360 网络安全响应中心 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
4d42b2e96c478df11ac597898d1526f0 | 2024-04-17 11:18:19 | 2024-04 补丁日: Oracle多个产品漏洞安全风险通告 | 详情 | |
448cfa0216a0757ec96f5862f86eafd4 | 2024-04-01 10:42:50 | 安全事件周报 2024-03-25 第13周 | 详情 | |
1205680821e2717a58c599f99a9fb422 | 2024-03-26 07:23:13 | 安全事件周报 2024-03-18 第12周 | 详情 | |
2e93df858fc2c5b287883dc9313a87fc | 2024-03-18 07:07:47 | 安全事件周报 2024-03-11 第11周 | 详情 | |
c1cad147c12a38c089cd941022bc395e | 2024-03-13 04:34:11 | 2024-03 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
7119e349c423ea015d6f2a824c67ed63 | 2024-03-11 06:17:28 | 安全事件周报 2024-03-04 第10周 | 详情 | |
b2c0e23dcf540c0b5d2bb144ceade98d | CVE-2024-27198 | 2024-03-06 08:44:35 | CVE-2024-27198:JetBrains TeamCity 身份验证绕过漏洞通告 | 详情 |
5e103cbd4bae3244e692ba33c1d7fcf8 | 2024-03-04 07:07:59 | 安全事件周报 2024-02-26 第9周 | 详情 | |
cab02a763bf285b3dc009731f40f8c29 | CVE-2024-25065 | 2024-03-01 09:06:25 | CVE-2024-25065:Apache OFBiz目录遍历漏洞通告 | 详情 |
194761e30d263596338cc998ac88cbaa | 2024-02-28 08:51:55 | SupermanMiner挖矿木马新变种持续活跃 | 详情 | |
213a4c5c76a220c24da1c38c605fcc10 | CVE-2024-25600 | 2024-02-27 09:55:55 | CVE-2024-25600:WordPress Bricks Builder远程命令执行漏洞通告 | 详情 |
bc2c3923f651854c68f2dd6f99d69f0a | 2024-02-26 03:00:09 | 安全事件周报 2024-02-19 第8周 | 详情 | |
55c72f6f2af616fbddbb643df06c3b3a | CVE-2024-21413 | 2024-02-23 06:57:46 | CVE-2024-21413:Microsoft Outlook 远程代码执行漏洞通告 | 详情 |
f000a20bfa53fd8b0f5231b52ff34577 | 2024-02-19 10:10:13 | 2024-02 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
48ff3925c0cc22862b0d6e1f52140bdc | 2024-02-06 07:10:07 | 安全事件周报 2024-01-29 第5周 | 详情 | |
d8c34853fbcc6b39ae0a3783c6fa6d44 | CVE-2024-21626 | 2024-02-01 08:38:56 | CVE-2024-21626:runc容器逃逸漏洞通告 | 详情 |
6ff357e8344fde5ea96c964cc0161137 | 2024-01-29 10:02:54 | 安全事件周报 2024-01-22 第4周 | 详情 | |
8fc558ad63c1387fb3ed919bf754820e | CVE-2024-0204 | 2024-01-25 08:26:39 | CVE-2024-0204:GoAnywhere MFT 身份认证绕过漏洞通告 | 详情 |
f4359caac3c70e9141439aa773e1e8a5 | 2024-01-22 11:39:38 | 安全事件周报 2024-01-15 第3周 | 详情 | |
4939f25b3f3d3242726cd400c645be04 | CVE-2024-0519 | 2024-01-17 09:08:07 | CVE-2024-0519:Google Chrome V8越界访问漏洞通告 | 详情 |
300687d61adecf75afb4de6d78398518 | CVE-2024-0519 | 2024-01-17 08:09:14 | CVE-2024-0519:Google Chrome V8类型混淆漏洞通告 | 详情 |
28f74976e64bebdcd2b71df42f44817e | CVE-2023-22527 | 2024-01-16 09:50:35 | CVE-2023-22527:Atlassian Confluence 远程代码执行漏洞通告 | 详情 |
ec39eae21390157f92422897b04aad66 | 2024-01-15 08:28:24 | 安全事件周报 2024-01-08 第2周 | 详情 | |
de12aee5eaff6382190430b22e2c643f | 2024-01-11 10:55:37 | 2024-01 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
c2b35c67c2732343be5c23579ebcdd04 | 2024-01-08 07:37:47 | 安全事件周报 2024-01-01 第1周 | 详情 | |
666a3a36b86650d472f7203220b3a4f5 | 2024-01-02 09:34:01 | 安全事件周报 2023-12-25 第52周 | 详情 | |
f91862c02f62f7f8e9d01e209e59487b | CVE-2023-51467 | 2023-12-27 08:57:10 | CVE-2023-51467:Apache OFBiz 未授权远程代码执行漏洞通告 | 详情 |
0c520d1f3614bc8cba4450fee6f03f5d | 2023-12-25 08:21:40 | 安全事件周报 2023-12-18 第51周 | 详情 | |
ffb5d5f9ba0fa1576f9bd8325a8d3e66 | 2023-12-18 08:50:39 | 安全事件周报 2023-12-11 第50周 | 详情 | |
382c73d6388430b9cea6072c6c61858e | 2023-12-13 08:50:10 | 2023-12 补丁日: 微软多个漏洞安全更新通告 | 详情 |
Tenable (Nessus) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
9e95c83848c0c8eaab3691d3162c11e5 | CVE-2024-33664 | 2024-04-26 00:15:09 | python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319. | 详情 |
833d642405bd8fc62c742ed1f028d092 | CVE-2024-33663 | 2024-04-26 00:15:09 | python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. | 详情 |
ad026c74765186ac5d13d15335c1ab86 | CVE-2024-33661 | 2024-04-26 00:15:08 | Portainer before 2.20.0 allows redirects when the target is not index.yaml. | 详情 |
3cce5f0e35b493fc016e1a625895198a | CVE-2024-32868 | 2024-04-26 00:15:08 | ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a `Lockout Policy` with a maximum amount of failed password check attempts, there was no such mechanism for (T)OTP checks. This issue has been patched in version 2.50.0. | 详情 |
e0fa8f91ec33c169e5dbb7a09106ce9e | CVE-2024-32651 | 2024-04-26 00:15:08 | changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced). | 详情 |
b85204ab61164bbbea71be1be077589c | CVE-2024-0916 | 2024-04-25 23:15:46 | Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3. | 详情 |
039b66811d5fa56e26df7ee0a647f104 | CVE-2024-3265 | 2024-04-25 22:15:09 | The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations. | 详情 |
e1b455f9593bd816c307679a43d85fcd | CVE-2024-31610 | 2024-04-25 22:15:08 | File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file. | 详情 |
6f88cdb25822c2c2fff7af07253fd82a | CVE-2024-31609 | 2024-04-25 22:15:08 | Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration. | 详情 |
6d309a8480978e80d45aa41aea1e6da9 | CVE-2022-36029 | 2024-04-25 21:15:46 | Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue. | 详情 |
e9481aacbbb9dfafb69df26298c73a28 | CVE-2024-20313 | 2024-04-24 21:15:46 | A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | 详情 |
a5ed40f8065258a4d99c4e2e7be059f3 | CVE-2023-20249 | 2024-04-24 21:15:46 | A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 详情 |
b8a713de6ca0698ed9a494397e785971 | CVE-2023-20248 | 2024-04-24 21:15:46 | A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 详情 |
02e8b8c195e240d84e9700369e27e27b | CVE-2024-4127 | 2024-04-24 20:15:08 | A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is the function guestWifiRuleRefresh. The manipulation of the argument qosGuestDownstream leads to stack-based buffer overflow. It is possible to launch the attack remotely. VDB-261870 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 详情 |
9b6e1e8547160833b0e1f1a6264099b7 | CVE-2024-4126 | 2024-04-24 20:15:08 | A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument manualTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261869 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 详情 |
18fe54b9e7126e62fd241cc628ea50ae | CVE-2024-32879 | 2024-04-24 20:15:07 | Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field. | 详情 |
1aa6f2d5e84aa1a130f3ecd06984ef6f | CVE-2024-20358 | 2024-04-24 20:15:07 | A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability exists because the contents of a backup file are improperly sanitized at restore time. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as root. | 详情 |
e298b5890aab77b846a4ee4343b71a30 | CVE-2024-20356 | 2024-04-24 20:15:07 | A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root. | 详情 |
ef2542d61fa43716271a236b1da93dc7 | CVE-2024-20295 | 2024-04-24 20:15:07 | A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | 详情 |
cb2e14c07e543abe95671cb4d31df54d | CVE-2024-4141 | 2024-04-24 19:15:47 | Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. | 详情 |
c4f42f50cb20a189a9d3a6d63affc7f7 | CVE-2024-4093 | 2024-04-24 01:15:49 | A vulnerability, which was classified as critical, was found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file view_application.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261822 is the identifier assigned to this vulnerability. | 详情 |
f049ed359656e4e3680f60c27e0342fb | CVE-2024-4075 | 2024-04-23 23:15:49 | A vulnerability classified as problematic has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file login.php. The manipulation of the argument txtAddress leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261801 was assigned to this vulnerability. | 详情 |
f2a74e88fe079dfd3da34375264be37e | CVE-2024-4074 | 2024-04-23 23:15:49 | A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file prodInfo.php. The manipulation of the argument prodId leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261800. | 详情 |
679081a1f4a307a7db3fb96bf23967c7 | CVE-2024-4073 | 2024-04-23 23:15:49 | A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file prodList.php. The manipulation of the argument prodType leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261799. | 详情 |
5e269ee38b0fe8b082603254602fe56d | CVE-2024-4072 | 2024-04-23 23:15:49 | A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been classified as problematic. Affected is an unknown function of the file search.php. The manipulation of the argument txtSearch leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261798 is the identifier assigned to this vulnerability. | 详情 |
46f5b5da2a7a3953efe6aa21c1586969 | CVE-2024-4071 | 2024-04-23 22:15:07 | A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This issue affects some unknown processing of the file prodInfo.php. The manipulation of the argument prodId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261797 was assigned to this vulnerability. | 详情 |
dd085a1fb8a511c140a3a06e95554a4a | CVE-2024-4070 | 2024-04-23 22:15:07 | A vulnerability has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file prodList.php. The manipulation of the argument prodType leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261796. | 详情 |
272bff879aaa3496118eec16a1589f82 | CVE-2024-4069 | 2024-04-23 22:15:07 | A vulnerability, which was classified as critical, was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file search.php. The manipulation of the argument txtSearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261795. | 详情 |
b4276f8e76a4b5f796add6232ecad276 | CVE-2024-31616 | 2024-04-23 22:15:07 | An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the common_quick_config.lua file. | 详情 |
0412f7e086f1a77f801f7543c17d0e67 | CVE-2024-30886 | 2024-04-23 22:15:07 | A stored cross-site scripting (XSS) vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter. | 详情 |
国家信息安全漏洞共享平台(CNVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
8686fda9b2b49e4e1666b54e2248f935 | CNVD-2021-74882 | 2021-11-14 16:43:52 | 四创科技有限公司建站系统存在SQL注入漏洞 | 详情 |
8f6972d84ad188b05ff9cc14d4334949 | CNVD-2021-87021 (CVE-2020-4690) | 2021-11-12 12:43:14 | IBM Security Guardium硬编码凭证漏洞 | 详情 |
3bfe7b053a0c59d8a3d38c18f86aa143 | CNVD-2021-87022 (CVE-2021-38870) | 2021-11-12 12:43:12 | IBM Aspera跨站脚本漏洞 | 详情 |
a4649bb17f4db4d1c7f879ebceb46ed0 | CNVD-2021-87011 (CVE-2021-29753) | 2021-11-12 12:43:11 | IBM Business Automation Workflow存在未明漏洞 | 详情 |
094c613f9ed4b8b9d887dc912789043c | CNVD-2021-87025 (CVE-2021-20563) | 2021-11-12 12:43:10 | IBM Sterling File Gateway信息泄露漏洞 | 详情 |
41c47f01a4c65dcb6efc9ebf483fe762 | CNVD-2021-87010 (CVE-2021-38887) | 2021-11-12 12:43:08 | IBM InfoSphere Information Server信息泄露漏洞 | 详情 |
f51d33e7a09fd61ca90ede453515a830 | CNVD-2021-87016 (CVE-2021-29764) | 2021-11-12 12:43:07 | IBM Sterling B2B Integrator跨站脚本漏洞 | 详情 |
33615a5f78df822e82e6d3436045c48c | CNVD-2021-87026 (CVE-2021-38877) | 2021-11-12 12:43:06 | IBM Jazz for Service Management跨站脚本漏洞 | 详情 |
8e729177bcb4105dd831fb1e123ed1bb | CNVD-2021-87014 (CVE-2021-29679) | 2021-11-12 12:43:04 | IBM Cognos Analytics远程代码执行漏洞 | 详情 |
1a3b856f78e9fbdca12aeddc7d665aca | CNVD-2021-87029 (CVE-2021-29752) | 2021-11-12 12:43:03 | IBM Db2信息泄露漏洞 | 详情 |
6f1aa3a0cb819d97519baa47fd0232d5 | CNVD-2021-87015 (CVE-2021-29745) | 2021-11-12 12:43:02 | IBM Cognos Analytics权限提升漏洞 | 详情 |
cbcb12f5f51d6e7d6d8a9fa581aa863a | CNVD-2021-73908 | 2021-11-11 16:42:44 | 泛微e-cology存在SQL注入漏洞 | 详情 |
ae6fd467da55de31aa7219187cf5c2d4 | CNVD-2021-86904 (CVE-2021-20351) | 2021-11-11 08:31:46 | IBM Engineering跨站脚本漏洞 | 详情 |
412a15b40959ed9cf9330ee79f99e079 | CNVD-2021-86903 (CVE-2021-31173) | 2021-11-11 08:31:44 | Microsoft SharePoint Server信息泄露漏洞 | 详情 |
1cbc5d5faac431d3e82c9e5ea9588b5f | CNVD-2021-86902 (CVE-2021-31172) | 2021-11-11 08:31:43 | Microsoft SharePoint欺骗漏洞 | 详情 |
686c7cfb20933b41c3d679cbba79a2ad | CNVD-2021-86901 (CVE-2021-31181) | 2021-11-11 08:31:42 | Microsoft SharePoint远程代码执行漏洞 | 详情 |
72fdfb2d44c0d41d638e4632bdfc10b8 | CNVD-2021-86900 (CVE-2021-3561) | 2021-11-11 08:31:41 | fig2dev缓冲区溢出漏洞 | 详情 |
3ba6f0e9394f9414e2cadb9495e2d5f5 | CNVD-2021-85884 (CVE-2021-41210) | 2021-11-10 07:24:57 | Google TensorFlow堆分配数组越界读取漏洞 | 详情 |
4d8c4744ea972fb2fcb9673fea1fc7b7 | CNVD-2021-85883 (CVE-2021-41226) | 2021-11-10 07:24:56 | Google TensorFlow堆越界访问漏洞 | 详情 |
8778f9cd924cae585ca5e2e0b8be3b3f | CNVD-2021-85882 (CVE-2021-41224) | 2021-11-10 07:24:54 | Google TensorFlow堆越界访问漏洞 | 详情 |
e1b2722e6d5c509c680b584416d9cb20 | CNVD-2021-85881 (CVE-2021-42770) | 2021-11-10 07:24:53 | OPNsense跨站脚本漏洞 | 详情 |
ed09c9fa5586e2d4d9b4e95fe3b447a0 | CNVD-2021-85880 (CVE-2021-28024) | 2021-11-10 07:24:52 | ServiceTonic访问控制不当漏洞 | 详情 |
8a642f0922f7f915e81b2b947276a96c | CNVD-2021-85879 (CVE-2021-28023) | 2021-11-10 07:24:50 | ServiceTonic任意文件上传漏洞 | 详情 |
c00b061c2cfdee4016a869a188135db5 | CNVD-2021-85878 (CVE-2021-28022) | 2021-11-10 07:24:49 | ServiceTonic SQL注入漏洞 | 详情 |
9c4b20a28ad2bd4ab916448f0e1272bd | CNVD-2021-85877 (CVE-2021-32483) | 2021-11-10 07:24:48 | Cloudera Manager不正确访问控制漏洞 | 详情 |
4d4423857b7b1f38e49738f00e8949ba | CNVD-2021-85876 (CVE-2021-32481) | 2021-11-10 07:24:46 | Cloudera Hue跨站脚本漏洞 | 详情 |
6b12b7fc216d603e8e07351603851c86 | CNVD-2021-85875 (CVE-2021-29994) | 2021-11-10 07:24:45 | Cloudera Hue跨站脚本漏洞 | 详情 |
72894fb3a3538de240d2f6810aae63c9 | CNVD-2021-85892 (CVE-2021-42701) | 2021-11-10 02:38:27 | DAQFactory中间人攻击漏洞 | 详情 |
94a1f99a64ba24540cc1594d0a0b3152 | CNVD-2021-85893 (CVE-2021-42699) | 2021-11-10 02:38:26 | DAQFactory明文传输漏洞 | 详情 |
5d9bac33be8f2f88391f6de02fb89c73 | CNVD-2021-85894 (CVE-2021-42698) | 2021-11-10 02:38:24 | DAQFactory反序列化漏洞 | 详情 |
国家信息安全漏洞库(CNNVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
b5815af17792cf5abac5732bae3094e9 | CNNVD-202308-131 (CVE-2023-20215) | 2023-08-03 12:41:47 | Cisco Secure Web Appliance 安全漏洞 | 详情 |
8d98bb094a70919c9e881cc7da5898d4 | CNNVD-202308-132 (CVE-2023-20204) | 2023-08-03 12:40:44 | Cisco BroadWorks CommPilot 安全漏洞 | 详情 |
c65e18d821cb73d6036dc2df6a726951 | CNNVD-202308-123 (CVE-2023-29409) | 2023-08-02 12:45:03 | Google Golang 资源管理错误漏洞 | 详情 |
452c53b54ef3a658eaf6bd8e7d93fe05 | CNNVD-202308-124 (CVE-2023-4070) | 2023-08-02 12:44:01 | Google Chrome 安全漏洞 | 详情 |
ac7b17414d163c2f26008516638e3a99 | CNNVD-202308-125 (CVE-2023-39113) | 2023-08-02 12:42:59 | ngiflib 安全漏洞 | 详情 |
224fd467b813dbee234efe1e61e2ec66 | CNNVD-202308-126 (CVE-2023-39114) | 2023-08-02 12:42:57 | ngiflib 安全漏洞 | 详情 |
72d862f454eb3d0e4dd221413d85f6b2 | CNNVD-202308-127 (CVE-2023-1437) | 2023-08-02 12:42:55 | Advantech WebAccess/SCADA 安全漏洞 | 详情 |
a3b636c53a2116b7ab85ea0c29470e76 | CNNVD-202308-128 (CVE-2023-3329) | 2023-08-02 12:42:53 | SpiderControl SCADA Webserver 路径遍历漏洞 | 详情 |
0e8e3c3600e145e70920c2026bde8feb | CNNVD-202308-129 (CVE-2023-4069) | 2023-08-02 12:42:51 | Google Chrome 安全漏洞 | 详情 |
619ce483843859fb783525b2b8d00f59 | CNNVD-202308-130 (CVE-2023-4068) | 2023-08-02 12:41:48 | Google Chrome 安全漏洞 | 详情 |
6a73381eaa628503bd8c242cd313f005 | CNNVD-202308-057 (CVE-2023-36121) | 2023-08-01 12:48:12 | e107 跨站脚本漏洞 | 详情 |
086c171bc44677f87e0ad45c8ab5dab6 | CNNVD-202308-058 (CVE-2023-2164) | 2023-08-01 12:47:10 | GitLab 跨站脚本漏洞 | 详情 |
bc6915cfb72ce7e27f2aa64ff3a35ee2 | CNNVD-202308-059 (CVE-2023-31432) | 2023-08-01 12:47:08 | Brocade Fabric OS 安全漏洞 | 详情 |
915090fa2939ee9d9978125be4eeff27 | CNNVD-202308-060 (CVE-2023-3739) | 2023-08-01 12:46:07 | Google Chrome 安全漏洞 | 详情 |
b790441bc923d37c914ea50edcdfaa16 | CNNVD-202308-061 (CVE-2023-3385) | 2023-08-01 12:46:05 | GitLab 路径遍历漏洞 | 详情 |
a6be4479387eddda68e1c7808965c1bc | CNNVD-202308-062 (CVE-2022-40609) | 2023-08-01 12:46:03 | IBM SDK, Java Technology Edition 安全漏洞 | 详情 |
55409ee74ffe87168f7d61814b568334 | CNNVD-202308-063 (CVE-2023-31431) | 2023-08-01 12:46:02 | Brocade Fabric OS 安全漏洞 | 详情 |
a4340da9d26800c671fa800a080c3d01 | CNNVD-202308-064 (CVE-2023-36210) | 2023-08-01 12:45:00 | MotoCMS 安全漏洞 | 详情 |
d70ae2187ae1aa50a2af6befce15bfbd | CNNVD-202308-065 (CVE-2023-31428) | 2023-08-01 12:43:58 | Brocade Fabric OS 代码问题漏洞 | 详情 |
8b0e98f117732e813318bdec77d0fb4b | CNNVD-202308-066 (CVE-2023-31928) | 2023-08-01 12:42:57 | Brocade Fabric OS 跨站脚本漏洞 | 详情 |
73ffd9540daad0a04d3d54041ba9df14 | CNNVD-202307-2321 (CVE-2023-37772) | 2023-07-31 12:44:10 | Online Shopping Portal 安全漏洞 | 详情 |
10f462bbd81ee431ab32c6a160fc068d | CNNVD-202307-2322 (CVE-2023-3983) | 2023-07-31 12:44:08 | Advantech iView 安全漏洞 | 详情 |
91dcd4420b85064dbae045bceabb71b9 | CNNVD-202307-2323 (CVE-2023-37496) | 2023-07-31 12:44:07 | HCL Technologies HCL Verse 安全漏洞 | 详情 |
c81e50233ec479272b638b8dbddedeea | CNNVD-202307-2324 (CVE-2023-38989) | 2023-07-31 12:44:05 | jeesite 安全漏洞 | 详情 |
775849c6f8c5fe41588806137e12cfa8 | CNNVD-202307-2326 (CVE-2023-3462) | 2023-07-31 12:44:03 | HashiCorp Vault 安全漏洞 | 详情 |
f995ebc4f6961ed50c6d18ec0f7efcf4 | CNNVD-202307-2327 (CVE-2022-42183) | 2023-07-31 12:44:01 | Precisely Spectrum Spatial Analyst 安全漏洞 | 详情 |
67539644d8b06577c03aeab1ac018450 | CNNVD-202307-2328 (CVE-2022-42182) | 2023-07-31 12:43:59 | Precisely Spectrum Spatial Analyst 安全漏洞 | 详情 |
b61f0e730dfb90bb1c6f8f6e83508ae7 | CNNVD-202307-2329 (CVE-2023-39122) | 2023-07-31 12:43:56 | BMC Control-M 安全漏洞 | 详情 |
a09d1da1d10d2b5f823d7b8b41490660 | CNNVD-202307-2330 (CVE-2023-3825) | 2023-07-31 12:42:54 | PTC Kepware KEPServerEX 资源管理错误漏洞 | 详情 |
05caf2e95b7a0f72e0c071c443e1d82b | CNNVD-202307-2331 (CVE-2023-4033) | 2023-07-31 12:42:52 | Mlflow 操作系统命令注入漏洞 | 详情 |
奇安信 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
45ab4afdafe578698bcfccccd65d833e | yt | QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 | 详情 | |
74691465618764c64d52a2ff58013ac4 | yt | QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 | 详情 | |
6bd01daffa85191c80698354fc8e252f | wt | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 | |
7010355bb6ffff38cb1a885acf784ca7 | ft | QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 | 详情 | |
5edb21a58a7e21692bd0ddd622d39279 | St | QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 | 详情 | |
3e8973410ef7c04408d63fa10c230487 | St | QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 | 详情 | |
f749eac58b87d0954f0e4a84b5d67057 | CVE-2020-1350 | 2020-07-15 15:57:00 | QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 | 详情 |
90b93cb7073fe73b17746ac166a09637 | CVE-2020-6819, CVE-2020-6820 | 2020-04-08 10:34:35 | QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 | 详情 |
e318a5efa4803b50cdef480b90b1784d | 2020-03-25 13:58:51 | QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 | 详情 | |
cffc3035f7899495cfeae521451f91b2 | CVE-2020-0796 | 2020-03-12 10:32:09 | QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 | 详情 |
3e6175d47d17c6f94bd9ba10d81c3717 | CVE-2020-0674 | 2020-03-02 14:52:46 | QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 | 详情 |
d99d073afb7d248a8a62fb068921997f | CVE-2020-0601 | 2020-01-15 14:11:41 | QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 | 详情 |
b7b45b14a3af1225ef6eec72d74964df | CVE-2019-1367 | 2019-09-25 17:23:00 | QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 | 详情 |
504fc79f0123db109a11b149c334b75c | CVE-2019-0708 | 2019-09-09 10:20:47 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
5b727692d583d4a6e7cdb0f670eac12a | CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 | 2019-08-14 11:09:05 | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 |
54b48d765fccbc8dcfa3de0920459f8d | CVE-2019-11707 | 2019-06-19 16:53:47 | QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 | 详情 |
5b4d5fea09fbc2dca45be53f162d39de | CVE-2019-0708 | 2019-05-31 17:03:19 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
安全客 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
03afa8b4eaf4a0160784152fca5465b2 | CVE-2021-27308 | 2021-07-11 14:22:05 | 4images 跨站脚本漏洞 | 详情 |
8b0ace4c54a7fc20a99d21e294152a99 | CVE-2020-15261 | 2021-07-11 14:22:05 | Veyon Service 安全漏洞 | 详情 |
d4f12de949590ab346b61986a29d8b4d | CVE-2021-35039 | 2021-07-09 17:30:13 | Linux kernel 安全漏洞 | 详情 |
f790e7ef3b5de3774d42ee32b9b10c01 | CVE-2021-34626 | 2021-07-09 17:30:13 | WordPress 访问控制错误漏洞 | 详情 |
71bf261eb2113d5ff870ab9bafd29f55 | CVE-2021-25952 | 2021-07-09 17:30:13 | just-safe-set 安全漏洞 | 详情 |
152793cbc104933584f5f227606f433d | CVE-2021-0597 | 2021-07-09 17:30:13 | Google Android 信息泄露漏洞 | 详情 |
75f153c327984fdfdd2d9c463a91371d | CVE-2021-34430 | 2021-07-09 17:30:13 | Eclipse TinyDTLS 安全特征问题漏洞 | 详情 |
9610336f1a41241cc8edea22a2780ec5 | CVE-2021-3638 | 2021-07-09 17:30:13 | QEMU 安全漏洞 | 详情 |
92fe450ae5c5dfa48072aca79d64ba63 | CVE-2021-34614 | 2021-07-09 14:24:32 | Aruba ClearPass Policy Manager 安全漏洞 | 详情 |
680a4218fc32922746717210664a3d62 | CVE-2021-22144 | 2021-07-09 13:28:16 | Elasticsearch 安全漏洞 | 详情 |
373930f669f2c1f7b61101a925304779 | CVE-2021-24022 | 2021-07-09 13:28:16 | Fortinet FortiManager 安全漏洞 | 详情 |
8556f9cd0699f88c1f6cca9a43463bdd | CVE-2021-33012 | 2021-07-09 13:28:16 | Allen Bradley Micrologix 1100输入验证错误漏洞 | 详情 |
480ae713cc88cc0985e1ebc079974d83 | CVE-2021-0592 | 2021-07-09 13:28:16 | Google Android 安全漏洞 | 详情 |
8ef4dbefa6604ea2312621401c3ec0b9 | CVE-2021-1598 | 2021-07-09 13:28:16 | Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 | 详情 |
d6e8714c32df7a0dcc2f3910ec68b42d | CVE-2021-20782 | 2021-07-09 13:28:16 | Software License Manager 跨站请求伪造漏洞 | 详情 |
4e60b22611b8bb0fd7e532896498af29 | CVE-2021-20781 | 2021-07-09 13:28:16 | WordPress 跨站请求伪造漏洞 | 详情 |
5ca48ad58fb499c069ae0800c3b39875 | CVE-2021-32961 | 2021-07-09 13:28:16 | MDT AutoSave代码问题漏洞 | 详情 |
2ed854890b43f08e52340a1e8fe6d39f | CVE-2021-0577 | 2021-07-09 13:28:16 | Google Android 安全漏洞 | 详情 |
8d63110e1475bbd245715b2ee1824d13 | CVE-2021-31816 | 2021-07-09 13:28:16 | Octopus Server 安全漏洞 | 详情 |
72bef2ae2f5db7dd066e1cdefa618dc5 | CVE-2021-31817 | 2021-07-09 13:28:16 | Octopus Server 安全漏洞 | 详情 |
1f7369b2609dbd2cd40d091f7de540cd | CVE-2020-20217 | 2021-07-09 13:28:16 | Mikrotik RouterOs 安全漏洞 | 详情 |
1793176eecc5813c3348f026dc9909c9 | CVE-2020-28598 | 2021-07-09 13:28:16 | PrusaSlicer 安全漏洞 | 详情 |
7f4cf34ceb545548dcfcc3c0e7120268 | CVE-2021-32945 | 2021-07-09 13:28:16 | MDT AutoSave加密问题漏洞 | 详情 |
58553eb00d6e3e83b633f09464c4e98a | CVE-2021-29712 | 2021-07-09 13:28:16 | IBM InfoSphere Information Server 跨站脚本漏洞 | 详情 |
d8e27ec42fb0b89998fcc006f49b249b | CVE-2021-25432 | 2021-07-09 13:28:16 | Samsung Members 信息泄露漏洞 | 详情 |
8f2adc6c247725bf2eb7f53256c93ea7 | CVE-2021-25433 | 2021-07-09 13:28:16 | Samsung Tizen安全漏洞 | 详情 |
8f949676124339eb6f64f9c607af5470 | CVE-2021-25431 | 2021-07-09 13:28:16 | Samsung Mobile Device Cameralyzer 访问控制错误漏洞 | 详情 |
069818a8958f9c158fcb0956ee32fc03 | CVE-2021-25434 | 2021-07-09 13:28:16 | Samsung Tizen 代码注入漏洞 | 详情 |
55b9126220b9722ff5d730d3996877e9 | CVE-2021-32949 | 2021-07-09 13:28:16 | MDT AutoSave 路径遍历漏洞 | 详情 |
ebab009fffdee3d360dcdff74b0ed061 | CVE-2021-25435 | 2021-07-09 13:28:16 | Samsung Tizen代码注入漏洞 | 详情 |
斗象 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
096b6298d82574500dc1a14c9dba4065 | CVE-2022-22038, CVE-2022-22047, CVE-2022-30216, CVE-2022-22029 | 2022-07-15 00:38:28 | 微软2022年7月补丁日漏洞通告 | 详情 |
6018f718b2d751478bf1ce069ac65f0d | CVE-2022-2185 | 2022-07-01 09:02:05 | GitLab 远程代码执行漏洞(CVE-2022-2185) | 详情 |
844719cf0bb4843aff73d2f33cc6dd0b | CVE-2022-30190, CVE-2022-30136 | 2022-06-15 05:48:12 | 微软2022年6月补丁日漏洞通告 | 详情 |
8b47000e1abfbacdadb7df6f09152d89 | CVE-2022-26134 | 2022-06-03 05:48:38 | Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134) | 详情 |
eebe93468b36d2ca24cf4b82136a5635 | CVE-2022-30190 | 2022-05-31 13:57:17 | Microsoft Windows MSDT 远程代码执行漏洞(CVE-2022-30190) | 详情 |
95525e3f5907a776dc7cd4f87f2e2154 | 2022-05-23 07:11:04 | Fastjson 反序列化漏洞 | 详情 | |
945fd6e612634d9721f861833f1ecb75 | CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923 | 2022-05-11 03:45:48 | 微软2022年5月补丁日漏洞通告 | 详情 |
e2938ff82d0cc152508e0240697def4c | CVE-2022-1388 | 2022-05-06 05:53:04 | F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388) | 详情 |
bcf7253d2ee580c618737de137d370c4 | CVE-2022-29464 | 2022-04-22 02:21:17 | WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464) | 详情 |
07c09799b08afb04c63a9de750b70aca | CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904 | 2022-04-13 07:51:00 | 微软2022年4月补丁日漏洞通告 | 详情 |
f5b543501ed5679d423411edac502e24 | CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 | 2022-04-08 03:49:31 | VMware 产品多个高危漏洞通告 | 详情 |
f421bcdb306e2bc1ffbf58fcb024a0dd | 2022-03-29 17:11:30 | Spring 框架远程代码执行漏洞 | 详情 | |
0473358d95e58c7c3f2e7db0109f56f4 | 2022-03-29 17:11:30 | Spring Framework 远程代码执行漏洞(CVE-2022-22965) | 详情 | |
a888c948ca1172f8a06a3879479f1de4 | CVE-2022-22965 | 2022-03-29 17:11:30 | Spring Framework 远程代码执行漏洞(CVE-2022-22965) | 详情 |
71ed541bb737196268b75c7ba435e1a9 | 2022-03-28 04:57:30 | Spring Cloud Function SpEL表达式注入漏洞 | 详情 | |
f7a5dcd376be777c6593a29b8ebd411a | CVE-2022-0778 | 2022-03-18 07:09:22 | OpenSSL拒绝服务漏洞(CVE-2022-0778) | 详情 |
6c4124fed44906a79843cd2dd383c695 | CVE-2022-0847 | 2022-03-15 03:32:03 | Linux Kernel本地提权漏洞(CVE-2022-0847) | 详情 |
a2795e4829bff16f108cf191eba663c3 | CVE-2022-21990, CVE-2022-24508, CVE-2022-23277 | 2022-03-11 02:14:56 | 微软2022年3月补丁日漏洞通告 | 详情 |
d09f0641bf65c64a16d802cd78e14097 | CVE-2022-0847 | 2022-03-08 08:23:08 | Linux 内核本地提权漏洞(CVE-2022-0847) | 详情 |
69052e2a8c09416f5df674f92cba25a6 | CVE-2022-22947 | 2022-03-02 11:42:55 | Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947) | 详情 |
5f42b6f584a9ace426787dc8dfd6e6e5 | 2022-02-16 10:44:18 | 向日葵远程命令执行漏洞(CNVD-2022-10270) | 详情 | |
79556071f6236ab4674f75b3beee4d79 | CVE-2022-24112 | 2022-02-11 06:13:35 | Apache APISIX 远程代码执行漏洞 (CVE-2022-24112) | 详情 |
485f2c57713f4a39830e8c2d01e43cfe | CVE-2021-4034 | 2022-01-26 06:19:16 | Linux Polkit 权限提升漏洞(CVE-2021-4034) | 详情 |
0aa6eab412c0318b74c6a470ee774df1 | CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 | 2022-01-12 03:44:50 | 微软2022年1月补丁日漏洞通告 | 详情 |
88a8c676b52a739c0335d7c21ca810a9 | 2022-01-06 08:19:17 | MeterSphere 远程代码执行漏洞 | 详情 | |
76cad61d2d5a8750a6a714ab2c6dbc97 | CVE-2021-45232 | 2021-12-28 10:31:16 | Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) | 详情 |
af4f5f63390eb00de8705b5029d8c376 | CVE-2021-44228, CVE-2021-45046 | 2021-12-14 01:56:52 | Apache Log4j 远程代码执行漏洞 | 详情 |
43456ae172e45c12087c40c03d925e0e | CVE-2021-44228 | 2021-12-11 03:21:34 | Apache Log4j 远程代码执行漏洞 | 详情 |
392b133d98d6f61aee36ce6c8784f4df | 2021-12-09 15:20:54 | Apache Log4j 远程代码执行漏洞 | 详情 | |
1e193280a8f45427c06cb4945be4f126 | 2021-12-07 06:48:55 | Grafana 任意文件读取漏洞 | 详情 |
红后 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
6fa0a347889bf0da0cae47ef068a6a99 | CVE-2023-32836 | 2023-11-16 21:05:37 | GOOGLE ANDROID Vulnerability | 详情 |
49751f9f84ed69956c96cc87959ec666 | CVE-2021-22499 | 2023-11-16 21:05:34 | Micro Focus Application Performance Management 跨站脚本漏洞 | 详情 |
eaa040f80d817832a627456843d3e24c | CVE-2021-23883 | 2023-11-16 21:05:33 | 迈克菲 McAfee Endpoint Security 代码问题漏洞 | 详情 |
d52ddce51389f668d6fad6e7044bd974 | CVE-2021-23878 | 2023-11-16 21:05:33 | 迈克菲 McAfee Endpoint Security 加密问题漏洞 | 详情 |
b62432054e9970a34c4d9e4d9efd1075 | CVE-2023-32838 | 2023-11-16 21:05:33 | GOOGLE ANDROID Vulnerability | 详情 |
162855c32b8e1a1dafd6ef3e7a3b3da8 | CVE-2022-43554 | 2023-11-16 21:05:33 | IVANTI AVALANCHE Vulnerability | 详情 |
dff8e982c8571446fc1d46fdb5263781 | CVE-2021-21019 | 2023-11-16 21:05:33 | Adobe Magento 注入漏洞 | 详情 |
5c28bf13629d4240819bb4f492d588a9 | CVE-2022-34396 | 2023-11-15 21:56:12 | DELL OPENMANAGE_SERVER_ADMINISTRATOR Vulnerability | 详情 |
8876fd1be50182e42f17aaf033bfaf25 | CVE-2022-45098 | 2023-11-15 21:56:10 | DELL EMC_POWERSCALE_ONEFS Vulnerability | 详情 |
d8a4cb7ca4e0f29533302f9f97f22a55 | CVE-2022-45102 | 2023-11-15 21:55:56 | DELL Multiple product Vulnerability | 详情 |
72e081fb5149198ecc92f3f06383f0d5 | CVE-2023-0512 | 2023-11-15 21:55:53 | VIM VIM Vulnerability | 详情 |
741e4f08caf4baef7072136884f07ae6 | CVE-2023-24829 | 2023-11-15 21:55:48 | APACHE IOTDB Vulnerability | 详情 |
06eca26d44409544e5ec96702bf85ce0 | CVE-2023-23628 | 2023-11-15 21:54:44 | METABASE METABASE Vulnerability | 详情 |
830da4b9e4f027d37c9e39125a30cc18 | CVE-2022-3488 | 2023-11-15 21:54:27 | ISC BIND Vulnerability | 详情 |
93ceb6d645101eee2b05535717260299 | CVE-2022-45808 | 2023-11-15 21:54:21 | THIMPRESS LEARNPRESS Vulnerability | 详情 |
d79756a4e0c6522a5ba958c82d0b4c88 | CVE-2023-22482 | 2023-11-15 21:54:17 | LINUXFOUNDATION ARGO-CD Vulnerability | 详情 |
1c317622086c85695ff9266e3c5cf66f | CVE-2022-4323 | 2023-11-15 21:54:16 | SUMO GOOGLE_ANALYTICATOR Vulnerability | 详情 |
6e8e12e7cd90fd6550e5cef8c12a4a50 | CVE-2023-24069 | 2023-11-15 21:54:13 | SIGNAL SIGNAL-DESKTOP Vulnerability | 详情 |
de78bbaf8c5f6d744b657b8b7733d20e | CVE-2023-24044 | 2023-11-15 21:54:12 | PLESK OBSIDIAN Vulnerability | 详情 |
44e1e95916d186bbbc5cabca01532712 | CVE-2022-41733 | 2023-11-15 21:54:05 | IBM INFOSPHERE_INFORMATION_SERVER Vulnerability | 详情 |
136d79ca309f157fcf93764b6993609c | CVE-2022-20752 | 2023-11-15 20:59:35 | Cisco Unified Communications Manager 和 Cisco Unity Connection安全漏洞 | 详情 |
cfa598cc25996bf7c25d8622f86868f3 | CVE-2022-32208 | 2023-11-15 20:59:35 | curl 缓冲区错误漏洞 | 详情 |
5dc2248c28a031fb6cb3e94f714da748 | CVE-2021-31677 | 2023-11-15 20:59:35 | PESCMS 跨站请求伪造漏洞 | 详情 |
2df25199d06527c66c1929ede927aa18 | CVE-2022-20800 | 2023-11-15 20:59:35 | Cisco Unified Communications Manager 跨站脚本漏洞 | 详情 |
537152d5106a70b12b4e0204db3ba5b3 | CVE-2022-2304 | 2023-11-15 20:59:34 | Vim 安全漏洞 | 详情 |
dee30b1a759cdba8cda08222c3b6cf63 | CVE-2022-2309 | 2023-11-15 20:59:34 | lxml 和 libxml2 代码问题漏洞 | 详情 |
edc189cc3f6caea2e67f158e0f93dd19 | CVE-2022-31116 | 2023-11-15 20:59:34 | UltraJSON 其他漏洞 | 详情 |
3e53baf169ff30745b9dfa6f9505233b | CVE-2022-20791 | 2023-11-15 20:59:26 | Cisco Unified Communications Manager 路径遍历漏洞 | 详情 |
6ae237378a32e08e6f0495fa3dbce32b | CVE-2022-20812 | 2023-11-15 20:59:26 | Cisco Expressway Series 和 Cisco TelePresence Video Communication Server 路径遍历漏洞 | 详情 |
a2523ef82d3016d54faf64dd9af12f3f | CVE-2022-31129 | 2023-11-15 20:59:26 | Moment.js 资源管理错误漏洞 | 详情 |
绿盟 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
f0690bf896670afe1034dc28fbaaa190 | CVE-2024-1303 | 2024-04-26 07:20:30 | Badger Meter Monitool目录遍历漏洞 | 详情 |
1692a89c59bdf0b2ce7b68501f35fac2 | CVE-2024-1302 | 2024-04-26 07:20:30 | Badger Meter Monitool信息泄露漏洞 | 详情 |
fa0888d957b2380887fe274af8745d4e | CVE-2024-1301 | 2024-04-26 07:20:30 | Badger Meter Monitool SQL注入漏洞 | 详情 |
2aa8927b6d45624c8a27953a7fc51fbf | CVE-2024-23112 | 2024-04-26 07:20:30 | Fortinet FortiOS和FortiProxy授权绕过漏洞 | 详情 |
f60ca726131723f97f6b0ff833d98871 | CVE-2024-21761 | 2024-04-26 07:20:30 | Fortinet FortiPortal授权错误漏洞 | 详情 |
f9344ca3c4082aa520ebb799e42aa23c | CVE-2024-1618 | 2024-04-26 07:20:30 | Faronics Deep Freeze Server Standard搜索路径或未引用项目漏洞 | 详情 |
6ecd0267814da4adb62f14c6a1c48f0f | CVE-2024-1227 | 2024-04-26 07:20:30 | Http File Server开放重定向漏洞 | 详情 |
a1600778d129a0c447a45bbde25884b5 | CVE-2024-1226 | 2024-04-26 07:20:30 | Http File Server CRLF注入漏洞 | 详情 |
2a586ec1f28ec75370b064aa17fb333a | CVE-2023-48788 | 2024-04-26 07:20:30 | Fortinet FortiClientEMS SQL注入漏洞 | 详情 |
5f1ab7572abd140cc5d4cb38476ad384 | CVE-2023-47534 | 2024-04-26 07:20:30 | Fortinet FortiClientEMS方案元素中和错误漏洞 | 详情 |
c82812cb91e6b7b82d8b1d589fbfdf26 | CVE-2023-46717 | 2024-04-26 07:20:30 | Fortinet FortiOS身份认证错误漏洞 | 详情 |
29768d71d5fcf048afc667e56037516f | CVE-2023-42790 | 2024-04-26 07:20:30 | Fortinet FortiOS和FortiProxy堆栈缓冲区溢出漏洞 | 详情 |
497b8b7cdbea4dc1f5e554832ea3c469 | CVE-2023-42789 | 2024-04-26 07:20:30 | Fortinet FortiOS和FortiProxy越界写入漏洞 | 详情 |
16d3d2d8e7cce53953184bbd3ab571bc | CVE-2023-41842 | 2024-04-26 07:20:30 | Fortinet多款产品外部控制格式字符串使用漏洞 | 详情 |
58e488b3384328999b2af5f3aa267b50 | CVE-2023-36554 | 2024-04-26 07:20:30 | Fortinet FortiManager访问控制错误漏洞 | 详情 |
875bb675a73e20aec42cee75dbb1f37c | CVE-2024-1328 | 2024-04-25 07:21:26 | WordPress Newsletter2Go Plugin跨站脚本漏洞 | 详情 |
efd6f912f8f0e243c68474c554260dd1 | CVE-2023-6814 | 2024-04-25 07:21:26 | Hitachi Cosminexus信息泄露漏洞 | 详情 |
084a3a7b8b9865afef22f7d5273bbea9 | CVE-2024-25331 | 2024-04-25 07:21:26 | D-Link DIR-822和DIR-822-CA远程代码执行漏洞 | 详情 |
24654bc968df520e4b1692c088b6c059 | CVE-2024-26521 | 2024-04-25 07:21:26 | CE Phoenix Cart HTML注入漏洞 | 详情 |
ea4315593bc948451349a62db9c939ae | CVE-2024-28163 | 2024-04-25 07:21:26 | SAP NetWeaver Process Integration(PI)信息泄露漏洞 | 详情 |
45404f0733a972ab85c7d16a74aea708 | CVE-2023-49453 | 2024-04-25 07:21:26 | Racktables跨站脚本漏洞 | 详情 |
96194b3303a1bd3cec052c4ee74b8b0c | CVE-2024-21584 | 2024-04-25 07:21:26 | Pleasanter跨站脚本漏洞 | 详情 |
bf3d800e80ff3a32bc332871d7701c3f | CVE-2024-25999 | 2024-04-25 07:21:26 | PHOENIX CONTACT CHARX SEC输入验证错误漏洞 | 详情 |
f693c98a214f024dd5eb11ae320121b9 | CVE-2024-25996 | 2024-04-25 07:21:26 | PHOENIX CONTACT CHARX SEC源验证错误漏洞 | 详情 |
b7eda7b8fd169d557c1b1fb0883d6709 | CVE-2024-25998 | 2024-04-25 07:21:26 | PHOENIX CONTACT CHARX SEC输入验证错误漏洞 | 详情 |
a97f54c3568e80c9601eb00213a2e682 | CVE-2024-25995 | 2024-04-25 07:21:26 | PHOENIX CONTACT CHARX SEC身份认证错误漏洞 | 详情 |
c7d45539f7ed70cd01366f66bfc9f8b9 | CVE-2024-25994 | 2024-04-25 07:21:26 | PHOENIX CONTACT CHARX SEC输入验证错误漏洞 | 详情 |
42e392f592288339f51cb33f1eaf21bc | CVE-2024-27121 | 2024-04-25 07:21:26 | Omron Machine Automation Controller NJ Series和NX Series路径遍历漏洞 | 详情 |
a1ec46fcb6ef79449d1f85c80f4e456b | CVE-2024-21805 | 2024-04-25 07:21:26 | SKYSEA Client View访问控制错误漏洞 | 详情 |
6f5d25a12e9b936c12438e3cb3649b95 | CVE-2024-0906 | 2024-04-25 07:21:26 | WordPress fx Private Site Plugin信息泄露漏洞 | 详情 |
美国国家漏洞数据库(NVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
c6b3897e8411249dddc03a2582c3afdc | CVE-2023-45955 | 2023-10-31 18:15:08 | An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands. | 详情 |
752c86d745d9d6748f49970fc6c72bf7 | CVE-2022-48189 | 2023-10-30 15:15:39 | An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | 详情 |
8e0bb5e55759a9b19da4ce8a5bf48799 | CVE-2022-4573 | 2023-10-30 15:15:39 | An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code. | 详情 |
790b026d2f9b8a38a121baf7cc9fbbe2 | CVE-2023-45797 | 2023-10-30 07:15:12 | A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code. | 详情 |
9fee627171b8e0c7c2f065dae65c293c | CVE-2023-46468 | 2023-10-28 01:15:51 | An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function. | 详情 |
1f2c404d06acfac83f7761c8ab878dee | CVE-2023-43322 | 2023-10-28 01:15:51 | ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/. | 详情 |
eea9f6fc871d45cb3672714124c1d416 | CVE-2023-46211 | 2023-10-27 21:15:09 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <=Â 3.19.14 versions. | 详情 |
8496e7ff58df6fda25c681900fb6dfb8 | CVE-2023-46209 | 2023-10-27 21:15:09 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus – Unlimited grid plugin <= 1.3.2 versions. | 详情 |
751468e26927001b02f1b97a3d980488 | CVE-2023-46208 | 2023-10-27 21:15:09 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions. | 详情 |
26e1875553f4c463d954949d41128765 | CVE-2023-46200 | 2023-10-27 21:15:09 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <=Â 1.1.3 versions. | 详情 |
a86c2cbf359259b1e38cd6e0c560a363 | CVE-2023-46509 | 2023-10-27 21:15:09 | An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. | 详情 |
c608240b549dc25f03e04b5397e48e1b | CVE-2023-46199 | 2023-10-27 08:15:31 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Triberr plugin <=Â 4.1.1 versions. | 详情 |
c4bd3098463c3624a284c838fd6ecb48 | CVE-2023-46194 | 2023-10-27 08:15:31 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.5 versions. | 详情 |
e79edbb292a519fa08055a884d86921e | CVE-2023-46192 | 2023-10-27 08:15:31 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <=Â 1.2.3 versions. | 详情 |
528422b82114eedfc8a332c895b5d475 | CVE-2023-46504 | 2023-10-27 04:15:10 | Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component. | 详情 |
4b4a8cd15c35de7b7cb3e0f5110f178b | CVE-2023-46503 | 2023-10-27 04:15:10 | Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules. | 详情 |
9637804577e375e89e0c34d1e9dc7daa | CVE-2023-46505 | 2023-10-27 01:15:32 | Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacker to execute arbitrary code via the content1 parameter in the demo.php file. | 详情 |
ccc0d1dc9e1e6371fc7ed4a7e6bc67c9 | CVE-2023-46491 | 2023-10-27 00:15:09 | ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library. | 详情 |
925767e89590e6107a882a20468a3153 | CVE-2023-42188 | 2023-10-27 00:15:09 | IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF). | 详情 |
8affd999965e83dbd42583837011424c | CVE-2023-42406 | 2023-10-26 22:15:08 | SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component. | 详情 |
7d0ccfb0da7a7225f1fd25c20c95a57e | CVE-2023-46435 | 2023-10-26 18:15:08 | Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id. | 详情 |
0ab665a469513a0f70af2e1f17519e41 | CVE-2023-5792 | 2023-10-26 17:15:10 | A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243598 is the identifier assigned to this vulnerability. | 详情 |
692b9ba4d9cf7c90b6a3e5b8396a5302 | CVE-2023-5791 | 2023-10-26 17:15:10 | A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243597 was assigned to this vulnerability. | 详情 |
7e262fff58c0ebc8ddc6cdfb7535d7e2 | CVE-2023-5790 | 2023-10-26 17:15:10 | A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595. | 详情 |
c643f1003e7a0ee28d9e54cda26d6b85 | CVE-2023-43208 | 2023-10-26 17:15:09 | NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679. | 详情 |
3d3bc04cd7ec7fdf5aaaa0aa0a140b90 | CVE-2023-46450 | 2023-10-26 15:15:09 | Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function. | 详情 |
844b1b549a5543c879cdc68d7237f444 | CVE-2023-46449 | 2023-10-26 15:15:09 | Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function. | 详情 |
f494a8af43bc7ce0e5b6f1d2f18f3740 | CVE-2023-46081 | 2023-10-26 13:15:09 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <=Â 1.1.34 versions. | 详情 |
3a451401fdd162ad57ab72c2f5d7b984 | CVE-2023-46077 | 2023-10-26 13:15:09 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions. | 详情 |
428d0a0df20b616e36d68a5b76023a38 | CVE-2023-46076 | 2023-10-26 13:15:09 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <=Â 1.2.102 versions. | 详情 |
支付宝 | 微信 |