Threat-Broadcast

返回博客 | 威胁情报播报

360 网络安全响应中心 [TOP 30]	CVES	TIME	TITLE	URL
4ad53fb76838f4a82d7e011825d5934b	CVE-2023-29059	2023-03-31 07:37:06	CVE-2023-29059：3CXDesktop App 代码执行漏洞通告	详情
c8989d2e807ceb53d24ad02bd54fbe60	CVE-2023-22809	2023-03-30 08:49:36	CVE-2023-22809：Sudo权限提升漏洞通告	详情
55fd37b2456c87556f03a593901b743a		2023-03-27 08:47:34	安全事件周报 2023-03-20 第12周	详情
c571983fae71cfe11b5bb86c67159080	CVE-2023-28432	2023-03-23 09:46:17	MinIO信息泄露漏洞通告	详情
96f44e31e7ad34d978d34d8fa828b8a5	CVE-2023-20860	2023-03-22 09:19:30	CVE-2023-20860：Spring Framework身份验证绕过漏洞通告	详情
464f9bbd749d9b7e63993ae0384582d1		2023-03-20 07:23:23	安全事件周报 2023-03-13 第11周	详情
f3125d3ed890f0d54c88b1ded2feee81	CVE-2023-23397	2023-03-17 02:06:29	Microsoft Outlook权限提升漏洞通告	详情
2401d255767cdbab18ab0add4cda39f8		2023-03-15 08:13:10	2023-03 补丁日: 微软多个漏洞安全更新通告	详情
ae733c9e19d8a91d1e36ae4ef7dbcdde	CVE-2023-23638	2023-03-14 07:05:15	CVE-2023-23638：Apache Dubbo反序列化漏洞通告	详情
f5c4a287130244d1e00dc124d7d36c78		2023-03-13 07:48:11	安全事件周报 2023-03-06 第10周	详情
0ff6a0a7187480b2f5160f7e877b6e7b	CVE-2023-21768	2023-03-10 08:45:13	CVE-2023-21768：Windows Ancillary Function 本地权限提升漏洞通告	详情
02017e32ba80b6610ea0ebe823a8307c	CVE-2023-25610	2023-03-10 08:41:35	CVE-2023-25610：FortiOS / FortiProxy 远程代码执行漏洞通告	详情
5b0b816d287d6b909f202e0ae78dd4f2	CVE-2023-21768	2023-03-10 08:04:10	CVE-2023-21768：Windows Ancillary Function Driver for WinSock 权限提升漏洞通告	详情
3f300836f1101aac33c8a0d2e3a13b15	CVE-2023-27898	2023-03-09 08:30:01	CVE-2023-27898/27905：Jenkins跨站脚本漏洞通告	详情
e789b5055a4a30fd3f2f81447efc91c0	CVE-2023-21716	2023-03-07 09:38:55	Microsoft Word 远程代码执行漏洞通告	详情
62f500b7a9dc87c0935c4a1ac8f0c990		2023-03-06 09:25:36	Smartbi远程命令执行漏洞通告	详情
45330254ad5d2642f0fa82225aefaefb		2023-03-06 08:02:09	安全事件周报 2023-02-27 第9周	详情
8111f2d99a389337e2d5c308e941c8e5		2023-03-06 07:23:41	安全事件周报 2023-02-27 第9周	详情
98a5b68d96d5541e9781ff32ec966a13	CVE-2023-0050	2023-03-03 07:22:27	CVE-2023-0050：GitLab跨站脚本漏洞通告	详情
0b4545f346ae941fb86499887e937bfa		2023-02-27 06:56:34	安全事件周报 (02.20-02.26)	详情
24580b4fb69a1db8407211e2cb3464c9		2023-02-24 08:21:55	泛微e-cology9 SQL注入漏洞通告	详情
4d1dee02cae7d8cde565f47645ac229b	CVE-2023-20858	2023-02-23 07:15:41	CVE-2023-20858：VMware Carbon Black App Control 远程代码执行漏洞通告	详情
bd7e6380055dd5778eb26c10474562a1	CVE-2023-23752	2023-02-21 08:50:11	CVE-2023-23752：Joomla未授权访问漏洞通告	详情
5209a8ffed474d179b8a882d62ec3a80	CVE-2023-24998	2023-02-21 08:02:29	CVE-2023-24998：Apache Commons FileUpload拒绝服务漏洞通告	详情
e4126033e6653e8f5d84595554a2ba3a	CVE-2023-23752	2023-02-21 07:01:19	CVE-2023-23752：Joomla未授权访问漏洞通告	详情
90fffab9d66d505311596a71af6abbb9		2023-02-20 09:55:02	安全事件周报 (02.13-02.19)	详情
920484737cd9fc0121ce5697641c88f8	CVE-2021-42756	2023-02-20 08:20:26	CVE-2021-42756/CVE-2022-39952：Fortinet 多个漏洞通告	详情
ab482fa4d4be6a2f06a3f918ef245b7f	CVE-2023-25725	2023-02-17 07:03:52	HAProxy请求走私漏洞通告	详情
e38bcb9d859fdc4496254a7425d4d8bc		2023-02-15 07:13:41	2023-02 补丁日: 微软多个漏洞安全更新通告	详情
0df664a9520ae1e14777320ae303a2ed	CVE-2023-23529	2023-02-14 07:40:35	CVE-2023-23529：Apple WebKit任意代码执行漏洞通告	详情

Tenable (Nessus) [TOP 30]	CVES	TIME	TITLE	URL
e18c2e6fdbc4a6f2354ee59d5ee4e0c2	CVE-2023-1790	2023-04-01 09:15:00	A vulnerability, which was classified as problematic, was found in SourceCodester Simple Task Allocation System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224724.	详情
a04f0c0d03e5f912e255e917ac4ad671	CVE-2023-0198	2023-04-01 05:15:00	NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.	详情
c20b093044388e29befe56e7b3e65e45	CVE-2023-0197	2023-04-01 05:15:00	NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service.	详情
10c1aeac49005a25e29b86dd5e5cebeb	CVE-2023-0195	2023-04-01 05:15:00	NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the driver	详情
25db4d1614d395ddbd7abd34db9a2000	CVE-2023-0194	2023-04-01 05:15:00	NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service.	详情
9d242e7c68ac63a178fbddc5405b2260	CVE-2023-0192	2023-04-01 05:15:00	NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure.	详情
e40704393b9e3f4a56ae2bdb907bf9b2	CVE-2023-0191	2023-04-01 05:15:00	NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering.	详情
882db94653bf83eea4f7a9b8003dfb9d	CVE-2023-0189	2023-04-01 05:15:00	NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.	详情
6c0aa5a132d4d40e1048d8958df99da0	CVE-2023-0188	2023-04-01 05:15:00	NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service.	详情
087277e6f09bb93f912243e21f0a8e6f	CVE-2023-0187	2023-04-01 05:15:00	NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service.	详情
d7a478df17d9e78334381495920e3b41	CVE-2023-0208	2023-04-01 04:15:00	NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering.	详情
8b58b754340f593c3bcebe46e0a2585e	CVE-2023-1789	2023-04-01 02:15:00	Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.	详情
f38d68c489ecff8e5584db7e6e332544	CVE-2023-28845	2023-03-31 23:15:00	Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they themselves are not members. It is recommended that the Nextcloud Talk is upgraded to 14.0.9 or 15.0.4. There are no known workarounds for this vulnerability.	详情
95387da0e38ca45c05c337977fa45567	CVE-2023-28844	2023-03-31 23:15:00	Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.	详情
c2763574908bd16447adc0faa0bd702b	CVE-2023-28645	2023-03-31 23:15:00	Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2. Users unable to upgrade may mitigate the issue by taking steps to restrict the ability to download documents. This includes ensuring that the `WOPI configuration` is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud.	详情
fac9e169445903cb79c8559de10e3c4f	CVE-2023-26485	2023-03-31 23:15:00	cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `_` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources. ### Impact A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. ### Proof of concept ``` $ ~/cmark-gfm$ python3 -c 'pad = "_" * 100000; print(pad + "." + pad, end="")' \| time ./build/src/cmark-gfm --to plaintext ``` Increasing the number 10000 in the above commands causes the running time to increase quadratically. ### Patches This vulnerability have been patched in 0.29.0.gfm.10. ### Note on cmark and cmark-gfm XXX: TBD [cmark-gfm](https://github.com/github/cmark-gfm) is a fork of [cmark](https://github.com/commonmark/cmark) that adds the GitHub Flavored Markdown extensions. The two codebases have diverged over time, but share a common core. These bugs affect both `cmark` and `cmark-gfm`. ### Credit We would like to thank @gravypod for reporting this vulnerability. ### References https://en.wikipedia.org/wiki/Time_complexity ### For more information If you have any questions or comments about this advisory: * Open an issue in [github/cmark-gfm](https://github.com/github/cmark-gfm)	详情
9fb03b31e9366e64fbd4ce9a06365e10	CVE-2023-24824	2023-03-31 23:15:00	cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources.	详情
0cda98f8f9df66f8b398780598224964	CVE-2022-47192	2023-03-31 22:15:00	Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password.	详情
8532304c93e5dd8f407d403bee101c68	CVE-2022-47191	2023-03-31 22:15:00	Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.	详情
78bceb72d5da92157d7995ea5d04431a	CVE-2022-47190	2023-03-31 22:15:00	Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.	详情
9d5d4699821213cb62fd2e913847cc71	CVE-2022-47189	2023-03-31 22:15:00	Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device.	详情
06b6b684419003d7b5042ec6f4d6abd7	CVE-2022-47188	2023-03-31 22:15:00	There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.	详情
e7ed87d114b5396b18720522254833d2	CVE-2023-27163	2023-03-31 20:15:00	request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.	详情
f5c87d0ed0030a4b4338cb6d18f62649	CVE-2023-27162	2023-03-31 20:15:00	openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.	详情
7ef0ade01ceee2907fe2c1d4ae02e018	CVE-2023-26858	2023-03-31 20:15:00	SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component.	详情
592e3e63c33896cf802c78f31457f9d8	CVE-2023-1785	2023-03-31 20:15:00	A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-224700.	详情
91ffef8b036fd1b6e898778eb7bc7700	CVE-2023-1784	2023-03-31 20:15:00	A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699.	详情
88d08b21c6ea57532b32cdd1a286a229	CVE-2022-4899	2023-03-31 20:15:00	A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.	详情
848579f26907f7c43b9ee2987a527949	CVE-2023-29141	2023-03-31 19:15:00	An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.	详情
a4c39bdfe14d39a32d4219f861ddd5ab	CVE-2023-29140	2023-03-31 19:15:00	An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.	详情

国家信息安全漏洞共享平台（CNVD） [TOP 30]	CVES	TIME	TITLE	URL
8686fda9b2b49e4e1666b54e2248f935	CNVD-2021-74882	2021-11-14 16:43:52	四创科技有限公司建站系统存在SQL注入漏洞	详情
8f6972d84ad188b05ff9cc14d4334949	CNVD-2021-87021 (CVE-2020-4690)	2021-11-12 12:43:14	IBM Security Guardium硬编码凭证漏洞	详情
3bfe7b053a0c59d8a3d38c18f86aa143	CNVD-2021-87022 (CVE-2021-38870)	2021-11-12 12:43:12	IBM Aspera跨站脚本漏洞	详情
a4649bb17f4db4d1c7f879ebceb46ed0	CNVD-2021-87011 (CVE-2021-29753)	2021-11-12 12:43:11	IBM Business Automation Workflow存在未明漏洞	详情
094c613f9ed4b8b9d887dc912789043c	CNVD-2021-87025 (CVE-2021-20563)	2021-11-12 12:43:10	IBM Sterling File Gateway信息泄露漏洞	详情
41c47f01a4c65dcb6efc9ebf483fe762	CNVD-2021-87010 (CVE-2021-38887)	2021-11-12 12:43:08	IBM InfoSphere Information Server信息泄露漏洞	详情
f51d33e7a09fd61ca90ede453515a830	CNVD-2021-87016 (CVE-2021-29764)	2021-11-12 12:43:07	IBM Sterling B2B Integrator跨站脚本漏洞	详情
33615a5f78df822e82e6d3436045c48c	CNVD-2021-87026 (CVE-2021-38877)	2021-11-12 12:43:06	IBM Jazz for Service Management跨站脚本漏洞	详情
8e729177bcb4105dd831fb1e123ed1bb	CNVD-2021-87014 (CVE-2021-29679)	2021-11-12 12:43:04	IBM Cognos Analytics远程代码执行漏洞	详情
1a3b856f78e9fbdca12aeddc7d665aca	CNVD-2021-87029 (CVE-2021-29752)	2021-11-12 12:43:03	IBM Db2信息泄露漏洞	详情
6f1aa3a0cb819d97519baa47fd0232d5	CNVD-2021-87015 (CVE-2021-29745)	2021-11-12 12:43:02	IBM Cognos Analytics权限提升漏洞	详情
cbcb12f5f51d6e7d6d8a9fa581aa863a	CNVD-2021-73908	2021-11-11 16:42:44	泛微e-cology存在SQL注入漏洞	详情
ae6fd467da55de31aa7219187cf5c2d4	CNVD-2021-86904 (CVE-2021-20351)	2021-11-11 08:31:46	IBM Engineering跨站脚本漏洞	详情
412a15b40959ed9cf9330ee79f99e079	CNVD-2021-86903 (CVE-2021-31173)	2021-11-11 08:31:44	Microsoft SharePoint Server信息泄露漏洞	详情
1cbc5d5faac431d3e82c9e5ea9588b5f	CNVD-2021-86902 (CVE-2021-31172)	2021-11-11 08:31:43	Microsoft SharePoint欺骗漏洞	详情
686c7cfb20933b41c3d679cbba79a2ad	CNVD-2021-86901 (CVE-2021-31181)	2021-11-11 08:31:42	Microsoft SharePoint远程代码执行漏洞	详情
72fdfb2d44c0d41d638e4632bdfc10b8	CNVD-2021-86900 (CVE-2021-3561)	2021-11-11 08:31:41	fig2dev缓冲区溢出漏洞	详情
3ba6f0e9394f9414e2cadb9495e2d5f5	CNVD-2021-85884 (CVE-2021-41210)	2021-11-10 07:24:57	Google TensorFlow堆分配数组越界读取漏洞	详情
4d8c4744ea972fb2fcb9673fea1fc7b7	CNVD-2021-85883 (CVE-2021-41226)	2021-11-10 07:24:56	Google TensorFlow堆越界访问漏洞	详情
8778f9cd924cae585ca5e2e0b8be3b3f	CNVD-2021-85882 (CVE-2021-41224)	2021-11-10 07:24:54	Google TensorFlow堆越界访问漏洞	详情
e1b2722e6d5c509c680b584416d9cb20	CNVD-2021-85881 (CVE-2021-42770)	2021-11-10 07:24:53	OPNsense跨站脚本漏洞	详情
ed09c9fa5586e2d4d9b4e95fe3b447a0	CNVD-2021-85880 (CVE-2021-28024)	2021-11-10 07:24:52	ServiceTonic访问控制不当漏洞	详情
8a642f0922f7f915e81b2b947276a96c	CNVD-2021-85879 (CVE-2021-28023)	2021-11-10 07:24:50	ServiceTonic任意文件上传漏洞	详情
c00b061c2cfdee4016a869a188135db5	CNVD-2021-85878 (CVE-2021-28022)	2021-11-10 07:24:49	ServiceTonic SQL注入漏洞	详情
9c4b20a28ad2bd4ab916448f0e1272bd	CNVD-2021-85877 (CVE-2021-32483)	2021-11-10 07:24:48	Cloudera Manager不正确访问控制漏洞	详情
4d4423857b7b1f38e49738f00e8949ba	CNVD-2021-85876 (CVE-2021-32481)	2021-11-10 07:24:46	Cloudera Hue跨站脚本漏洞	详情
6b12b7fc216d603e8e07351603851c86	CNVD-2021-85875 (CVE-2021-29994)	2021-11-10 07:24:45	Cloudera Hue跨站脚本漏洞	详情
72894fb3a3538de240d2f6810aae63c9	CNVD-2021-85892 (CVE-2021-42701)	2021-11-10 02:38:27	DAQFactory中间人攻击漏洞	详情
94a1f99a64ba24540cc1594d0a0b3152	CNVD-2021-85893 (CVE-2021-42699)	2021-11-10 02:38:26	DAQFactory明文传输漏洞	详情
5d9bac33be8f2f88391f6de02fb89c73	CNVD-2021-85894 (CVE-2021-42698)	2021-11-10 02:38:24	DAQFactory反序列化漏洞	详情

国家信息安全漏洞库（CNNVD） [TOP 30]	CVES	TIME	TITLE	URL
56358b73280e18ed2eaf62bf4b7fba5f	CNNVD-202210-1696 (CVE-2021-44776)	2022-10-24 13:13:44	Lanner IAC-AST2500A 安全漏洞	详情
07eddc3a7e5e3731956c02a50f538970	CNNVD-202210-1697 (CVE-2021-26732)	2022-10-24 13:13:42	Lanner IAC-AST2500A 安全漏洞	详情
4b051d50f18e2bb4a1f272b12f873223	CNNVD-202210-1698 (CVE-2021-26731)	2022-10-24 13:13:40	Lanner IAC-AST2500A 缓冲区错误漏洞	详情
0d79d7ad89e7b6f52a89de2e3762a492	CNNVD-202210-1699 (CVE-2021-42010)	2022-10-24 13:13:38	Apache Heron 注入漏洞	详情
9596051a8fb75da90bf94bd495b53e94	CNNVD-202210-1700 (CVE-2021-26733)	2022-10-24 13:13:36	Lanner IAC-AST2500A 安全漏洞	详情
883bec62dd4552d68130c0f925873e93	CNNVD-202210-1701 (CVE-2022-42432)	2022-10-24 13:13:34	Linux kernel 安全漏洞	详情
755328fe5484ce3f71a4940d10f50b34	CNNVD-202210-1702 (CVE-2021-44769)	2022-10-24 13:13:31	Lanner IAC-AST2500A 输入验证错误漏洞	详情
9c53a984103cd446d6e447c12c9c66c6	CNNVD-202210-1703 (CVE-2021-44467)	2022-10-24 13:13:29	Lanner IAC-AST2500A 安全漏洞	详情
30dfa903ed49845732fc6cef266206e9	CNNVD-202210-1704 (CVE-2022-41974)	2022-10-24 13:13:27	Red Hat device-mapper-multipath 安全漏洞	详情
9c6324677d17c72db81aec2e1797791f	CNNVD-202210-1705 (CVE-2022-41973)	2022-10-24 13:13:25	Red Hat device-mapper-multipath 安全漏洞	详情
4ec5a4ccefd5879e573cd53c2123dd3a	CNNVD-202210-1612 (CVE-2022-39272)	2022-10-22 13:10:57	Flux2 安全漏洞	详情
c3846b92a4965777ef3e53a1f4618717	CNNVD-202210-1600 (CVE-2022-3646)	2022-10-21 13:11:18	Linux kernel 安全漏洞	详情
9a761144255ce6f90bb54e219ea40282	CNNVD-202210-1601 (CVE-2022-34438)	2022-10-21 13:11:15	Dell PowerScale OneFS 安全漏洞	详情
44290d228b51ffbf0aab6efd4d6e678e	CNNVD-202210-1602 (CVE-2022-31239)	2022-10-21 13:11:13	Dell PowerScale OneFS 安全漏洞	详情
9ca9cbb2a337c33899bcdf19d91d7d78	CNNVD-202210-1603 (CVE-2022-34437)	2022-10-21 13:11:11	Dell PowerScale OneFS 安全漏洞	详情
0a96e1daad10fc7b842abaa350831db2	CNNVD-202210-1605 (CVE-2022-26870)	2022-10-21 13:11:09	Dell EMC PowerStore 安全漏洞	详情
35f41caeb97feaaa8373f4dbbbd7a249	CNNVD-202210-1606 (CVE-2020-5355)	2022-10-21 13:11:06	Dell EMC Isilon OneFS 安全漏洞	详情
d314bbe34de68aa67eddd75a9f4ce40c	CNNVD-202210-1609 (CVE-2022-3649)	2022-10-21 13:11:04	Linux kernel 资源管理错误漏洞	详情
351642a659185d5b0604973397c7fa3b	CNNVD-202210-1610 (CVE-2022-39259)	2022-10-21 13:11:02	Skylot Jadx 安全漏洞	详情
ebbdab47bb0184312da10141d7d010e7	CNNVD-202210-1611 (CVE-2022-23462)	2022-10-21 13:10:59	Softmotions IOWOW 安全漏洞	详情
8c86f10ec92b3124f4395faa27ee8ae3	CNNVD-202210-1517 (CVE-2022-29477)	2022-10-20 13:11:07	Adobe Iota 信任管理问题漏洞	详情
3c33a32472c03f27b2b606714eb74e0a	CNNVD-202210-1518 (CVE-2022-36966)	2022-10-20 13:11:02	SolarWinds Platform 安全漏洞	详情
280b662d6c30e683e90c26748fa86a26	CNNVD-202210-1519 (CVE-2022-36958)	2022-10-20 13:10:53	SolarWinds Platform 代码问题漏洞	详情
1d1787e08b1093c5bd9723a8b9465e0f	CNNVD-202210-1520 (CVE-2022-27805)	2022-10-20 13:10:47	Adobe Iota 访问控制错误漏洞	详情
632da31aee8b02c08d2e63767809782a	CNNVD-202210-1521 (CVE-2022-36957)	2022-10-20 13:10:44	SolarWinds Platform 安全漏洞	详情
28743e448b695bd2eee529e66954d3c4	CNNVD-202210-1522 (CVE-2022-3623)	2022-10-20 13:10:36	Linux kernel 竞争条件问题漏洞	详情
92679bd487d2a90451cf297905a8f3c3	CNNVD-202210-1523 (CVE-2022-32586)	2022-10-20 13:10:34	Adobe Iota 操作系统命令注入漏洞	详情
bcd4eca45c95707bab85d60a3c30d643	CNNVD-202210-1524 (CVE-2022-3619)	2022-10-20 13:10:32	Linux kernel 安全漏洞	详情
95cdab65f668ebae996fbf3df854d1e9	CNNVD-202210-1525 (CVE-2022-3620)	2022-10-20 13:10:27	Exim 资源管理错误漏洞	详情
9e701d3b09a7f774ceea498474bc4d40	CNNVD-202210-1526 (CVE-2022-3621)	2022-10-20 13:10:25	Linux kernel 安全漏洞	详情

奇安信 [TOP 30]	CVES	TIME	TITLE	URL
45ab4afdafe578698bcfccccd65d833e		yt	QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞（ADV200006）通告	详情
74691465618764c64d52a2ff58013ac4		yt	QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞（CVE-2019-11707）预警通告	详情
6bd01daffa85191c80698354fc8e252f		wt	QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告	详情
7010355bb6ffff38cb1a885acf784ca7		ft	QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞（CVE-2020-0796）通告	详情
5edb21a58a7e21692bd0ddd622d39279		St	QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞（CVE-2020-1350）通告	详情
f749eac58b87d0954f0e4a84b5d67057	CVE-2020-1350	2020-07-15 15:57:00	QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞（CVE-2020-1350）通告	详情
90b93cb7073fe73b17746ac166a09637	CVE-2020-6819, CVE-2020-6820	2020-04-08 10:34:35	QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞（CVE-2020-6819、CVE-2020-6820）通告	详情
e318a5efa4803b50cdef480b90b1784d		2020-03-25 13:58:51	QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞（ADV200006）通告	详情
cffc3035f7899495cfeae521451f91b2	CVE-2020-0796	2020-03-12 10:32:09	QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞（CVE-2020-0796）通告	详情
3e6175d47d17c6f94bd9ba10d81c3717	CVE-2020-0674	2020-03-02 14:52:46	QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞（CVE-2020-0674）通告	详情
d99d073afb7d248a8a62fb068921997f	CVE-2020-0601	2020-01-15 14:11:41	QianxinTI-SV-2020-0001 微软核心加密库漏洞（CVE-2020-0601）通告	详情
b7b45b14a3af1225ef6eec72d74964df	CVE-2019-1367	2019-09-25 17:23:00	QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告	详情
504fc79f0123db109a11b149c334b75c	CVE-2019-0708	2019-09-09 10:20:47	QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞（CVE-2019-0708）预警通告	详情
5b727692d583d4a6e7cdb0f670eac12a	CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226	2019-08-14 11:09:05	QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告	详情
54b48d765fccbc8dcfa3de0920459f8d	CVE-2019-11707	2019-06-19 16:53:47	QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞（CVE-2019-11707）预警通告	详情
5b4d5fea09fbc2dca45be53f162d39de	CVE-2019-0708	2019-05-31 17:03:19	QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞（CVE-2019-0708）预警通告	详情

安全客 [TOP 30]	CVES	TIME	TITLE	URL
03afa8b4eaf4a0160784152fca5465b2	CVE-2021-27308	2021-07-11 14:22:05	4images 跨站脚本漏洞	详情
8b0ace4c54a7fc20a99d21e294152a99	CVE-2020-15261	2021-07-11 14:22:05	Veyon Service 安全漏洞	详情
d4f12de949590ab346b61986a29d8b4d	CVE-2021-35039	2021-07-09 17:30:13	Linux kernel 安全漏洞	详情
f790e7ef3b5de3774d42ee32b9b10c01	CVE-2021-34626	2021-07-09 17:30:13	WordPress 访问控制错误漏洞	详情
71bf261eb2113d5ff870ab9bafd29f55	CVE-2021-25952	2021-07-09 17:30:13	just-safe-set 安全漏洞	详情
152793cbc104933584f5f227606f433d	CVE-2021-0597	2021-07-09 17:30:13	Google Android 信息泄露漏洞	详情
75f153c327984fdfdd2d9c463a91371d	CVE-2021-34430	2021-07-09 17:30:13	Eclipse TinyDTLS 安全特征问题漏洞	详情
9610336f1a41241cc8edea22a2780ec5	CVE-2021-3638	2021-07-09 17:30:13	QEMU 安全漏洞	详情
92fe450ae5c5dfa48072aca79d64ba63	CVE-2021-34614	2021-07-09 14:24:32	Aruba ClearPass Policy Manager 安全漏洞	详情
680a4218fc32922746717210664a3d62	CVE-2021-22144	2021-07-09 13:28:16	Elasticsearch 安全漏洞	详情
373930f669f2c1f7b61101a925304779	CVE-2021-24022	2021-07-09 13:28:16	Fortinet FortiManager 安全漏洞	详情
8556f9cd0699f88c1f6cca9a43463bdd	CVE-2021-33012	2021-07-09 13:28:16	Allen Bradley Micrologix 1100输入验证错误漏洞	详情
480ae713cc88cc0985e1ebc079974d83	CVE-2021-0592	2021-07-09 13:28:16	Google Android 安全漏洞	详情
8ef4dbefa6604ea2312621401c3ec0b9	CVE-2021-1598	2021-07-09 13:28:16	Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞	详情
d6e8714c32df7a0dcc2f3910ec68b42d	CVE-2021-20782	2021-07-09 13:28:16	Software License Manager 跨站请求伪造漏洞	详情
4e60b22611b8bb0fd7e532896498af29	CVE-2021-20781	2021-07-09 13:28:16	WordPress 跨站请求伪造漏洞	详情
5ca48ad58fb499c069ae0800c3b39875	CVE-2021-32961	2021-07-09 13:28:16	MDT AutoSave代码问题漏洞	详情
2ed854890b43f08e52340a1e8fe6d39f	CVE-2021-0577	2021-07-09 13:28:16	Google Android 安全漏洞	详情
8d63110e1475bbd245715b2ee1824d13	CVE-2021-31816	2021-07-09 13:28:16	Octopus Server 安全漏洞	详情
72bef2ae2f5db7dd066e1cdefa618dc5	CVE-2021-31817	2021-07-09 13:28:16	Octopus Server 安全漏洞	详情
1f7369b2609dbd2cd40d091f7de540cd	CVE-2020-20217	2021-07-09 13:28:16	Mikrotik RouterOs 安全漏洞	详情
1793176eecc5813c3348f026dc9909c9	CVE-2020-28598	2021-07-09 13:28:16	PrusaSlicer 安全漏洞	详情
7f4cf34ceb545548dcfcc3c0e7120268	CVE-2021-32945	2021-07-09 13:28:16	MDT AutoSave加密问题漏洞	详情
58553eb00d6e3e83b633f09464c4e98a	CVE-2021-29712	2021-07-09 13:28:16	IBM InfoSphere Information Server 跨站脚本漏洞	详情
d8e27ec42fb0b89998fcc006f49b249b	CVE-2021-25432	2021-07-09 13:28:16	Samsung Members 信息泄露漏洞	详情
8f2adc6c247725bf2eb7f53256c93ea7	CVE-2021-25433	2021-07-09 13:28:16	Samsung Tizen安全漏洞	详情
8f949676124339eb6f64f9c607af5470	CVE-2021-25431	2021-07-09 13:28:16	Samsung Mobile Device Cameralyzer 访问控制错误漏洞	详情
069818a8958f9c158fcb0956ee32fc03	CVE-2021-25434	2021-07-09 13:28:16	Samsung Tizen 代码注入漏洞	详情
55b9126220b9722ff5d730d3996877e9	CVE-2021-32949	2021-07-09 13:28:16	MDT AutoSave 路径遍历漏洞	详情
ebab009fffdee3d360dcdff74b0ed061	CVE-2021-25435	2021-07-09 13:28:16	Samsung Tizen代码注入漏洞	详情

斗象 [TOP 30]	CVES	TIME	TITLE	URL
096b6298d82574500dc1a14c9dba4065	CVE-2022-22038, CVE-2022-22047, CVE-2022-30216, CVE-2022-22029	2022-07-15 00:38:28	微软2022年7月补丁日漏洞通告	详情
6018f718b2d751478bf1ce069ac65f0d	CVE-2022-2185	2022-07-01 09:02:05	GitLab 远程代码执行漏洞(CVE-2022-2185)	详情
844719cf0bb4843aff73d2f33cc6dd0b	CVE-2022-30190, CVE-2022-30136	2022-06-15 05:48:12	微软2022年6月补丁日漏洞通告	详情
8b47000e1abfbacdadb7df6f09152d89	CVE-2022-26134	2022-06-03 05:48:38	Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134)	详情
eebe93468b36d2ca24cf4b82136a5635	CVE-2022-30190	2022-05-31 13:57:17	Microsoft Windows MSDT 远程代码执行漏洞(CVE-2022-30190)	详情
95525e3f5907a776dc7cd4f87f2e2154		2022-05-23 07:11:04	Fastjson 反序列化漏洞	详情
945fd6e612634d9721f861833f1ecb75	CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923	2022-05-11 03:45:48	微软2022年5月补丁日漏洞通告	详情
e2938ff82d0cc152508e0240697def4c	CVE-2022-1388	2022-05-06 05:53:04	F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388)	详情
bcf7253d2ee580c618737de137d370c4	CVE-2022-29464	2022-04-22 02:21:17	WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464)	详情
07c09799b08afb04c63a9de750b70aca	CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904	2022-04-13 07:51:00	微软2022年4月补丁日漏洞通告	详情
f5b543501ed5679d423411edac502e24	CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961	2022-04-08 03:49:31	VMware 产品多个高危漏洞通告	详情
f421bcdb306e2bc1ffbf58fcb024a0dd		2022-03-29 17:11:30	Spring 框架远程代码执行漏洞	详情
0473358d95e58c7c3f2e7db0109f56f4		2022-03-29 17:11:30	Spring Framework 远程代码执行漏洞(CVE-2022-22965)	详情
a888c948ca1172f8a06a3879479f1de4	CVE-2022-22965	2022-03-29 17:11:30	Spring Framework 远程代码执行漏洞(CVE-2022-22965)	详情
71ed541bb737196268b75c7ba435e1a9		2022-03-28 04:57:30	Spring Cloud Function SpEL表达式注入漏洞	详情
f7a5dcd376be777c6593a29b8ebd411a	CVE-2022-0778	2022-03-18 07:09:22	OpenSSL拒绝服务漏洞(CVE-2022-0778)	详情
6c4124fed44906a79843cd2dd383c695	CVE-2022-0847	2022-03-15 03:32:03	Linux Kernel本地提权漏洞（CVE-2022-0847）	详情
a2795e4829bff16f108cf191eba663c3	CVE-2022-21990, CVE-2022-24508, CVE-2022-23277	2022-03-11 02:14:56	微软2022年3月补丁日漏洞通告	详情
d09f0641bf65c64a16d802cd78e14097	CVE-2022-0847	2022-03-08 08:23:08	Linux 内核本地提权漏洞(CVE-2022-0847)	详情
69052e2a8c09416f5df674f92cba25a6	CVE-2022-22947	2022-03-02 11:42:55	Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947)	详情
5f42b6f584a9ace426787dc8dfd6e6e5		2022-02-16 10:44:18	向日葵远程命令执行漏洞(CNVD-2022-10270)	详情
79556071f6236ab4674f75b3beee4d79	CVE-2022-24112	2022-02-11 06:13:35	Apache APISIX 远程代码执行漏洞 (CVE-2022-24112)	详情
485f2c57713f4a39830e8c2d01e43cfe	CVE-2021-4034	2022-01-26 06:19:16	Linux Polkit 权限提升漏洞(CVE-2021-4034)	详情
0aa6eab412c0318b74c6a470ee774df1	CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919	2022-01-12 03:44:50	微软2022年1月补丁日漏洞通告	详情
88a8c676b52a739c0335d7c21ca810a9		2022-01-06 08:19:17	MeterSphere 远程代码执行漏洞	详情
9cd742f4839806e40f42c6e7ea492590		2021-12-28 10:31:16	APISIX Dashboard 未授权访问漏洞风险通告(CVE-2021-45232)	详情
76cad61d2d5a8750a6a714ab2c6dbc97	CVE-2021-45232	2021-12-28 10:31:16	Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232)	详情
af4f5f63390eb00de8705b5029d8c376	CVE-2021-44228, CVE-2021-45046	2021-12-14 01:56:52	Apache Log4j 远程代码执行漏洞	详情
43456ae172e45c12087c40c03d925e0e	CVE-2021-44228	2021-12-11 03:21:34	Apache Log4j 远程代码执行漏洞	详情
392b133d98d6f61aee36ce6c8784f4df		2021-12-09 15:20:54	Apache Log4j 远程代码执行漏洞	详情

红后 [TOP 30]	CVES	TIME	TITLE	URL
8f90b1c5ee2683604ab2a28d9c92b434	CVE-2021-43312	2023-03-31 20:22:43	UPX_PROJECT UPX Vulnerability	详情
103609a0f0521ba3fe331cccc7419488	CVE-2022-38745	2023-03-31 20:22:37	APACHE OPENOFFICE Vulnerability	详情
a2fb3f477a9e295c8464e30ced7652aa	CVE-2021-43311	2023-03-31 20:22:32	UPX_PROJECT UPX Vulnerability	详情
5039a501f20cd682b341cdf03b3e755a	CVE-2021-43315	2023-03-31 20:22:25	UPX_PROJECT UPX Vulnerability	详情
98f37e33c797a3a872d358f912dc5bd4	CVE-2021-43313	2023-03-31 20:22:19	UPX_PROJECT UPX Vulnerability	详情
6cdeba08a614bbcdfec3a314506af559	CVE-2021-43314	2023-03-31 20:22:12	UPX_PROJECT UPX Vulnerability	详情
78de597007daf9a66d599918a7911c6d	CVE-2021-43317	2023-03-31 20:22:05	UPX_PROJECT UPX Vulnerability	详情
e8d8f052b5b39eb2d24008f6e4b4699c	CVE-2021-43316	2023-03-31 20:21:59	UPX_PROJECT UPX Vulnerability	详情
4e6c229fed4b1f7ac116f4f5c44b4827	CVE-2022-20467	2023-03-31 20:21:52	GOOGLE ANDROID Vulnerability	详情
567f63268db066de881cdb7a29f1c957	CVE-2022-42498	2023-03-31 20:21:46	GOOGLE ANDROID Vulnerability	详情
53b690a28d2ea5e77b307af5c3938c95	CVE-2023-22257	2023-03-30 20:19:12	ADOBE Multiple product Vulnerability	详情
b19d7328e6d72b567acb2e4e8fc05e7d	CVE-2023-22260	2023-03-30 20:18:59	ADOBE Multiple product Vulnerability	详情
bbe4700a9d0a09788c3442e35fa28218	CVE-2023-22263	2023-03-30 20:18:39	ADOBE Multiple product Vulnerability	详情
b750b6e45ac7eabaab8e6bf300e889c7	CVE-2023-1578	2023-03-27 20:15:48	PIMCORE PIMCORE Vulnerability	详情
14b405203a13b260ceb4c02fd813ebe2	CVE-2022-4095	2023-03-27 20:15:26	LINUX LINUX_KERNEL Vulnerability	详情
f4ec00f87612b2f5a10f3754bb4920d5	CVE-2023-1281	2023-03-27 20:15:14	LINUX LINUX_KERNEL Vulnerability	详情
e25299fe365efd88f565a37cb606e1fb	CVE-2023-22253	2023-03-27 20:14:47	ADOBE Multiple product Vulnerability	详情
f44197baed3cf9e9e86a11a554ddcaae	CVE-2023-22252	2023-03-26 20:14:56	ADOBE Multiple product Vulnerability	详情
3aea705a7dda1b3476c1f290afd1e7cd	CVE-2023-21616	2023-03-26 20:14:50	ADOBE Multiple product Vulnerability	详情
02c0d5fa18dbf41c94c1573123aa6ca0	CVE-2023-22256	2023-03-26 20:14:43	ADOBE Multiple product Vulnerability	详情
bca3008ce57a7d623ab6066418107524	CVE-2023-22254	2023-03-26 20:14:37	ADOBE Multiple product Vulnerability	详情
43d27ef5f528e333a8a5c9ac7d7dfe0a	CVE-2023-22259	2023-03-26 20:14:30	ADOBE Multiple product Vulnerability	详情
36ed4a170d1dfb5b6e3f2b3d9885ac87	CVE-2023-22258	2023-03-26 20:14:24	ADOBE Multiple product Vulnerability	详情
e7bef22d5ba20873684169da2a070084	CVE-2023-22262	2023-03-26 20:14:17	ADOBE Multiple product Vulnerability	详情
25c1e98d5b9f56a67e137e79e5506723	CVE-2023-22261	2023-03-26 20:14:11	ADOBE Multiple product Vulnerability	详情
0402f712b5e0b21dddd780c48e20264a	CVE-2023-22265	2023-03-26 20:14:04	ADOBE Multiple product Vulnerability	详情
9a08eefa9c6c8d02d2b8fc81162e68d3	CVE-2023-21615	2023-03-26 20:13:58	ADOBE Multiple product Vulnerability	详情
fc84d8494981a72a0c15a499d519a8bb	CVE-2023-1429	2023-03-25 20:18:51	PIMCORE PIMCORE Vulnerability	详情
5d1b1ab3c409333c63237ab6ff74bcd1	CVE-2023-27130	2023-03-25 20:18:39	TYPECHO TYPECHO Vulnerability	详情
02800cd9328c8e97995315edff908ba0	CVE-2023-28100	2023-03-25 20:18:12	FLATPAK FLATPAK Vulnerability	详情

绿盟 [TOP 30]	CVES	TIME	TITLE	URL
0a693651f16cc76acae7181beb9b639d	CVE-2022-45867	2023-03-31 09:23:10	MyBB路径遍历漏洞	详情
f2b7c4881bd01fda315a7230f5b4e75a	CVE-2022-42471	2023-03-31 09:23:10	Fortinet FortiWeb HTTP响应标头注入漏洞	详情
4aa39080d5b1af1396dde14fcfc20c5f	CVE-2022-45143	2023-03-31 09:23:10	Apache Tomcat注入漏洞	详情
dd6b9e1dd7ca747216d8804d6979431f	CVE-2023-0640	2023-03-31 09:23:10	TRENDnet TEW-652BRP命令注入漏洞	详情
0593493522338132997b14a16aa155f0	CVE-2023-0639	2023-03-31 09:23:10	TRENDnet TEW-652BRP跨站脚本漏洞	详情
3a061574b21ff2402c00687e068afbb6	CVE-2023-22456	2023-03-31 09:23:10	ViewVC跨站脚本漏洞	详情
5c715b1a215056d07f1b284eaecaf5a7	CVE-2023-23119	2023-03-31 09:23:10	Ubiquiti airFiber AF2X Radio固件修改漏洞	详情
e5089f26e3223ef66bca5dea9d21a98e	CVE-2023-0637	2023-03-31 09:23:10	TRENDnet TEW-811DRU内存破坏漏洞	详情
b8fb3ada4ae26a352a0e8fe2f1dcdda5	CVE-2022-48079	2023-03-31 09:23:10	Monnai aaPanel访问控制错误漏洞	详情
afae849b7246873ca223924da04e8aed	CVE-2022-41336	2023-03-31 09:23:10	Fortinet FortiPortal跨站脚本漏洞	详情
772fe6ad94b81ae915b438d0eb3823f1	CVE-2022-46604	2023-03-31 09:23:10	Tecrail Responsive FileManager任意代码执行漏洞	详情
485536fccffbcb10161e682ec9e49174	CVE-2022-22486	2023-03-31 09:23:10	IBM Tivoli Workload Scheduler XML外部实体注入漏洞	详情
e3c382d10057904fbeab45da0d80689e	CVE-2023-24574	2023-03-31 09:23:10	Dell Enterprise SONiC OS不受控制的资源消耗漏洞	详情
0066be12dbcb6f57eac69fd481cb86b1	CVE-2023-0253	2023-03-31 09:23:10	WordPress Plugin Real Media Library跨站脚本漏洞	详情
40ecd547bb228c7dd0437e7d36e4326f	CVE-2022-3560	2023-03-31 09:23:10	pesign路径遍历漏洞	详情
566dc9ace3e396821a7704df772229b7	CVE-2022-43665	2023-03-31 07:21:31	ESTsoft Alyac拒绝服务漏洞	详情
6e495e01997937778f84a1af62924570	CVE-2023-0749	2023-03-30 07:21:31	WordPress Ocean Extra Plugin跨站脚本漏洞	详情
a9989e237afbff3ab9003c3f16f8b06e	CVE-2023-27063	2023-03-30 07:21:31	Tenda W15E缓冲区溢出漏洞	详情
861ff2120eddc743c338d2602ad6e3a6	CVE-2023-0066	2023-03-30 07:21:31	WordPress Companion Sitemap Generator Plugin跨站脚本漏洞	详情
0afbf567c66986a590911fc4a7ed12ab	CVE-2022-45782	2023-03-30 07:21:31	dotCMS core忘记口令恢复机制弱漏洞	详情
2855838858c70d06985c28a86993974c	CVE-2022-3614	2023-03-30 07:21:31	Octopus Deploy开放重定向漏洞	详情
8236a90ef4d55daa0cfae8ac26c4ab5a	CVE-2023-0038	2023-03-30 07:21:31	WordPress Survey Maker Plugin跨站脚本漏洞	详情
177e7c2f25e0f18cb3eb0d8d0b14efa5	CVE-2022-4109	2023-03-30 07:21:31	WordPress Wholesale Market for WooCommerce Plugin路径遍历漏洞	详情
089731755e480ce5862081eb79435137	CVE-2022-40740	2023-03-30 07:21:31	Realtek GPON Router操作系统命令注入漏洞	详情
b357bf402a59310db292785f9c99dc7f	CVE-2022-31364	2023-03-30 07:21:31	Cypress Bluetooth Mesh SDK越界写入漏洞	详情
e864211884137c69d8d1e8fc4a79425f	CVE-2022-31363	2023-03-30 07:21:31	Cypress Bluetooth Mesh SDK越界写入漏洞	详情
c71b68d9fde6e3ba1e5d985fc3bcc07f	CVE-2022-45783	2023-03-30 07:21:31	dotCMS core目录遍历漏洞	详情
46766aa391026c5f920bd33c8089e59e	CVE-2023-22326	2023-03-30 07:21:31	F5 BIG-IP权限分配错误漏洞	详情
e9687ad1c3c83c0a11c7b7e3195753d8	CVE-2022-39042	2023-03-30 07:21:31	aEnrich a+HRD身份验证错误漏洞	详情
ac65e1f8821f3740d936aeaeb2b2ef10	CVE-2022-4359	2023-03-30 07:21:31	WordPress WP RSS By Publishers Plugin SQL注入漏洞	详情

美国国家漏洞数据库（NVD） [TOP 30]	CVES	TIME	TITLE	URL
a6602af107af95d4b796792b1eea4032	CVE-2023-1575	2023-03-29 15:15:07	The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.	详情
f7cbe4193206552e4431f9b24b110dd6	CVE-2023-1400	2023-03-27 16:15:09	The Modern Events Calendar Lite WordPress plugin through 5.16.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).	详情
4618cdb61ef66ed727b302839a228974	CVE-2023-24840	2023-03-27 04:15:10	HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database.	详情
cc8a847fe297795e96959e34241a2a39	CVE-2023-24839	2023-03-27 04:15:09	HGiga MailSherlockâ€™s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack.	详情
97b5fa763694c5b044668b335ab18dbc	CVE-2023-1457	2023-03-25 21:15:06	DISPUTED A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-223302 is the identifier assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.	详情
797d01c10a4294ebb5d0cb1dcf99c993	CVE-2023-1456	2023-03-25 21:15:06	A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-223301 was assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.	详情
32524831039aa7631f3525010e676d4c	CVE-2023-1631	2023-03-25 12:15:07	A vulnerability, which was classified as problematic, was found in JiangMin Antivirus 16.2.2022.418. This affects the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224013 was assigned to this vulnerability.	详情
04c1354493034f456a559cfb70382e7f	CVE-2023-1630	2023-03-25 12:15:07	A vulnerability, which was classified as problematic, has been found in JiangMin Antivirus 16.2.2022.418. Affected by this issue is the function 0x222000 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224012.	详情
8f64c4034b5aadb416dfdff5daacb3c0	CVE-2023-1628	2023-03-25 12:15:07	A vulnerability classified as problematic has been found in Jianming Antivirus 16.2.2022.418. Affected is an unknown function in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224010 is the identifier assigned to this vulnerability.	详情
63253249831bc740e83cb8154818cf8a	CVE-2023-1629	2023-03-25 11:16:01	A vulnerability classified as critical was found in JiangMin Antivirus 16.2.2022.418. Affected by this vulnerability is the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224011.	详情
e39a29b1a6a0de6d20bf2acff0ae6db0	CVE-2023-26864	2023-03-24 22:15:07	SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent.	详情
89c344c7df24a2e7bfe1f5e368eab6b5	CVE-2023-1583	2023-03-24 22:15:07	A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash.	详情
a3254a6831ba6cc4cc64dcb69ba046ef	CVE-2023-22812	2023-03-24 20:15:15	SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data.	详情
a980bddad36dae5cbb37a3e3b6b192e4	CVE-2023-21067	2023-03-24 20:15:14	Product: AndroidVersions: Android kernelAndroid ID: A-254114726References: N/A	详情
3a67ca286841be7398b761a9f10dd6b0	CVE-2023-21065	2023-03-24 20:15:14	In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630493References: N/A	详情
8da17a7fd1599c7f2d3f499472d0b52f	CVE-2023-21064	2023-03-24 20:15:14	In DoSetPinControl of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130078References: N/A	详情
c05409c170bba425dcefc96b9564adad	CVE-2023-21063	2023-03-24 20:15:14	In ParseWithAuthType of simdata.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243129862References: N/A	详情
d66bcbc7fd07ebfb629781372c274b53	CVE-2023-21061	2023-03-24 20:15:14	Product: AndroidVersions: Android kernelAndroid ID: A-229255400References: N/A	详情
c1098b359373f3ca12c4f8e1ef7aa641	CVE-2023-21060	2023-03-24 20:15:14	In sms_GetTpPiIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253770924References: N/A	详情
ac384e63f6075d314093ca300148c989	CVE-2023-21059	2023-03-24 20:15:14	In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-247564044References: N/A	详情
8afb98a6b07f20bb82fd48c3699bbd1f	CVE-2023-21058	2023-03-24 20:15:14	In lcsm_SendRrAcquiAssist of lcsm_bcm_assist.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246169606References: N/A	详情
8c557b88bde63750f533d4f864ab0087	CVE-2023-21057	2023-03-24 20:15:14	In ProfSixDecomTcpSACKoption of RohcPacketCommon, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244450646References: N/A	详情
52c17fe9dee1093d17be39c93ffc7d62	CVE-2023-21056	2023-03-24 20:15:14	In lwis_slc_buffer_free of lwis_device_slc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245300559References: N/A	详情
2e319322dc32a5469ecf717080348625	CVE-2023-21042	2023-03-24 20:15:14	In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239873326References: N/A	详情
31757d2c27be219ea79c0e715a2c8917	CVE-2023-21041	2023-03-24 20:15:13	In append_to_params of param_util.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-250123688References: N/A	详情
395311989a04ac1019b193bed948ad7e	CVE-2023-21040	2023-03-24 20:15:13	In buildCommand of bluetooth_ccc.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238420277References: N/A	详情
f5574ca5a78a28970b3609b6235ced59	CVE-2023-21039	2023-03-24 20:15:13	In dumpstateBoard of Dumpstate.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783650References: N/A	详情
5b22c9b252e0fd34662448afaaa921aa	CVE-2023-21038	2023-03-24 20:15:13	In cs40l2x_cp_trigger_queue_show of cs40l2x.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-224000736References: N/A	详情
a8234a2f123a571507be9362c5644497	CVE-2023-21036	2023-03-24 20:15:13	In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A	详情
29c87076ac883ab255a13e86dabe82c1	CVE-2023-21035	2023-03-24 20:15:13	In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-184847040	详情