眈眈探求 | 威胁情报播报


360 网络安全响应中心 [TOP 30] CVES TIME TITLE URL
b41b352152aab7c6ef57a7aadc61da50 CVE-2023-20887 2023-06-08 07:46:46 CVE-2023-20887:VMware Aria Operations for Networks命令注入漏洞通告 详情
41b51bc94ff0953f4b36a03ee8725b4b 2023-06-07 08:09:03 Nacos 反序列化漏洞通告 详情
bb1461870abbec4870cb53fd7ca9001b CVE-2023-3079 2023-06-06 07:24:31 CVE-2023-3079:Google V8类型混淆漏洞通告 详情
2228b404ccd3d527ee5bced401fa3f96 2023-06-05 06:50:09 安全事件周报 2023-05-29 第22周 详情
8673ad2a7712694529bdcc80a9b9c795 CVE-2023-33246 2023-06-01 07:55:56 CVE-2023-33246:Apache RocketMQ 远程代码执行漏洞通告 详情
76940954759f4d1122fd6cf1ba59354e 2023-05-29 07:13:01 安全事件周报 2023-05-22 第21周 详情
ad4254fec631c297a09f71812f05a763 CVE-2023-2825 2023-05-24 07:34:45 CVE-2023-2825:GitLab 目录遍历漏洞通告 详情
c22654761dfc4bd86106c5b7f1f5ab1c 2023-05-22 08:52:33 安全事件周报 2023-05-15 第20周 详情
b13f7a6b041480cf34bb8732805b6230 2023-05-19 10:09:41 Apple WebKit 多个漏洞通告 详情
db011599bbee4c7eaf7f5de90aace14f 2023-05-17 08:59:38 泛微多个漏洞通告 详情
ff7b2a220ee1ae11386b5fede1c2884b CVE-2023-32233 2023-05-17 08:58:18 CVE-2023-32233:Linux Kernel 权限提升漏洞通告 详情
46c67d8b625a3844f6de918103d0f1be 2023-05-15 06:57:11 安全事件周报 2023-05-08 第19周 详情
bd54dff060c7e58a91843c0e8e1b8c99 CVE-2023-29324 2023-05-12 07:29:55 CVE-2023-29324:Windows MSHTML Platform安全功能绕过漏洞通告 详情
0c30c8f97c81bc0c5862f2959e074cc9 2023-05-10 09:44:19 2023-05 补丁日: 微软多个漏洞安全更新通告 详情
51077656fe9fc37d4140d4ce8100cf7c CVE-2023-2478 2023-05-08 09:58:45 CVE-2023-2478:GitLab代码执行漏洞通告 详情
7b6e1c8a54653e59e6b19bc5e127c801 2023-05-08 08:59:54 安全事件周报 第17周 详情
be9e00aa3d8a28a4c078ee7b3fa4865b CVE-2023-0386 2023-05-06 08:22:44 CVE-2023-0386:Linux Kernel 权限提升漏洞通告 详情
b6b572fb400edf12ce0e6a34938ea6f3 CVE-2023-20869 2023-04-27 07:26:46 CVE-2023-20869/20870:VMware Workstation/Fusion 漏洞通告 详情
c7d9bbfa38870b35908acfd1e3942570 CVE-2023-27524 2023-04-26 09:46:30 CVE-2023-27524:Apache Superset身份认证绕过漏洞通告 详情
6ddbce6f8b25039edb7b13a95a2cb23e 2023-04-24 09:44:49 安全事件周报 2023-04-17 第16周 详情
9a6490d0223213fdea507a92b46e70c1 CVE-2023-20864 2023-04-21 09:06:27 VMware Aria Operations for Logs远程代码执行漏洞 详情
60b78b7988aacb38f5884e0fbab9c5b6 2023-04-19 06:30:30 2023-04 补丁日: Oracle多个产品漏洞安全风险通告 详情
d1a48a9c9af9070d037efc5d1b556420 CVE-2023-2136 2023-04-19 04:10:07 CVE-2023-2136:Google Chrome Skia整型溢出漏洞通告 详情
65289db6316398217acf197362db4989 2023-04-17 07:52:39 安全事件周报 2023-04-10 第15周 详情
bac04757fb29e6f5a68d734e1b55972d CVE-2023-2033 2023-04-17 00:43:33 CVE-2023-2033:Google Chrome V8类型混淆漏洞通告 详情
7b8df1f07a241983726b162aaec16e09 2023-04-12 08:26:21 2023-04 补丁日: 微软多个漏洞安全更新通告 详情
e5210dc9430bc51ba2e6e406c4f32adb 2023-04-11 07:09:42 瑞友天翼应用虚拟化系统远程代码执行漏洞通告 详情
d60717f31dc6a08a080990fcf8676fdc CVE-2023-29017 2023-04-10 08:59:38 vm2沙箱逃逸漏洞通告 详情
2b4c95f816268f18f5cb57a0071a4125 2023-04-10 06:58:16 安全事件周报 2023-04-03 第14周 详情
638b08e6df884cc1a5c0dd7c8ce8c08d 2023-04-03 09:32:42 安全事件周报 2023-03-27 第13周 详情

Tenable (Nessus) [TOP 30] CVES TIME TITLE URL
ae25d78f1c1141b075c7a0556193e360 CVE-2023-3191 2023-06-10 09:15:00 Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. 详情
27642141eeee13c0d3cc792d0ba4344e CVE-2023-3190 2023-06-10 09:15:00 Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9. 详情
4330f2838c303a99aafed9a402c87981 CVE-2023-26132 2023-06-10 05:15:00 Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file. 详情
da056a9e4ff416d333bc1cd4176aa84f CVE-2023-3188 2023-06-10 02:15:00 Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0. 详情
ff95d329f85bf3840a9edf1ee1a108ed CVE-2023-3187 2023-06-09 21:15:00 A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176. 详情
1208c24e4c6a5991af84bf6bfaf485c1 CVE-2023-29753 2023-06-09 21:15:00 An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files. 详情
690227fd7011c7f69f3bb2ec6a05530a CVE-2023-29751 2023-06-09 21:15:00 An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. 详情
fa58d80eadc965b2fc69fcbe7675708b CVE-2023-26465 2023-06-09 21:15:00 Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. 详情
3d943777b46cd6b97dad3d6d1a36b49e CVE-2023-34856 2023-06-09 20:15:00 A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi. 详情
863b15a8b023f6b65ab1b68e55acd3f1 CVE-2023-32312 2023-06-09 20:15:00 UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit flow is not safe. For traditional MVC applications, it is recommended to use the authorization code flow, which requires the client to authenticate with the authorization server using a client secret. This flow provides better security, as it involves exchanging an authorization code for an access token and/or ID token, rather than directly returning tokens in the URL fragment. This issue has been patched in commit `e792429f9` and a release to Nuget is pending. Users are advised to upgrade when possible. 详情
4bc108a92881ed9afa5530c4df56be46 CVE-2023-3141 2023-06-09 20:15:00 A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. 详情
debfc087f0c61e4dec8fbad6b602435f CVE-2023-29767 2023-06-09 20:15:00 An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files. 详情
8b67b7c6dc53b68340221ad4fbf8f249 CVE-2023-29766 2023-06-09 20:15:00 An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files. 详情
a8fbcd0009a2c1588bcf0458a6d10c76 CVE-2023-29761 2023-06-09 20:15:00 An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. 详情
46149f35e4901aaadb2d7a0266e10234 CVE-2023-29714 2023-06-09 19:15:00 Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter. 详情
200791a8d3a97d28d1454b19b5de684f CVE-2023-29713 2023-06-09 19:15:00 Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory. 详情
493ae11229a15fbe969e847510b32318 CVE-2023-27706 2023-06-09 19:15:00 Bitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local attacker to decrypt the entire local vault. 详情
cde3713508ffd5bc909e16354de31cb3 CVE-2023-2455 2023-06-09 19:15:00 Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. 详情
bdf4da3cf9722d6defad07c8ab1676f6 CVE-2023-2454 2023-06-09 19:15:00 schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. 详情
c303fa6aa7dfa9f81e9bd4bc3223171e CVE-2023-34245 2023-06-09 18:15:00 @udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the `javascript:` scheme. As a result, links with JavaScript URLs can be inserted into the Plate editor through various means, including opening or pasting malicious content. `@udecode/plate-link` 20.0.0 resolves this issue by introducing an `allowedSchemes` option to the link plugin, defaulting to `['http', 'https', 'mailto', 'tel']`. URLs using a scheme that isn't in this list will not be rendered to the DOM. Users are advised to upgrade. Users unable to upgrade are advised to override the `LinkElement` and `PlateFloatingLink` components with implementations that explicitly check the URL scheme before rendering any anchor elements. 详情
ad0c6e984ad26fc0e91544ac0dcbb74e CVE-2023-34100 2023-06-09 18:15:00 Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In particular, there is a 2-byte buffer read in the module os/net/ipv6/uip6.c. The buffer is indexed using 'UIP_IPTCPH_LEN + 2 + c' and 'UIP_IPTCPH_LEN + 3 + c', but the uip_buf buffer may not have enough data, resulting in a 2-byte read out of bounds. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in release 4.9. Users are advised to watch for the 4.9 release and to upgrade when it becomes available. There are no workarounds for this vulnerability aside from manually patching with the diff in commit `cde4e9839`. 详情
8f876d51e5bb22af5e8636e1f3cf9c37 CVE-2023-33557 2023-06-09 18:15:00 Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php. 详情
1dd4bdd1828ae06086948fd1caf27753 CVE-2023-30262 2023-06-09 18:15:00 An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service. 详情
cebffcf3d1ca3861862da1086e968ab9 CVE-2023-29712 2023-06-09 18:15:00 Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter. 详情
28cc259985699268c601744129c1840e CVE-2023-2121 2023-06-09 17:15:00 Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11. 详情
0988a398fa08ad40a98bb4188405fd14 CVE-2023-3184 2023-06-09 13:15:00 A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-231164. 详情
91f67cc2c6c067e5c0ded4ebd49233bb CVE-2023-3183 2023-06-09 13:15:00 A vulnerability was found in SourceCodester Performance Indicator System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addproduct.php. The manipulation of the argument prodname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231163. 详情
d771603310f91ae9d912c76d499e191d CVE-2023-2286 2023-06-09 13:15:00 The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 详情
fca0403136ff2cd79e1b7ffa51ad718f CVE-2023-2285 2023-06-09 13:15:00 The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_switch_db function. This makes it possible for unauthenticated attackers to make changes to the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 详情
3db8ff284c2b6488f8ecc7ffee8c580e CVE-2023-2284 2023-06-09 13:15:00 The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make changes to the plugin's settings. 详情

国家信息安全漏洞共享平台(CNVD) [TOP 30] CVES TIME TITLE URL
8686fda9b2b49e4e1666b54e2248f935 CNVD-2021-74882 2021-11-14 16:43:52 四创科技有限公司建站系统存在SQL注入漏洞 详情
8f6972d84ad188b05ff9cc14d4334949 CNVD-2021-87021 (CVE-2020-4690) 2021-11-12 12:43:14 IBM Security Guardium硬编码凭证漏洞 详情
3bfe7b053a0c59d8a3d38c18f86aa143 CNVD-2021-87022 (CVE-2021-38870) 2021-11-12 12:43:12 IBM Aspera跨站脚本漏洞 详情
a4649bb17f4db4d1c7f879ebceb46ed0 CNVD-2021-87011 (CVE-2021-29753) 2021-11-12 12:43:11 IBM Business Automation Workflow存在未明漏洞 详情
094c613f9ed4b8b9d887dc912789043c CNVD-2021-87025 (CVE-2021-20563) 2021-11-12 12:43:10 IBM Sterling File Gateway信息泄露漏洞 详情
41c47f01a4c65dcb6efc9ebf483fe762 CNVD-2021-87010 (CVE-2021-38887) 2021-11-12 12:43:08 IBM InfoSphere Information Server信息泄露漏洞 详情
f51d33e7a09fd61ca90ede453515a830 CNVD-2021-87016 (CVE-2021-29764) 2021-11-12 12:43:07 IBM Sterling B2B Integrator跨站脚本漏洞 详情
33615a5f78df822e82e6d3436045c48c CNVD-2021-87026 (CVE-2021-38877) 2021-11-12 12:43:06 IBM Jazz for Service Management跨站脚本漏洞 详情
8e729177bcb4105dd831fb1e123ed1bb CNVD-2021-87014 (CVE-2021-29679) 2021-11-12 12:43:04 IBM Cognos Analytics远程代码执行漏洞 详情
1a3b856f78e9fbdca12aeddc7d665aca CNVD-2021-87029 (CVE-2021-29752) 2021-11-12 12:43:03 IBM Db2信息泄露漏洞 详情
6f1aa3a0cb819d97519baa47fd0232d5 CNVD-2021-87015 (CVE-2021-29745) 2021-11-12 12:43:02 IBM Cognos Analytics权限提升漏洞 详情
cbcb12f5f51d6e7d6d8a9fa581aa863a CNVD-2021-73908 2021-11-11 16:42:44 泛微e-cology存在SQL注入漏洞 详情
ae6fd467da55de31aa7219187cf5c2d4 CNVD-2021-86904 (CVE-2021-20351) 2021-11-11 08:31:46 IBM Engineering跨站脚本漏洞 详情
412a15b40959ed9cf9330ee79f99e079 CNVD-2021-86903 (CVE-2021-31173) 2021-11-11 08:31:44 Microsoft SharePoint Server信息泄露漏洞 详情
1cbc5d5faac431d3e82c9e5ea9588b5f CNVD-2021-86902 (CVE-2021-31172) 2021-11-11 08:31:43 Microsoft SharePoint欺骗漏洞 详情
686c7cfb20933b41c3d679cbba79a2ad CNVD-2021-86901 (CVE-2021-31181) 2021-11-11 08:31:42 Microsoft SharePoint远程代码执行漏洞 详情
72fdfb2d44c0d41d638e4632bdfc10b8 CNVD-2021-86900 (CVE-2021-3561) 2021-11-11 08:31:41 fig2dev缓冲区溢出漏洞 详情
3ba6f0e9394f9414e2cadb9495e2d5f5 CNVD-2021-85884 (CVE-2021-41210) 2021-11-10 07:24:57 Google TensorFlow堆分配数组越界读取漏洞 详情
4d8c4744ea972fb2fcb9673fea1fc7b7 CNVD-2021-85883 (CVE-2021-41226) 2021-11-10 07:24:56 Google TensorFlow堆越界访问漏洞 详情
8778f9cd924cae585ca5e2e0b8be3b3f CNVD-2021-85882 (CVE-2021-41224) 2021-11-10 07:24:54 Google TensorFlow堆越界访问漏洞 详情
e1b2722e6d5c509c680b584416d9cb20 CNVD-2021-85881 (CVE-2021-42770) 2021-11-10 07:24:53 OPNsense跨站脚本漏洞 详情
ed09c9fa5586e2d4d9b4e95fe3b447a0 CNVD-2021-85880 (CVE-2021-28024) 2021-11-10 07:24:52 ServiceTonic访问控制不当漏洞 详情
8a642f0922f7f915e81b2b947276a96c CNVD-2021-85879 (CVE-2021-28023) 2021-11-10 07:24:50 ServiceTonic任意文件上传漏洞 详情
c00b061c2cfdee4016a869a188135db5 CNVD-2021-85878 (CVE-2021-28022) 2021-11-10 07:24:49 ServiceTonic SQL注入漏洞 详情
9c4b20a28ad2bd4ab916448f0e1272bd CNVD-2021-85877 (CVE-2021-32483) 2021-11-10 07:24:48 Cloudera Manager不正确访问控制漏洞 详情
4d4423857b7b1f38e49738f00e8949ba CNVD-2021-85876 (CVE-2021-32481) 2021-11-10 07:24:46 Cloudera Hue跨站脚本漏洞 详情
6b12b7fc216d603e8e07351603851c86 CNVD-2021-85875 (CVE-2021-29994) 2021-11-10 07:24:45 Cloudera Hue跨站脚本漏洞 详情
72894fb3a3538de240d2f6810aae63c9 CNVD-2021-85892 (CVE-2021-42701) 2021-11-10 02:38:27 DAQFactory中间人攻击漏洞 详情
94a1f99a64ba24540cc1594d0a0b3152 CNVD-2021-85893 (CVE-2021-42699) 2021-11-10 02:38:26 DAQFactory明文传输漏洞 详情
5d9bac33be8f2f88391f6de02fb89c73 CNVD-2021-85894 (CVE-2021-42698) 2021-11-10 02:38:24 DAQFactory反序列化漏洞 详情

国家信息安全漏洞库(CNNVD) [TOP 30] CVES TIME TITLE URL
56358b73280e18ed2eaf62bf4b7fba5f CNNVD-202210-1696 (CVE-2021-44776) 2022-10-24 13:12:31 Lanner IAC-AST2500A 安全漏洞 详情
07eddc3a7e5e3731956c02a50f538970 CNNVD-202210-1697 (CVE-2021-26732) 2022-10-24 13:12:29 Lanner IAC-AST2500A 安全漏洞 详情
4b051d50f18e2bb4a1f272b12f873223 CNNVD-202210-1698 (CVE-2021-26731) 2022-10-24 13:12:27 Lanner IAC-AST2500A 缓冲区错误漏洞 详情
0d79d7ad89e7b6f52a89de2e3762a492 CNNVD-202210-1699 (CVE-2021-42010) 2022-10-24 13:12:25 Apache Heron 注入漏洞 详情
9596051a8fb75da90bf94bd495b53e94 CNNVD-202210-1700 (CVE-2021-26733) 2022-10-24 13:12:23 Lanner IAC-AST2500A 安全漏洞 详情
883bec62dd4552d68130c0f925873e93 CNNVD-202210-1701 (CVE-2022-42432) 2022-10-24 13:12:22 Linux kernel 安全漏洞 详情
755328fe5484ce3f71a4940d10f50b34 CNNVD-202210-1702 (CVE-2021-44769) 2022-10-24 13:12:20 Lanner IAC-AST2500A 输入验证错误漏洞 详情
9c53a984103cd446d6e447c12c9c66c6 CNNVD-202210-1703 (CVE-2021-44467) 2022-10-24 13:12:18 Lanner IAC-AST2500A 安全漏洞 详情
30dfa903ed49845732fc6cef266206e9 CNNVD-202210-1704 (CVE-2022-41974) 2022-10-24 13:12:16 Red Hat device-mapper-multipath 安全漏洞 详情
9c6324677d17c72db81aec2e1797791f CNNVD-202210-1705 (CVE-2022-41973) 2022-10-24 13:12:14 Red Hat device-mapper-multipath 安全漏洞 详情
4ec5a4ccefd5879e573cd53c2123dd3a CNNVD-202210-1612 (CVE-2022-39272) 2022-10-22 13:09:56 Flux2 安全漏洞 详情
c3846b92a4965777ef3e53a1f4618717 CNNVD-202210-1600 (CVE-2022-3646) 2022-10-21 13:10:17 Linux kernel 安全漏洞 详情
9a761144255ce6f90bb54e219ea40282 CNNVD-202210-1601 (CVE-2022-34438) 2022-10-21 13:10:15 Dell PowerScale OneFS 安全漏洞 详情
44290d228b51ffbf0aab6efd4d6e678e CNNVD-202210-1602 (CVE-2022-31239) 2022-10-21 13:10:12 Dell PowerScale OneFS 安全漏洞 详情
9ca9cbb2a337c33899bcdf19d91d7d78 CNNVD-202210-1603 (CVE-2022-34437) 2022-10-21 13:10:10 Dell PowerScale OneFS 安全漏洞 详情
0a96e1daad10fc7b842abaa350831db2 CNNVD-202210-1605 (CVE-2022-26870) 2022-10-21 13:10:08 Dell EMC PowerStore 安全漏洞 详情
35f41caeb97feaaa8373f4dbbbd7a249 CNNVD-202210-1606 (CVE-2020-5355) 2022-10-21 13:10:06 Dell EMC Isilon OneFS 安全漏洞 详情
d314bbe34de68aa67eddd75a9f4ce40c CNNVD-202210-1609 (CVE-2022-3649) 2022-10-21 13:10:03 Linux kernel 资源管理错误漏洞 详情
351642a659185d5b0604973397c7fa3b CNNVD-202210-1610 (CVE-2022-39259) 2022-10-21 13:10:01 Skylot Jadx 安全漏洞 详情
ebbdab47bb0184312da10141d7d010e7 CNNVD-202210-1611 (CVE-2022-23462) 2022-10-21 13:09:59 Softmotions IOWOW 安全漏洞 详情
8c86f10ec92b3124f4395faa27ee8ae3 CNNVD-202210-1517 (CVE-2022-29477) 2022-10-20 13:08:31 Adobe Iota 信任管理问题漏洞 详情
3c33a32472c03f27b2b606714eb74e0a CNNVD-202210-1518 (CVE-2022-36966) 2022-10-20 13:08:29 SolarWinds Platform 安全漏洞 详情
280b662d6c30e683e90c26748fa86a26 CNNVD-202210-1519 (CVE-2022-36958) 2022-10-20 13:08:27 SolarWinds Platform 代码问题漏洞 详情
1d1787e08b1093c5bd9723a8b9465e0f CNNVD-202210-1520 (CVE-2022-27805) 2022-10-20 13:08:25 Adobe Iota 访问控制错误漏洞 详情
632da31aee8b02c08d2e63767809782a CNNVD-202210-1521 (CVE-2022-36957) 2022-10-20 13:08:22 SolarWinds Platform 安全漏洞 详情
28743e448b695bd2eee529e66954d3c4 CNNVD-202210-1522 (CVE-2022-3623) 2022-10-20 13:08:20 Linux kernel 竞争条件问题漏洞 详情
92679bd487d2a90451cf297905a8f3c3 CNNVD-202210-1523 (CVE-2022-32586) 2022-10-20 13:08:18 Adobe Iota 操作系统命令注入漏洞 详情
bcd4eca45c95707bab85d60a3c30d643 CNNVD-202210-1524 (CVE-2022-3619) 2022-10-20 13:08:16 Linux kernel 安全漏洞 详情
95cdab65f668ebae996fbf3df854d1e9 CNNVD-202210-1525 (CVE-2022-3620) 2022-10-20 13:08:13 Exim 资源管理错误漏洞 详情
9e701d3b09a7f774ceea498474bc4d40 CNNVD-202210-1526 (CVE-2022-3621) 2022-10-20 13:08:11 Linux kernel 安全漏洞 详情

奇安信 [TOP 30] CVES TIME TITLE URL
45ab4afdafe578698bcfccccd65d833e yt QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 详情
74691465618764c64d52a2ff58013ac4 yt QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 详情
6bd01daffa85191c80698354fc8e252f wt QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
7010355bb6ffff38cb1a885acf784ca7 ft QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 详情
5edb21a58a7e21692bd0ddd622d39279 St QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 详情
3e8973410ef7c04408d63fa10c230487 St QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 详情
f749eac58b87d0954f0e4a84b5d67057 CVE-2020-1350 2020-07-15 15:57:00 QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 详情
90b93cb7073fe73b17746ac166a09637 CVE-2020-6819, CVE-2020-6820 2020-04-08 10:34:35 QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 详情
e318a5efa4803b50cdef480b90b1784d 2020-03-25 13:58:51 QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 详情
cffc3035f7899495cfeae521451f91b2 CVE-2020-0796 2020-03-12 10:32:09 QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 详情
3e6175d47d17c6f94bd9ba10d81c3717 CVE-2020-0674 2020-03-02 14:52:46 QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 详情
d99d073afb7d248a8a62fb068921997f CVE-2020-0601 2020-01-15 14:11:41 QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 详情
b7b45b14a3af1225ef6eec72d74964df CVE-2019-1367 2019-09-25 17:23:00 QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 详情
504fc79f0123db109a11b149c334b75c CVE-2019-0708 2019-09-09 10:20:47 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情
5b727692d583d4a6e7cdb0f670eac12a CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 2019-08-14 11:09:05 QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
54b48d765fccbc8dcfa3de0920459f8d CVE-2019-11707 2019-06-19 16:53:47 QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 详情
5b4d5fea09fbc2dca45be53f162d39de CVE-2019-0708 2019-05-31 17:03:19 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情

安全客 [TOP 30] CVES TIME TITLE URL
03afa8b4eaf4a0160784152fca5465b2 CVE-2021-27308 2021-07-11 14:22:05 4images 跨站脚本漏洞 详情
8b0ace4c54a7fc20a99d21e294152a99 CVE-2020-15261 2021-07-11 14:22:05 Veyon Service 安全漏洞 详情
d4f12de949590ab346b61986a29d8b4d CVE-2021-35039 2021-07-09 17:30:13 Linux kernel 安全漏洞 详情
f790e7ef3b5de3774d42ee32b9b10c01 CVE-2021-34626 2021-07-09 17:30:13 WordPress 访问控制错误漏洞 详情
71bf261eb2113d5ff870ab9bafd29f55 CVE-2021-25952 2021-07-09 17:30:13 just-safe-set 安全漏洞 详情
152793cbc104933584f5f227606f433d CVE-2021-0597 2021-07-09 17:30:13 Google Android 信息泄露漏洞 详情
75f153c327984fdfdd2d9c463a91371d CVE-2021-34430 2021-07-09 17:30:13 Eclipse TinyDTLS 安全特征问题漏洞 详情
9610336f1a41241cc8edea22a2780ec5 CVE-2021-3638 2021-07-09 17:30:13 QEMU 安全漏洞 详情
92fe450ae5c5dfa48072aca79d64ba63 CVE-2021-34614 2021-07-09 14:24:32 Aruba ClearPass Policy Manager 安全漏洞 详情
680a4218fc32922746717210664a3d62 CVE-2021-22144 2021-07-09 13:28:16 Elasticsearch 安全漏洞 详情
373930f669f2c1f7b61101a925304779 CVE-2021-24022 2021-07-09 13:28:16 Fortinet FortiManager 安全漏洞 详情
8556f9cd0699f88c1f6cca9a43463bdd CVE-2021-33012 2021-07-09 13:28:16 Allen Bradley Micrologix 1100输入验证错误漏洞 详情
480ae713cc88cc0985e1ebc079974d83 CVE-2021-0592 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8ef4dbefa6604ea2312621401c3ec0b9 CVE-2021-1598 2021-07-09 13:28:16 Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 详情
d6e8714c32df7a0dcc2f3910ec68b42d CVE-2021-20782 2021-07-09 13:28:16 Software License Manager 跨站请求伪造漏洞 详情
4e60b22611b8bb0fd7e532896498af29 CVE-2021-20781 2021-07-09 13:28:16 WordPress 跨站请求伪造漏洞 详情
5ca48ad58fb499c069ae0800c3b39875 CVE-2021-32961 2021-07-09 13:28:16 MDT AutoSave代码问题漏洞 详情
2ed854890b43f08e52340a1e8fe6d39f CVE-2021-0577 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8d63110e1475bbd245715b2ee1824d13 CVE-2021-31816 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
72bef2ae2f5db7dd066e1cdefa618dc5 CVE-2021-31817 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
1f7369b2609dbd2cd40d091f7de540cd CVE-2020-20217 2021-07-09 13:28:16 Mikrotik RouterOs 安全漏洞 详情
1793176eecc5813c3348f026dc9909c9 CVE-2020-28598 2021-07-09 13:28:16 PrusaSlicer 安全漏洞 详情
7f4cf34ceb545548dcfcc3c0e7120268 CVE-2021-32945 2021-07-09 13:28:16 MDT AutoSave加密问题漏洞 详情
58553eb00d6e3e83b633f09464c4e98a CVE-2021-29712 2021-07-09 13:28:16 IBM InfoSphere Information Server 跨站脚本漏洞 详情
d8e27ec42fb0b89998fcc006f49b249b CVE-2021-25432 2021-07-09 13:28:16 Samsung Members 信息泄露漏洞 详情
8f2adc6c247725bf2eb7f53256c93ea7 CVE-2021-25433 2021-07-09 13:28:16 Samsung Tizen安全漏洞 详情
8f949676124339eb6f64f9c607af5470 CVE-2021-25431 2021-07-09 13:28:16 Samsung Mobile Device Cameralyzer 访问控制错误漏洞 详情
069818a8958f9c158fcb0956ee32fc03 CVE-2021-25434 2021-07-09 13:28:16 Samsung Tizen 代码注入漏洞 详情
55b9126220b9722ff5d730d3996877e9 CVE-2021-32949 2021-07-09 13:28:16 MDT AutoSave 路径遍历漏洞 详情
ebab009fffdee3d360dcdff74b0ed061 CVE-2021-25435 2021-07-09 13:28:16 Samsung Tizen代码注入漏洞 详情

斗象 [TOP 30] CVES TIME TITLE URL
096b6298d82574500dc1a14c9dba4065 CVE-2022-22038, CVE-2022-22047, CVE-2022-30216, CVE-2022-22029 2022-07-15 00:38:28 微软2022年7月补丁日漏洞通告 详情
6018f718b2d751478bf1ce069ac65f0d CVE-2022-2185 2022-07-01 09:02:05 GitLab 远程代码执行漏洞(CVE-2022-2185) 详情
844719cf0bb4843aff73d2f33cc6dd0b CVE-2022-30190, CVE-2022-30136 2022-06-15 05:48:12 微软2022年6月补丁日漏洞通告 详情
8b47000e1abfbacdadb7df6f09152d89 CVE-2022-26134 2022-06-03 05:48:38 Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134) 详情
eebe93468b36d2ca24cf4b82136a5635 CVE-2022-30190 2022-05-31 13:57:17 Microsoft Windows MSDT 远程代码执行漏洞(CVE-2022-30190) 详情
95525e3f5907a776dc7cd4f87f2e2154 2022-05-23 07:11:04 Fastjson 反序列化漏洞 详情
945fd6e612634d9721f861833f1ecb75 CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923 2022-05-11 03:45:48 微软2022年5月补丁日漏洞通告 详情
e2938ff82d0cc152508e0240697def4c CVE-2022-1388 2022-05-06 05:53:04 F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388) 详情
bcf7253d2ee580c618737de137d370c4 CVE-2022-29464 2022-04-22 02:21:17 WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464) 详情
07c09799b08afb04c63a9de750b70aca CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904 2022-04-13 07:51:00 微软2022年4月补丁日漏洞通告 详情
f5b543501ed5679d423411edac502e24 CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 2022-04-08 03:49:31 VMware 产品多个高危漏洞通告 详情
f421bcdb306e2bc1ffbf58fcb024a0dd 2022-03-29 17:11:30 Spring 框架远程代码执行漏洞 详情
0473358d95e58c7c3f2e7db0109f56f4 2022-03-29 17:11:30 Spring Framework 远程代码执行漏洞(CVE-2022-22965) 详情
a888c948ca1172f8a06a3879479f1de4 CVE-2022-22965 2022-03-29 17:11:30 Spring Framework 远程代码执行漏洞(CVE-2022-22965) 详情
71ed541bb737196268b75c7ba435e1a9 2022-03-28 04:57:30 Spring Cloud Function SpEL表达式注入漏洞 详情
f7a5dcd376be777c6593a29b8ebd411a CVE-2022-0778 2022-03-18 07:09:22 OpenSSL拒绝服务漏洞(CVE-2022-0778) 详情
6c4124fed44906a79843cd2dd383c695 CVE-2022-0847 2022-03-15 03:32:03 Linux Kernel本地提权漏洞(CVE-2022-0847) 详情
a2795e4829bff16f108cf191eba663c3 CVE-2022-21990, CVE-2022-24508, CVE-2022-23277 2022-03-11 02:14:56 微软2022年3月补丁日漏洞通告 详情
d09f0641bf65c64a16d802cd78e14097 CVE-2022-0847 2022-03-08 08:23:08 Linux 内核本地提权漏洞(CVE-2022-0847) 详情
69052e2a8c09416f5df674f92cba25a6 CVE-2022-22947 2022-03-02 11:42:55 Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947) 详情
5f42b6f584a9ace426787dc8dfd6e6e5 2022-02-16 10:44:18 向日葵远程命令执行漏洞(CNVD-2022-10270) 详情
79556071f6236ab4674f75b3beee4d79 CVE-2022-24112 2022-02-11 06:13:35 Apache APISIX 远程代码执行漏洞 (CVE-2022-24112) 详情
485f2c57713f4a39830e8c2d01e43cfe CVE-2021-4034 2022-01-26 06:19:16 Linux Polkit 权限提升漏洞(CVE-2021-4034) 详情
0aa6eab412c0318b74c6a470ee774df1 CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 2022-01-12 03:44:50 微软2022年1月补丁日漏洞通告 详情
88a8c676b52a739c0335d7c21ca810a9 2022-01-06 08:19:17 MeterSphere 远程代码执行漏洞 详情
76cad61d2d5a8750a6a714ab2c6dbc97 CVE-2021-45232 2021-12-28 10:31:16 Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) 详情
af4f5f63390eb00de8705b5029d8c376 CVE-2021-44228, CVE-2021-45046 2021-12-14 01:56:52 Apache Log4j 远程代码执行漏洞 详情
43456ae172e45c12087c40c03d925e0e CVE-2021-44228 2021-12-11 03:21:34 Apache Log4j 远程代码执行漏洞 详情
392b133d98d6f61aee36ce6c8784f4df 2021-12-09 15:20:54 Apache Log4j 远程代码执行漏洞 详情
1e193280a8f45427c06cb4945be4f126 2021-12-07 06:48:55 Grafana 任意文件读取漏洞 详情

红后 [TOP 30] CVES TIME TITLE URL
319d0928651b037074cc176f76ed5312 CVE-2023-32708 2023-06-10 20:22:52 SPLUNK Multiple product Vulnerability 详情
2265844b86fc8e86281de7dca3b0057e CVE-2023-32706 2023-06-10 20:22:46 SPLUNK Multiple product Vulnerability 详情
b8bde8992673b97248ac5ba69cd1ff52 CVE-2023-32707 2023-06-10 20:22:39 SPLUNK Multiple product Vulnerability 详情
62ba125c5136e625a33cf51d66274495 CVE-2023-32711 2023-06-10 20:22:32 SPLUNK SPLUNK Vulnerability 详情
9ebada8a216f4b66495c8529a03d0606 CVE-2023-32709 2023-06-10 20:22:25 SPLUNK Multiple product Vulnerability 详情
d9b5e61119c2703fefa1699a9f6d60d0 CVE-2023-32710 2023-06-10 20:22:18 SPLUNK Multiple product Vulnerability 详情
f29d342083e4e0072e19d9e53eeea31b CVE-2023-32716 2023-06-10 20:22:11 SPLUNK Multiple product Vulnerability 详情
53808c35af18830c002458a6d6a428c0 CVE-2023-32714 2023-06-10 20:22:02 SPLUNK Multiple product Vulnerability 详情
d12ae7bd943512faa602a570a6682879 CVE-2023-34228 2023-06-10 20:21:55 JETBRAINS TEAMCITY Vulnerability 详情
9dbd71ce65cff74fd20a6550fa44346a CVE-2023-2909 2023-06-10 20:21:47 ASUSTOR ADM Vulnerability 详情
1677dd17e265fa9592172977127e75a9 CVE-2023-33487 2023-06-09 20:23:37 TOTOLINK X5000R_FIRMWARE Vulnerability 详情
4eb04225b13be147f118a6c6cda19eb4 CVE-2023-33486 2023-06-09 20:23:16 TOTOLINK X5000R_FIRMWARE Vulnerability 详情
54c7e4a31536bccff600c82e68b464c9 CVE-2023-34218 2023-06-09 20:23:02 JETBRAINS TEAMCITY Vulnerability 详情
d949a86da49aa863e7bfc6f185060b24 CVE-2023-34229 2023-06-09 20:22:55 JETBRAINS TEAMCITY Vulnerability 详情
b0f5b98401edbbc1eabe1189d29c1fab CVE-2023-23952 2023-06-09 20:22:40 BROADCOM Multiple product Vulnerability 详情
1d1223a6bf2abb58b57849e293aaad11 CVE-2023-2983 2023-06-08 20:31:15 PIMCORE PIMCORE Vulnerability 详情
f0d53ee317be3e9c1746b58a70a3610b CVE-2023-20884 2023-06-08 20:30:22 VMWARE Multiple product Vulnerability 详情
3bb60a947085288bca7e3874f06a5648 CVE-2023-2984 2023-06-08 20:30:08 PIMCORE PIMCORE Vulnerability 详情
151dcc31642609b9d596d9e6db6bf9aa CVE-2023-2999 2023-06-07 20:29:10 PHPMYFAQ PHPMYFAQ Vulnerability 详情
fcf2853fb41272524c82795937f7876b CVE-2023-2932 2023-06-06 20:26:18 GOOGLE CHROME Vulnerability 详情
ada53e451090a77edb890d7e46142ae5 CVE-2023-2935 2023-06-06 20:26:05 GOOGLE CHROME Vulnerability 详情
d54bb51c8b3472e49675f602a9496770 CVE-2023-2938 2023-06-06 20:25:44 GOOGLE CHROME Vulnerability 详情
64dffc63871e586a2211988ba4121f94 CVE-2023-34221 2023-06-05 20:30:46 JETBRAINS TEAMCITY Vulnerability 详情
970cb4435be89470923828c0614ee0cf CVE-2023-34222 2023-06-05 20:30:38 JETBRAINS TEAMCITY Vulnerability 详情
a2b052ad3f33d913c375d090e8b34d79 CVE-2023-34219 2023-06-05 20:30:32 JETBRAINS TEAMCITY Vulnerability 详情
74e8ddea6e9f06174a9d2acbe14a41fb CVE-2023-34220 2023-06-05 20:30:27 JETBRAINS TEAMCITY Vulnerability 详情
72a1ef616e4167f365c3c5d6f741f435 CVE-2023-34225 2023-06-05 20:30:19 JETBRAINS TEAMCITY Vulnerability 详情
af56c78ab768097a3e90745b32c65ed0 CVE-2023-34223 2023-06-05 20:30:11 JETBRAINS TEAMCITY Vulnerability 详情
8ccba10ab0902ee1d53007b3027fbfa1 CVE-2023-34224 2023-06-05 20:30:04 JETBRAINS TEAMCITY Vulnerability 详情
73aa24f2e18c0e5157a1fbbbae5fedc1 CVE-2023-2939 2023-06-05 20:29:56 GOOGLE CHROME Vulnerability 详情

绿盟 [TOP 30] CVES TIME TITLE URL
2be84844256c2b7ec5f8217951628a55 CVE-2023-28686 2023-06-09 07:19:38 Dino信息泄露漏洞 详情
6939ecb289aec05b383103efe8e95371 CVE-2020-36691 2023-06-09 07:19:38 Linux Kernel拒绝服务漏洞 详情
9ed54862a31089cf22024109d461170b CVE-2023-26769 2023-06-09 07:19:38 Liblouis缓冲区溢出漏洞 详情
c88d9e2e865d3ad5640934e6903b472a CVE-2023-27711 2023-06-09 07:19:38 Typecho跨站脚本漏洞 详情
567fc1fd67f87b5ba02b93fffe13723d CVE-2023-27788 2023-06-09 07:19:38 TCPrewrite拒绝服务漏洞 详情
66b3760db4d869d341777398260bd1e5 CVE-2023-28104 2023-06-09 07:19:38 silverstripe/graphql拒绝服务漏洞 详情
2c1aab3f71a5fd88ba308a598e8a4eef CVE-2023-28110 2023-06-09 07:19:38 Jumpserver命令注入漏洞 详情
d9c0f8a45f03f986caf07895ed221393 CVE-2022-43605 2023-06-09 07:19:38 EIPStackGroup OpENer越界写入漏洞 详情
0f5fa20788441447da058512a02e94bb CVE-2023-21454 2023-06-09 07:19:38 Samsung Keyboard授权错误漏洞 详情
8177d6bbe5f5510de3c9a45a30bdcb6b CVE-2023-22880 2023-06-09 07:19:38 Zoom Client多款产品信息泄露漏洞 详情
3824442c2fc9b6fce2524dc277a30a76 CVE-2023-1172 2023-06-09 07:19:38 WordPress Bookly Plugin跨站脚本漏洞 详情
58704b756e994b57450bba42a427f9bd CVE-2023-27253 2023-06-09 07:19:38 Netgate pfSense命令注入漏洞 详情
0652d4eeb6d1b6eff37349a116e9527b CVE-2023-1493 2023-06-09 07:19:38 Max Secure Anti Virus Plus拒绝服务漏洞 详情
4e154155496705a1d687890adfaf0e47 CVE-2023-28429 2023-06-09 07:19:38 Pimcore跨站脚本漏洞 详情
d2e80d81f94d8bcb2a5ccd4f6edca1fb CVE-2023-0273 2023-06-09 07:19:38 WordPress Custom Content Shortcode Plugin跨站脚本漏洞 详情
f4d24990f2fedb43bafdbebcc120ea9a CVE-2023-22890 2023-06-08 07:19:13 SmartBear Zephyr Enterprise拒绝服务漏洞 详情
1090c263873c27853d0f3166b6e1a97a CVE-2023-25145 2023-06-08 07:19:13 Trend Micro Apex One后置链接漏洞 详情
f5eae4636351fb09a368f3ab13f259e1 CVE-2022-47482 2023-06-08 07:19:13 UNISOC Chipsets越界读取漏洞 详情
22226bd39c97933700deca7a1b8175a9 CVE-2023-1226 2023-06-08 07:19:13 Google Chrome信息泄露漏洞 详情
2c229a74f693f6e12a3eb744e0c0013f CVE-2023-23638 2023-06-08 07:19:13 Apache Dubbo不受信数据反序列化漏洞 详情
3f6045f3a8b527749da789cf72d9d4e6 CVE-2022-47476 2023-06-08 07:19:13 UNISOC Chipsets信息泄露漏洞 详情
ed059e2023e4b65a6e342e3bf1a9d7b6 CVE-2022-47462 2023-06-08 07:19:13 UNISOC Chipsets权限提升漏洞 详情
d94937bf7a50bfdeb1c513acdaa825f4 CVE-2022-47456 2023-06-08 07:19:13 UNISOC Chipsets越界读取漏洞 详情
98be44086c00ccd90102efc82402e782 CVE-2021-34125 2023-06-08 07:19:13 PX4-Autopilot信息泄露漏洞 详情
969a7d61ba17cb72fe6511bfa9feb153 CVE-2023-27212 2023-06-08 07:19:13 Online Pizza Ordering System跨站脚本漏洞 详情
8d50b8da849dbbffb916b4ccd48a6989 CVE-2023-25814 2023-06-08 07:19:13 MeterSphere路径遍历漏洞 详情
c9e2396fff7853bd9d15fbe30fbca0c2 CVE-2022-46257 2023-06-08 07:19:13 GitHub Enterprise Server信息泄露漏洞 详情
1d27256fc6e4483e60e8dc212c6a68a8 CVE-2023-25611 2023-06-08 07:19:13 Fortinet FortiAnalyzer任意代码执行漏洞 详情
cfd60d5166c444dcbc53646f21cfe2f9 CVE-2023-26208 2023-06-08 07:19:13 Fortinet FortiAuthenticator拒绝服务漏洞 详情
1b80afe132882cab5e565062411c03f3 CVE-2022-29056 2023-06-08 07:19:13 Fortinet FortiMail拒绝服务漏洞 详情

美国国家漏洞数据库(NVD) [TOP 30] CVES TIME TITLE URL
234021f90b10370f2df354c30b39eead CVE-2023-3094 2023-06-04 09:15:09 A vulnerability classified as critical has been found in code-projects Agro-School Management System 1.0. Affected is the function doUpdateQuestion of the file btn_functions.php. The manipulation of the argument question_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230670 is the identifier assigned to this vulnerability. 详情
90e766b173f4727809b6c1a715f83743 CVE-2023-3091 2023-06-04 00:15:09 ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Captura up to 8.0.0. It has been declared as critical. This vulnerability affects unknown code in the library CRYPTBASE.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation appears to be difficult. The identifier of this vulnerability is VDB-230668. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 详情
a8cd17836251bb66cab3e8ebda0b61c1 CVE-2023-3086 2023-06-03 12:15:09 Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. 详情
3e084059018f7a11aa7e8092482c0f73 CVE-2023-3084 2023-06-03 11:15:20 Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. 详情
34148c4df68bf03255de167a3fc72df8 CVE-2023-3083 2023-06-03 08:15:08 Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. 详情
736a9f8558ff484946eef701a2b4df48 CVE-2023-33672 2023-06-02 20:15:09 Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. 详情
8f24d2fb3d25438061b494842b3f8bcc CVE-2023-33671 2023-06-02 20:15:09 Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. 详情
15f58c71bb0224daa52550c594a50777 CVE-2023-33670 2023-06-02 20:15:09 Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function. 详情
396ad3ad779264abb6091d88a5a2e456 CVE-2023-33669 2023-06-02 20:15:09 Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function. 详情
79190ace2f7248614b04839c5193ad09 CVE-2023-3073 2023-06-02 19:15:09 Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. 详情
c204525f024982f094dac0b729e3cff2 CVE-2023-3075 2023-06-02 18:15:09 Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8. 详情
c46518069a6d2a99b24a4c7874814e1c CVE-2023-3074 2023-06-02 18:15:09 Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. 详情
fe2af667575adc87edd8ef1095c7e2c0 CVE-2023-32215 2023-06-02 17:15:13 Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. 详情
92333618abaa91c3d448328883477c04 CVE-2023-32213 2023-06-02 17:15:13 When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. 详情
82e00c4465b93bdd13286092a39c1978 CVE-2023-32212 2023-06-02 17:15:13 An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. 详情
37eb0246e0e29714c1d805e429ed282f CVE-2023-32211 2023-06-02 17:15:13 A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. 详情
a210c67feb73386b873b1500b36a1986 CVE-2023-32207 2023-06-02 17:15:13 A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. 详情
cf887f1b26487db8c86cce3a706d5064 CVE-2023-3068 2023-06-02 16:15:10 A vulnerability classified as critical has been found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/modal_add_product.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230580. 详情
6ce9082f4da37598e18fe8cb396bb83b CVE-2023-3067 2023-06-02 16:15:09 Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.59.4. 详情
6f2ce5ccf9678f7da821ff39d0aeac27 CVE-2023-3062 2023-06-02 14:15:09 A vulnerability was found in code-projects Agro-School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-230568. 详情
bffa1705637f13876dfddc30a7c8cfac CVE-2023-3061 2023-06-02 14:15:09 A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file btn_functions.php of the component Attachment Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-230567. 详情
11f9fbbf60c91cb8f8dd48c448e30563 CVE-2023-3060 2023-06-02 14:15:09 A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as problematic. This vulnerability affects the function doAddQuestion of the file btn_functions.php. The manipulation of the argument Question leads to cross site scripting. The attack can be initiated remotely. VDB-230566 is the identifier assigned to this vulnerability. 详情
f4092e3e6d45d08bf86ee2acbfe5171b CVE-2023-3059 2023-06-02 13:15:10 A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/update_s6.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230565 was assigned to this vulnerability. 详情
c9ba738670a4b858a1280048dc353145 CVE-2023-3058 2023-06-02 13:15:10 A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230560. 详情
5542f813b6d7e8e22d182f830aed12bd CVE-2023-3057 2023-06-02 13:15:10 A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230543. 详情
feee157c06312df13df1f98725df66ba CVE-2023-30604 2023-06-02 11:15:10 It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitron Technologies CODA-5310. An unauthorized remote attacker can exploit this vulnerability to access system configuration interface, resulting in performing arbitrary system operation or disrupt service. 详情
4c82fa9a4907f9296f0ac877edbcf418 CVE-2023-30603 2023-06-02 11:15:10 Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator’s privilege, resulting in performing arbitrary system operation or disrupt service. 详情
e229e449af5bd78d77bb975be1f48346 CVE-2023-30602 2023-06-02 11:15:10 Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An unauthenticated remote attacker can exploit this vulnerability to access credentials of normal users and administrator. 详情
b7c4a4acb27e454e56bd9f94d028f433 CVE-2023-34339 2023-06-01 19:15:09 In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message 详情
37bb73bfddceab27641fba19c0d20020 CVE-2023-32711 2023-06-01 17:15:10 In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload. 详情




赞助途径