-2022-22038, CVE-2022-22047, CVE-2022-30216, CVE-2022-22029 2022-07-15 00:38:28 微软2022年7月补丁日漏洞通告 详情
6018f718b2d751478bf1ce069ac65f0d CVE-2022-2185 2022-07-01 09:02:05 GitLab 远程代码执行漏洞(CVE-2022-2185) 详情
844719cf0bb4843aff73d2f33cc6dd0b CVE-2022-30190, CVE-2022-30136 2022-06-15 05:48:12 微软2022年6月补丁日漏洞通告 详情
8b47000e1abfbacdadb7df6f09152d89 CVE-2022-26134 2022-06-03 05:48:38 Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134) 详情
eebe93468b36d2ca24cf4b82136a5635 CVE-2022-30190 2022-05-31 13:57:17 Microsoft Windows MSDT 远程代码执行漏洞(CVE-2022-30190) 详情
95525e3f5907a776dc7cd4f87f2e2154 2022-05-23 07:11:04 Fastjson 反序列化漏洞 详情
945fd6e612634d9721f861833f1ecb75 CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923 2022-05-11 03:45:48 微软2022年5月补丁日漏洞通告 详情
e2938ff82d0cc152508e0240697def4c CVE-2022-1388 2022-05-06 05:53:04 F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388) 详情
bcf7253d2ee580c618737de137d370c4 CVE-2022-29464 2022-04-22 02:21:17 WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464) 详情
07c09799b08afb04c63a9de750b70aca CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904 2022-04-13 07:51:00 微软2022年4月补丁日漏洞通告 详情
f5b543501ed5679d423411edac502e24 CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 2022-04-08 03:49:31 VMware 产品多个高危漏洞通告 详情
f421bcdb306e2bc1ffbf58fcb024a0dd 2022-03-29 17:11:30 Spring 框架远程代码执行漏洞 详情
0473358d95e58c7c3f2e7db0109f56f4 2022-03-29 17:11:30 Spring Framework 远程代码执行漏洞(CVE-2022-22965) 详情
a888c948ca1172f8a06a3879479f1de4 CVE-2022-22965 2022-03-29 17:11:30 Spring Framework 远程代码执行漏洞(CVE-2022-22965) 详情
71ed541bb737196268b75c7ba435e1a9 2022-03-28 04:57:30 Spring Cloud Function SpEL表达式注入漏洞 详情
f7a5dcd376be777c6593a29b8ebd411a CVE-2022-0778 2022-03-18 07:09:22 OpenSSL拒绝服务漏洞(CVE-2022-0778) 详情
6c4124fed44906a79843cd2dd383c695 CVE-2022-0847 2022-03-15 03:32:03 Linux Kernel本地提权漏洞(CVE-2022-0847) 详情
a2795e4829bff16f108cf191eba663c3 CVE-2022-21990, CVE-2022-24508, CVE-2022-23277 2022-03-11 02:14:56 微软2022年3月补丁日漏洞通告 详情
d09f0641bf65c64a16d802cd78e14097 CVE-2022-0847 2022-03-08 08:23:08 Linux 内核本地提权漏洞(CVE-2022-0847) 详情
69052e2a8c09416f5df674f92cba25a6 CVE-2022-22947 2022-03-02 11:42:55 Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947) 详情
5f42b6f584a9ace426787dc8dfd6e6e5 2022-02-16 10:44:18 向日葵远程命令执行漏洞(CNVD-2022-10270) 详情
79556071f6236ab4674f75b3beee4d79 CVE-2022-24112 2022-02-11 06:13:35 Apache APISIX 远程代码执行漏洞 (CVE-2022-24112) 详情
485f2c57713f4a39830e8c2d01e43cfe CVE-2021-4034 2022-01-26 06:19:16 Linux Polkit 权限提升漏洞(CVE-2021-4034) 详情
0aa6eab412c0318b74c6a470ee774df1 CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 2022-01-12 03:44:50 微软2022年1月补丁日漏洞通告 详情
88a8c676b52a739c0335d7c21ca810a9 2022-01-06 08:19:17 MeterSphere 远程代码执行漏洞 详情
9cd742f4839806e40f42c6e7ea492590 2021-12-28 10:31:16 APISIX Dashboard 未授权访问漏洞风险通告(CVE-2021-45232) 详情
76cad61d2d5a8750a6a714ab2c6dbc97 CVE-2021-45232 2021-12-28 10:31:16 Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) 详情
af4f5f63390eb00de8705b5029d8c376 CVE-2021-44228, CVE-2021-45046 2021-12-14 01:56:52 Apache Log4j 远程代码执行漏洞 详情
43456ae172e45c12087c40c03d925e0e CVE-2021-44228 2021-12-11 03:21:34 Apache Log4j 远程代码执行漏洞 详情
392b133d98d6f61aee36ce6c8784f4df 2021-12-09 15:20:54 Apache Log4j 远程代码执行漏洞 详情

红后 [TOP 30] CVES TIME TITLE URL
9d0895b3e16e5991fb20671aba7e38f6 CVE-2023-2839 2023-05-30 20:37:36 GPAC GPAC Vulnerability 详情
70003dda0515e56e2f7523d638b86b76 CVE-2023-32336 2023-05-30 20:37:22 IBM INFOSPHERE_INFORMATION_SERVER Vulnerability 详情
9ba8d47a93fe971a974edb051d26553a CVE-2023-31597 2023-05-30 20:37:01 ZAMMAD ZAMMAD Vulnerability 详情
71c80643f28e639a471913d9c23f7fe2 CVE-2023-33240 2023-05-30 20:36:54 FOXIT Multiple product Vulnerability 详情
38269baec55793d21f82e1a71dc1589d CVE-2023-30438 2023-05-30 20:36:47 IBM POWERVM_HYPERVISOR Vulnerability 详情
917b04aef3636af1ebd9d147ad0c7f56 CVE-2023-1972 2023-05-30 20:36:40 GNU BINUTILS Vulnerability 详情
019f5061ecec0fad0f76dedd375c9ad1 CVE-2022-45079 2023-05-29 20:34:43 LOGINIZER LOGINIZER Vulnerability 详情
47a80ce7095c68c039d9df2fa327fe80 CVE-2023-25472 2023-05-29 20:34:38 PODLOVE PODLOVE_PODCAST_PUBLISHER Vulnerability 详情
5e1d300fec3023c1417b6daf26beff35 CVE-2023-28709 2023-05-29 20:34:31 APACHE TOMCAT Vulnerability 详情
6fd19a3ba4b6070052e6737c0c3abf5a CVE-2023-27067 2023-05-29 20:34:24 SITECORE EXPERIENCE_PLATFORM Vulnerability 详情
437160bd45e04775f3fa29b62de2fe08 CVE-2023-27066 2023-05-29 20:34:17 SITECORE EXPERIENCE_PLATFORM Vulnerability 详情
9e33ea2fde3db79c8ec43ae4ba41ba65 CVE-2023-28467 2023-05-29 20:34:10 MYBB MYBB Vulnerability 详情
0577754c0725ace2d03e06d0e8879928 CVE-2023-1693 2023-05-29 20:34:02 HUAWEI Multiple product Vulnerability 详情
264b2d09cae2734d61322702f4367bc9 CVE-2023-31689 2023-05-29 20:33:55 WCMS WCMS Vulnerability 详情
3a98b5c98779692e1d0d5f48aaea9044 CVE-2023-1694 2023-05-29 20:33:47 HUAWEI Multiple product Vulnerability 详情
c983da8dc08b5920d8450c3a77d8eb43 CVE-2023-2837 2023-05-28 20:41:54 GPAC GPAC Vulnerability 详情
43c791961ce51de9f4f0f5e549200e82 CVE-2023-2840 2023-05-28 20:41:47 GPAC GPAC Vulnerability 详情
6e560e0a60ada43321ab531c5920e053 CVE-2023-33264 2023-05-28 20:41:40 HAZELCAST HAZELCAST Vulnerability 详情
60e194ff2e4b653ef8361ddd8b9970b2 CVE-2023-2838 2023-05-28 20:41:34 GPAC GPAC Vulnerability 详情
7c2d9411fb8bb237cf9782710fabe0ad CVE-2023-33288 2023-05-28 20:41:32 LINUX LINUX_KERNEL Vulnerability 详情
6d6880dd25f2c7b54b5d4b7e5dfc77d8 CVE-2020-36694 2023-05-28 20:41:18 LINUX LINUX_KERNEL Vulnerability 详情
fa88de765b8c482e56caab1d55dc5516 CVE-2023-32680 2023-05-28 20:41:16 METABASE METABASE Vulnerability 详情
182dfb642a9ba4626f92b07f48ecc517 CVE-2023-27233 2023-05-28 20:41:02 PIWIGO PIWIGO Vulnerability 详情
71c2f7ac9e108fb1bad9677492c3b5be CVE-2023-32515 2023-05-28 20:41:01 CUSTOM_FIELD_SUITE_PROJECT CUSTOM_FIELD_SUITE Vulnerability 详情
5bd4b552cc45a0e7268f4f9a3797263a CVE-2023-20106 2023-05-28 20:40:47 CISCO IDENTITY_SERVICES_ENGINE Vulnerability 详情
eb86c0dccbb6beae772c782ad02b2306 CVE-2021-22161 2023-05-27 20:32:53 OpenWrt 安全漏洞 详情
591af80b56dd9e6d16af1524a32cef77 CVE-2023-32979 2023-05-27 20:32:40 JENKINS EMAIL_EXTENSION Vulnerability 详情
df98e511f62ccff6e37c610901ab4095 CVE-2023-32980 2023-05-27 20:32:33 JENKINS EMAIL_EXTENSION Vulnerability 详情
2d04d3ebf5162146e524d637117447ee CVE-2023-32982 2023-05-27 20:32:26 JENKINS ANSIBLE Vulnerability 详情
b2a84f6dcd07257080f14b4473f96edd CVE-2023-32983 2023-05-27 20:32:19 JENKINS ANSIBLE Vulnerability 详情

绿盟 [TOP 30] CVES TIME TITLE URL
92b12e101ca77469a29ee733b5f219ce CVE-2023-21616 2023-06-01 09:22:59 Adobe Experience Manager跨站脚本漏洞 详情
9c2afa7374a8167b467ee29abd901ac9 CVE-2023-22258 2023-06-01 09:22:59 Adobe Experience Manager开放重定向漏洞 详情
0b4ecda476e8025d97b14414515dbd13 CVE-2022-42499 2023-06-01 09:22:59 Google Android Kernel越界写入漏洞 详情
835866aaf0aca452231ef2f108d917f1 CVE-2022-20917 2023-06-01 09:22:59 Google Android权限提升漏洞 详情
c0a223ef4c74f87d0d87391fde7e8742 CVE-2022-20951 2023-06-01 09:22:59 Google Android越界写入漏洞 详情
514ea47eed4b3ded0b51a508ac246456 CVE-2023-20957 2023-06-01 09:22:59 Google Android权限提升漏洞 详情
3af7c9d0e1dad3af958ef7a5108aca07 CVE-2023-20964 2023-06-01 09:22:59 Google Android权限提升漏洞 详情
7f5a82e797e283c203fd719346f6de25 CVE-2023-20972 2023-06-01 09:22:59 Google Android越界读取漏洞 详情
702a32aa1e2514f49231956ecd0148cd CVE-2023-20979 2023-06-01 09:22:59 Google Android越界读取漏洞 详情
54a7abb70b9849d6414883ef70ad173a CVE-2023-20985 2023-06-01 09:22:59 Google Android越界写入漏洞 详情
26615e72869f3ad1296df699341cb2d8 CVE-2023-20991 2023-06-01 09:22:59 Google Android越界读取漏洞 详情
916939639d40a57ec884ffa70b07b986 CVE-2023-20997 2023-06-01 09:22:59 Google Android无限循环漏洞 详情
ec21fd10ff46b453e082a88add5c6cbc CVE-2023-21003 2023-06-01 09:22:59 Google Android权限提升漏洞 详情
9e091cfcdcd1ba2d0142ac4ff71c36b3 CVE-2023-21009 2023-06-01 09:22:59 Google Android越界读取漏洞 详情
45cb5503446175ffe18ef9e45f01e892 CVE-2023-21015 2023-06-01 09:22:59 Google Android权限提升漏洞 详情
5b9f6f98c0b22b88ca212ce165aeb283 CVE-2023-21465 2023-05-31 11:18:40 Samsung BixbyTouch访问控制错误漏洞 详情
6b6b5703eb597675ac59bdec50036e2b CVE-2023-21453 2023-05-31 11:18:40 Samsung Mobile输入验证错误漏洞 详情
a2b260132cbe8d041429a26558e04408 CVE-2022-43604 2023-05-31 11:18:40 EIPStackGroup OpENer越界写入漏洞 详情
53bc7e2ec6394362e901df5292fb9d02 CVE-2023-27787 2023-05-31 11:18:40 TCPprep空指针解引用漏洞 详情
c28d4c6e859080c91e61ae719d4ad559 CVE-2023-27709 2023-05-31 11:18:40 Desdev DedeCMS SQL注入漏洞 详情
16c0d5165cf233935d0529b975e17e64 CVE-2023-26768 2023-05-31 11:18:40 Liblouis缓冲区溢出漏洞 详情
fb17122f0e103ac80afdadecf9788026 CVE-2023-27904 2023-05-31 09:21:46 Jenkins和Jenkins LTS信息泄露漏洞 详情
b24e2a966968564fcaa23a30dd236536 CVE-2023-27898 2023-05-31 09:21:46 Jenkins跨站脚本漏洞 详情
38cf8d211f0d3cb100f80e88cd37cdf0 CVE-2022-46 2023-05-31 09:21:46 WordPress Widgets for WooCommerce Products on Elementor Plugin跨站脚本漏洞(CVE-2022-46 详情
ec8088f732caa7bedd4af28cd8bab5f1 CVE-2021-45423 2023-05-31 09:21:46 Pev缓冲区溢出漏洞 详情
8dd06ce5b0d2fcc98fb879c18791e4ce CVE-2023-0354 2023-05-31 09:21:46 Akuvox E11信息泄露漏洞 详情
136d06b99d074dd4d6b1a131cb0dc7c2 CVE-2023-25616 2023-05-31 09:21:46 SAP Business Objects Business Intelligence Platform代码注入漏洞 详情
901fb06e70178613b21b8daaf55748f2 CVE-2023-26461 2023-05-31 09:21:46 SAP NetWeaver信息泄露漏洞 详情
d724e26189ccbde456d54923afb6c275 CVE-2023-27399 2023-05-31 09:21:46 Siemens Tecnomatix Plant Simulation越界写入漏洞 详情
d80c07647ca31f6cc968b0958ea77095 CVE-2021-46875 2023-05-31 09:21:46 Ez Systems eZ Platform Ibexa Kernel跨站脚本漏洞 详情

美国国家漏洞数据库(NVD) [TOP 30] CVES TIME TITLE URL
cc10207853182c78abe270d67e58a88b CVE-2023-33829 2023-05-24 21:15:11 A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field. 详情
582aec680915afbc2b19a36b258a62b6 CVE-2023-33800 2023-05-24 20:15:11 A stored cross-site scripting (XSS) vulnerability in the Create Regions (/dcim/regions/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 详情
9e6e8b517ab825798eda2f9ab092f971 CVE-2023-33799 2023-05-24 20:15:11 A stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 详情
356eb3ad97b76ae84268ac5cfbddc62b CVE-2023-33798 2023-05-24 20:15:10 A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 详情
bb0e30ffce60b4393ff8545919e4d33a CVE-2023-33797 2023-05-24 20:15:10 A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 详情
2b7c7c03a795ece9b3594342aafe1349 CVE-2023-33796 2023-05-24 20:15:10 A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. 详情
7b95cf4f53be3446185c6a59d8c096fd CVE-2023-33795 2023-05-24 20:15:10 A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 详情
3a204900b91fa462cc519bef08e19057 CVE-2023-33794 2023-05-24 20:15:10 A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 详情
2dc8a9e7fb159bcb9379267845eee720 CVE-2023-33793 2023-05-24 20:15:10 A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 详情
d4dc8b3d7f9c6026cd8217dba7c7a154 CVE-2023-33792 2023-05-24 20:15:10 A stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 详情
be0211ebff356cc9a42be140982c7712 CVE-2023-33791 2023-05-24 20:15:10 A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 详情
9b6cecc398ef38725a2345ba2d77160a CVE-2023-33796 2023-05-24 20:15:10 ** DISPUTED ** A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; queries for database objects would have been denied. 详情
58a16cb4b92b10a312518d430a406925 CVE-2023-33937 2023-05-24 13:15:09 Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's `name` field. 详情
71e74c3d75be97395afcf291bb63825a CVE-2023-31584 2023-05-22 19:15:10 GitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the User Input field. 详情
2e5f495e11384dfb591e7f337109561f CVE-2023-33288 2023-05-22 03:15:09 An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition. 详情
6c34ec440d945478d90a476dea83a822 CVE-2023-33281 2023-05-22 02:15:11 The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. 详情
9e49a40c250ac7a8db1597aa03e3c437 CVE-2023-33264 2023-05-22 01:15:44 In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets. 详情
07d6e234017ccf64b697fcf1933802b4 CVE-2023-33254 2023-05-21 22:15:15 There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials. 详情
eed443712fa5a24b865f45cdb42770d0 CVE-2023-33250 2023-05-21 21:15:08 The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c. 详情
35bd6cafe731c64e0adce7ee6d12c0a9 CVE-2023-32589 2023-05-20 23:15:09 Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <= 1.0.0 versions. 详情
8ca80ab73cca7fe8a3bb5089a823a950 CVE-2023-33244 2023-05-20 19:15:08 Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page. 详情
9863063cec9f7aa39c8cc8af449b3e23 CVE-2023-32700 2023-05-20 18:15:09 LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. 详情
4e7725b6bf7d0efe7ab7776a59a363ec CVE-2023-32677 2023-05-19 21:15:08 Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite a new user also allows them to set the streams that the new user is invited to -- even if the inviting user would not have permissions to add an existing user to streams. While such a configuration is likely rare in practice, the behavior does violate security-related controls. This does not let a user invite new users to streams they cannot see, or would not be able to add users to if they had that general permission. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may limit sending of invitations down to users who also have the permission to add users to streams. 详情
98d27becca0f8ac67f9ed6a3a2c19fb3 CVE-2023-32679 2023-05-19 20:15:09 Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string('') in the View.php's doesTemplateExist() -> resolveTemplate() -> _resolveTemplateInternal() -> _resolveTemplate() function, it returns directly without extension verification, so that arbitrary extension files are rendered as twig templates. When attacker with admin privileges on a DEV or an improperly configured STG or PROD environment, they can exploit this vulnerability to remote code execution. Code execution may grant the attacker access to the host operating system. This issue has been addressed in version 4.4.6. Users are advised to upgrade. There are no known workarounds for this vulnerability. 详情
3933cefd8338fadd4dbd825b16144861 CVE-2023-32675 2023-05-19 20:15:09 Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions. 详情
33f8b7706dd59fa286339ee96e1fd149 CVE-2023-30775 2023-05-19 15:15:08 A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c. 详情
fd32399afcadd5cda132a50cbf4a3ac4 CVE-2023-30774 2023-05-19 15:15:08 A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. 详情
05d8240beeb404e18de3eb61dfdd629b CVE-2023-30199 2023-05-19 14:15:09 Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php. 详情
1c2a7b33c57a03120e745829b6dea4df CVE-2023-33240 2023-05-19 06:15:08 Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2. 详情
7a9d87369e1b0769c0a0018a5f49fb3d CVE-2023-32680 2023-05-18 23:15:09 Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that requirement. This lack of enforcement meant that: Anyone–including people in sandboxed groups–could edit SQL snippets. They could edit snippets via the API or, in the application UI, when editing the metadata for a model based on a SQL question, and people in sandboxed groups could edit a SQL snippet used in a query that creates their sandbox. If the snippet contained logic that restricted which data that person could see, they could potentially edit that snippet and change their level of data access. The permissions model for SQL snippets has been fixed in Metabase versions 0.46.3, 0.45.4, 0.44.7, 1.46.3, 1.45.4, and 1.44.7. Users are advised to upgrade. Users unable to upgrade should ensure that SQL queries used to create sandboxes exclude SQL snippets. 详情