眈眈探求 | 威胁情报播报


360 网络安全响应中心 [TOP 30] CVES TIME TITLE URL
4d42b2e96c478df11ac597898d1526f0 2024-04-17 11:18:19 2024-04 补丁日: Oracle多个产品漏洞安全风险通告 详情
448cfa0216a0757ec96f5862f86eafd4 2024-04-01 10:42:50 安全事件周报 2024-03-25 第13周 详情
1205680821e2717a58c599f99a9fb422 2024-03-26 07:23:13 安全事件周报 2024-03-18 第12周 详情
2e93df858fc2c5b287883dc9313a87fc 2024-03-18 07:07:47 安全事件周报 2024-03-11 第11周 详情
c1cad147c12a38c089cd941022bc395e 2024-03-13 04:34:11 2024-03 补丁日: 微软多个漏洞安全更新通告 详情
7119e349c423ea015d6f2a824c67ed63 2024-03-11 06:17:28 安全事件周报 2024-03-04 第10周 详情
b2c0e23dcf540c0b5d2bb144ceade98d CVE-2024-27198 2024-03-06 08:44:35 CVE-2024-27198:JetBrains TeamCity 身份验证绕过漏洞通告 详情
5e103cbd4bae3244e692ba33c1d7fcf8 2024-03-04 07:07:59 安全事件周报 2024-02-26 第9周 详情
cab02a763bf285b3dc009731f40f8c29 CVE-2024-25065 2024-03-01 09:06:25 CVE-2024-25065:Apache OFBiz目录遍历漏洞通告 详情
194761e30d263596338cc998ac88cbaa 2024-02-28 08:51:55 SupermanMiner挖矿木马新变种持续活跃 详情
213a4c5c76a220c24da1c38c605fcc10 CVE-2024-25600 2024-02-27 09:55:55 CVE-2024-25600:WordPress Bricks Builder远程命令执行漏洞通告 详情
bc2c3923f651854c68f2dd6f99d69f0a 2024-02-26 03:00:09 安全事件周报 2024-02-19 第8周 详情
55c72f6f2af616fbddbb643df06c3b3a CVE-2024-21413 2024-02-23 06:57:46 CVE-2024-21413:Microsoft Outlook 远程代码执行漏洞通告 详情
f000a20bfa53fd8b0f5231b52ff34577 2024-02-19 10:10:13 2024-02 补丁日: 微软多个漏洞安全更新通告 详情
48ff3925c0cc22862b0d6e1f52140bdc 2024-02-06 07:10:07 安全事件周报 2024-01-29 第5周 详情
d8c34853fbcc6b39ae0a3783c6fa6d44 CVE-2024-21626 2024-02-01 08:38:56 CVE-2024-21626:runc容器逃逸漏洞通告 详情
6ff357e8344fde5ea96c964cc0161137 2024-01-29 10:02:54 安全事件周报 2024-01-22 第4周 详情
8fc558ad63c1387fb3ed919bf754820e CVE-2024-0204 2024-01-25 08:26:39 CVE-2024-0204:GoAnywhere MFT 身份认证绕过漏洞通告 详情
f4359caac3c70e9141439aa773e1e8a5 2024-01-22 11:39:38 安全事件周报 2024-01-15 第3周 详情
4939f25b3f3d3242726cd400c645be04 CVE-2024-0519 2024-01-17 09:08:07 CVE-2024-0519:Google Chrome V8越界访问漏洞通告 详情
300687d61adecf75afb4de6d78398518 CVE-2024-0519 2024-01-17 08:09:14 CVE-2024-0519:Google Chrome V8类型混淆漏洞通告 详情
28f74976e64bebdcd2b71df42f44817e CVE-2023-22527 2024-01-16 09:50:35 CVE-2023-22527:Atlassian Confluence 远程代码执行漏洞通告 详情
ec39eae21390157f92422897b04aad66 2024-01-15 08:28:24 安全事件周报 2024-01-08 第2周 详情
de12aee5eaff6382190430b22e2c643f 2024-01-11 10:55:37 2024-01 补丁日: 微软多个漏洞安全更新通告 详情
c2b35c67c2732343be5c23579ebcdd04 2024-01-08 07:37:47 安全事件周报 2024-01-01 第1周 详情
666a3a36b86650d472f7203220b3a4f5 2024-01-02 09:34:01 安全事件周报 2023-12-25 第52周 详情
f91862c02f62f7f8e9d01e209e59487b CVE-2023-51467 2023-12-27 08:57:10 CVE-2023-51467:Apache OFBiz 未授权远程代码执行漏洞通告 详情
0c520d1f3614bc8cba4450fee6f03f5d 2023-12-25 08:21:40 安全事件周报 2023-12-18 第51周 详情
ffb5d5f9ba0fa1576f9bd8325a8d3e66 2023-12-18 08:50:39 安全事件周报 2023-12-11 第50周 详情
382c73d6388430b9cea6072c6c61858e 2023-12-13 08:50:10 2023-12 补丁日: 微软多个漏洞安全更新通告 详情

Tenable (Nessus) [TOP 30] CVES TIME TITLE URL
a9216040e46f07675c2b4896d1cfe8da CVE-2026-40899 2026-04-16 20:16:38 DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mysql class uses Lombok's @Data annotation, which auto-generates a public setter for the illegalParameters field that contains the JDBC security blocklist. When a datasource configuration is submitted as JSON, Jackson deserialization calls setIllegalParameters with an attacker-supplied empty list, replacing the blocklist before getJdbc() validation runs. This allows an authenticated attacker to include dangerous JDBC parameters such as allowLoadLocalInfile=true, and by pointing the datasource at a rogue MySQL server, exploit the LOAD DATA LOCAL INFILE protocol feature to read arbitrary files from the DataEase server filesystem, including sensitive environment variables and database credentials. This issue has been fixed in version 2.10.21. 详情
7f2ece9a80a971ec925a0c0c2f08667b CVE-2026-33207 2026-04-16 20:16:38 DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query strings using String.format without parameterization or sanitization. Although DatasourceServer.java validates that the table name exists in the datasource, an attacker can bypass this by first registering an API datasource with a malicious deTableName, which is then returned by getTables and passes the validation check. An authenticated attacker can execute arbitrary SQL commands, enabling error-based extraction of sensitive database information. This issue has been fixed in version 2.10.21. 详情
122eab007e73bbd63c65903e7182542e CVE-2026-33122 2026-04-16 20:16:38 DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definition is added during a datasource update via /de2api/datasource/update, the deTableName field from the user-submitted configuration is passed to DatasourceSyncManage.createEngineTable, where it is substituted into a CREATE TABLE statement template without any sanitization or identifier escaping. An authenticated attacker can inject arbitrary SQL commands by crafting a deTableName that breaks out of identifier quoting, enabling error-based SQL injection that can extract database information. This issue has been fixed in version 2.10.21. 详情
e6f034543aa919fed02eab971d46c504 CVE-2025-54502 2026-04-16 20:16:37 Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution. 详情
66b9b9f842697f0593adeabe423b77b8 CVE-2026-6442 2026-04-16 19:16:35 Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent to execute arbitrary code on the local device without user consent. Exploitation is non-deterministic and model-dependent. The fix is automatically applied upon relaunch with no user action required. 详情
e00c7a891c0baef96712ae26ecf9acb2 CVE-2026-33121 2026-04-16 19:16:33 DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple string replacement without any sanitization or escaping of the table name. An authenticated attacker can inject arbitrary SQL commands by crafting a deTableName that breaks out of identifier quoting, enabling error-based SQL injection that can extract database information such as the MySQL version. This issue has been fixed in version 2.10.21. 详情
7154154d4d7bb2a858d64cf25f06ff2c CVE-2026-33084 2026-04-16 19:16:33 DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the sorting metadata DTO, which is passed to Order2SQLObj where it is incorporated into the SQL ORDER BY clause without any whitelist validation, and then executed via CalciteProvider. An authenticated attacker can inject arbitrary SQL commands through the sort parameter, enabling time-based blind SQL injection. This issue has been fixed in version 2.10.21. 详情
d59f48650983dc530a1815cbf4b7d342 CVE-2025-54510 2026-04-16 19:16:32 A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity. 详情
5eb854561ad2feaf502af0c9eded05b1 CVE-2025-43937 2026-04-16 19:16:32 Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 详情
c6f4fbbdad384a67715d4a95320242d3 CVE-2025-43935 2026-04-16 19:16:32 Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service. 详情
9bfd83a87cc8a4b02808a7986ef6ee0f CVE-2026-20205 2026-04-15 15:17:58 In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_internal` index or possesses the high-privilege capability `mcp_tool_admin` could view users session and authorization tokens in clear text.

The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives.

Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Connecting to MCP Server and Admin settings](https://help.splunk.com/en/splunk-enterprise/mcp-server-for-splunk-platform/connecting-to-mcp-server-and-admin-settings) in the Splunk documentation for more information.		 详情
d0eee974daa01057b9c16f158350065b CVE-2026-20203 2026-04-15 15:17:56 In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles, has write permission on the app, and does not hold the high-privilege capability `accelerate_datamodel`, could turn on or off Data Model Acceleration due to improper access control. 详情
4cc7faa3c95f63325e9e417823d67e5d CVE-2026-20204 2026-04-15 15:17:54 In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles could potentially perform a Remote Code Execution (RCE) by uploading a malicious file to the `$SPLUNK_HOME/var/run/splunk/apptemp` directory due to improper handling and insufficient isolation of temporary files within the `apptemp` directory. 详情
cc3d78b0850ea0ea8367fada89c754a0 CVE-2026-20202 2026-04-15 15:17:43 In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability `edit_user`could create a specially crafted username that includes a null byte or a non-UTF-8 percent-encoded byte due to improper input validation.

This could lead to inconsistent conversion of usernames into a proper format for storage and account management inconsistencies, such as being unable to edit or delete affected users.		 详情
85d22f587452b6c85933835e222c5ff3 CVE-2025-12141 2026-04-15 14:59:41 In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit contact points created by other users, modify the endpoint URL to a controlled server. By invoking the test functionality, attackers can capture and extract redacted secure settings, such as authentication credentials for third-party services (e.g., Slack tokens). This leads to unauthorized access and potential compromise of external integrations. 详情
58a0ee5b75f5cf15c469f26c82059cba CVE-2026-4682 2026-04-15 14:32:31 Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows–based network scanning protocol that allows a PC to discover scanners (and MFPs) on a network and send scan jobs to them without requiring vendor specific drivers or utilities. 详情
b57de971fd858c1154a8be31709c91ef CVE-2026-4667 2026-04-15 14:22:55 HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability. 详情
7b74d6a256d0acd00e134b0c20301cc7 CVE-2026-25219 2026-04-15 12:30:17 The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure Service Bus used those properties to store sensitive values. Possibly other providers could be also affected if they used the same fields to store sensitive data. If you used Azure Service Bus connection with those values set or if you have other connections with those values storing sensitve values, you should upgrade Airflow to 3.1.8 详情
2d2f757f84b3eb93f0e21131633ec9ad CVE-2026-4145 2026-04-15 12:28:19 During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges. 详情
3d0b616ffb441c0673964764b3912459 CVE-2026-4135 2026-04-15 12:28:12 During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges. 详情
b9deea669d0c65f4e0ecef32ce6beec2 CVE-2026-40683 2026-04-14 20:16:48 In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert configuration option is False (the default). The _ldap_res_to_model method in the UserApi class only performed string-to-boolean conversion when user_enabled_invert was True. When False, the raw string value from LDAP (e.g. "FALSE") was used directly. Since non-empty strings are truthy in Python, users marked as disabled in LDAP were treated as enabled by Keystone, allowing them to authenticate and perform actions. All deployments using the LDAP identity backend without user_enabled_invert=True or user_enabled_emulation are affected. 详情
df9d70ad6334677608fc1849d0dcae81 CVE-2026-34630 2026-04-14 20:16:47 Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 详情
ed9721890f9fe6b8a6e6faca1c76cc58 CVE-2026-34618 2026-04-14 20:16:47 Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 详情
7a3008929a8d92aa7f451bfe8fd64ef7 CVE-2026-27313 2026-04-14 20:16:34 Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 详情
c61fce025dd1bd65e2884f5bf1eca3f6 CVE-2026-27312 2026-04-14 20:16:34 Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 详情
b051a41d18527b939576f64a80656b6f CVE-2026-27311 2026-04-14 20:16:34 Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 详情
a5a7191a24eb137bcd23907743133c66 CVE-2026-27310 2026-04-14 20:16:34 Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 详情
bd45ba8f7341dbf29d4deb6bbbfb65c0 CVE-2026-27289 2026-04-14 20:16:34 Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 详情
64dec46e750a496036ccf05472f1c621 CVE-2026-27222 2026-04-14 20:16:32 Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 详情
53bb9a4f4af5bda329720d805027322d CVE-2026-34625 2026-04-14 19:16:38 Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. 详情

国家信息安全漏洞共享平台(CNVD) [TOP 30] CVES TIME TITLE URL
8686fda9b2b49e4e1666b54e2248f935 CNVD-2021-74882 2021-11-14 16:43:52 四创科技有限公司建站系统存在SQL注入漏洞 详情
8f6972d84ad188b05ff9cc14d4334949 CNVD-2021-87021 (CVE-2020-4690) 2021-11-12 12:43:14 IBM Security Guardium硬编码凭证漏洞 详情
3bfe7b053a0c59d8a3d38c18f86aa143 CNVD-2021-87022 (CVE-2021-38870) 2021-11-12 12:43:12 IBM Aspera跨站脚本漏洞 详情
a4649bb17f4db4d1c7f879ebceb46ed0 CNVD-2021-87011 (CVE-2021-29753) 2021-11-12 12:43:11 IBM Business Automation Workflow存在未明漏洞 详情
094c613f9ed4b8b9d887dc912789043c CNVD-2021-87025 (CVE-2021-20563) 2021-11-12 12:43:10 IBM Sterling File Gateway信息泄露漏洞 详情
41c47f01a4c65dcb6efc9ebf483fe762 CNVD-2021-87010 (CVE-2021-38887) 2021-11-12 12:43:08 IBM InfoSphere Information Server信息泄露漏洞 详情
f51d33e7a09fd61ca90ede453515a830 CNVD-2021-87016 (CVE-2021-29764) 2021-11-12 12:43:07 IBM Sterling B2B Integrator跨站脚本漏洞 详情
33615a5f78df822e82e6d3436045c48c CNVD-2021-87026 (CVE-2021-38877) 2021-11-12 12:43:06 IBM Jazz for Service Management跨站脚本漏洞 详情
8e729177bcb4105dd831fb1e123ed1bb CNVD-2021-87014 (CVE-2021-29679) 2021-11-12 12:43:04 IBM Cognos Analytics远程代码执行漏洞 详情
1a3b856f78e9fbdca12aeddc7d665aca CNVD-2021-87029 (CVE-2021-29752) 2021-11-12 12:43:03 IBM Db2信息泄露漏洞 详情
6f1aa3a0cb819d97519baa47fd0232d5 CNVD-2021-87015 (CVE-2021-29745) 2021-11-12 12:43:02 IBM Cognos Analytics权限提升漏洞 详情
cbcb12f5f51d6e7d6d8a9fa581aa863a CNVD-2021-73908 2021-11-11 16:42:44 泛微e-cology存在SQL注入漏洞 详情
ae6fd467da55de31aa7219187cf5c2d4 CNVD-2021-86904 (CVE-2021-20351) 2021-11-11 08:31:46 IBM Engineering跨站脚本漏洞 详情
412a15b40959ed9cf9330ee79f99e079 CNVD-2021-86903 (CVE-2021-31173) 2021-11-11 08:31:44 Microsoft SharePoint Server信息泄露漏洞 详情
1cbc5d5faac431d3e82c9e5ea9588b5f CNVD-2021-86902 (CVE-2021-31172) 2021-11-11 08:31:43 Microsoft SharePoint欺骗漏洞 详情
686c7cfb20933b41c3d679cbba79a2ad CNVD-2021-86901 (CVE-2021-31181) 2021-11-11 08:31:42 Microsoft SharePoint远程代码执行漏洞 详情
72fdfb2d44c0d41d638e4632bdfc10b8 CNVD-2021-86900 (CVE-2021-3561) 2021-11-11 08:31:41 fig2dev缓冲区溢出漏洞 详情
3ba6f0e9394f9414e2cadb9495e2d5f5 CNVD-2021-85884 (CVE-2021-41210) 2021-11-10 07:24:57 Google TensorFlow堆分配数组越界读取漏洞 详情
4d8c4744ea972fb2fcb9673fea1fc7b7 CNVD-2021-85883 (CVE-2021-41226) 2021-11-10 07:24:56 Google TensorFlow堆越界访问漏洞 详情
8778f9cd924cae585ca5e2e0b8be3b3f CNVD-2021-85882 (CVE-2021-41224) 2021-11-10 07:24:54 Google TensorFlow堆越界访问漏洞 详情
e1b2722e6d5c509c680b584416d9cb20 CNVD-2021-85881 (CVE-2021-42770) 2021-11-10 07:24:53 OPNsense跨站脚本漏洞 详情
ed09c9fa5586e2d4d9b4e95fe3b447a0 CNVD-2021-85880 (CVE-2021-28024) 2021-11-10 07:24:52 ServiceTonic访问控制不当漏洞 详情
8a642f0922f7f915e81b2b947276a96c CNVD-2021-85879 (CVE-2021-28023) 2021-11-10 07:24:50 ServiceTonic任意文件上传漏洞 详情
c00b061c2cfdee4016a869a188135db5 CNVD-2021-85878 (CVE-2021-28022) 2021-11-10 07:24:49 ServiceTonic SQL注入漏洞 详情
9c4b20a28ad2bd4ab916448f0e1272bd CNVD-2021-85877 (CVE-2021-32483) 2021-11-10 07:24:48 Cloudera Manager不正确访问控制漏洞 详情
4d4423857b7b1f38e49738f00e8949ba CNVD-2021-85876 (CVE-2021-32481) 2021-11-10 07:24:46 Cloudera Hue跨站脚本漏洞 详情
6b12b7fc216d603e8e07351603851c86 CNVD-2021-85875 (CVE-2021-29994) 2021-11-10 07:24:45 Cloudera Hue跨站脚本漏洞 详情
72894fb3a3538de240d2f6810aae63c9 CNVD-2021-85892 (CVE-2021-42701) 2021-11-10 02:38:27 DAQFactory中间人攻击漏洞 详情
94a1f99a64ba24540cc1594d0a0b3152 CNVD-2021-85893 (CVE-2021-42699) 2021-11-10 02:38:26 DAQFactory明文传输漏洞 详情
5d9bac33be8f2f88391f6de02fb89c73 CNVD-2021-85894 (CVE-2021-42698) 2021-11-10 02:38:24 DAQFactory反序列化漏洞 详情

国家信息安全漏洞库(CNNVD) [TOP 30] CVES TIME TITLE URL
b5815af17792cf5abac5732bae3094e9 CNNVD-202308-131 (CVE-2023-20215) 2023-08-03 12:41:47 Cisco Secure Web Appliance 安全漏洞 详情
8d98bb094a70919c9e881cc7da5898d4 CNNVD-202308-132 (CVE-2023-20204) 2023-08-03 12:40:44 Cisco BroadWorks CommPilot 安全漏洞 详情
c65e18d821cb73d6036dc2df6a726951 CNNVD-202308-123 (CVE-2023-29409) 2023-08-02 12:45:03 Google Golang 资源管理错误漏洞 详情
452c53b54ef3a658eaf6bd8e7d93fe05 CNNVD-202308-124 (CVE-2023-4070) 2023-08-02 12:44:01 Google Chrome 安全漏洞 详情
ac7b17414d163c2f26008516638e3a99 CNNVD-202308-125 (CVE-2023-39113) 2023-08-02 12:42:59 ngiflib 安全漏洞 详情
224fd467b813dbee234efe1e61e2ec66 CNNVD-202308-126 (CVE-2023-39114) 2023-08-02 12:42:57 ngiflib 安全漏洞 详情
72d862f454eb3d0e4dd221413d85f6b2 CNNVD-202308-127 (CVE-2023-1437) 2023-08-02 12:42:55 Advantech WebAccess/SCADA 安全漏洞 详情
a3b636c53a2116b7ab85ea0c29470e76 CNNVD-202308-128 (CVE-2023-3329) 2023-08-02 12:42:53 SpiderControl SCADA Webserver 路径遍历漏洞 详情
0e8e3c3600e145e70920c2026bde8feb CNNVD-202308-129 (CVE-2023-4069) 2023-08-02 12:42:51 Google Chrome 安全漏洞 详情
619ce483843859fb783525b2b8d00f59 CNNVD-202308-130 (CVE-2023-4068) 2023-08-02 12:41:48 Google Chrome 安全漏洞 详情
6a73381eaa628503bd8c242cd313f005 CNNVD-202308-057 (CVE-2023-36121) 2023-08-01 12:48:12 e107 跨站脚本漏洞 详情
086c171bc44677f87e0ad45c8ab5dab6 CNNVD-202308-058 (CVE-2023-2164) 2023-08-01 12:47:10 GitLab 跨站脚本漏洞 详情
bc6915cfb72ce7e27f2aa64ff3a35ee2 CNNVD-202308-059 (CVE-2023-31432) 2023-08-01 12:47:08 Brocade Fabric OS 安全漏洞 详情
915090fa2939ee9d9978125be4eeff27 CNNVD-202308-060 (CVE-2023-3739) 2023-08-01 12:46:07 Google Chrome 安全漏洞 详情
b790441bc923d37c914ea50edcdfaa16 CNNVD-202308-061 (CVE-2023-3385) 2023-08-01 12:46:05 GitLab 路径遍历漏洞 详情
a6be4479387eddda68e1c7808965c1bc CNNVD-202308-062 (CVE-2022-40609) 2023-08-01 12:46:03 IBM SDK, Java Technology Edition 安全漏洞 详情
55409ee74ffe87168f7d61814b568334 CNNVD-202308-063 (CVE-2023-31431) 2023-08-01 12:46:02 Brocade Fabric OS 安全漏洞 详情
a4340da9d26800c671fa800a080c3d01 CNNVD-202308-064 (CVE-2023-36210) 2023-08-01 12:45:00 MotoCMS 安全漏洞 详情
d70ae2187ae1aa50a2af6befce15bfbd CNNVD-202308-065 (CVE-2023-31428) 2023-08-01 12:43:58 Brocade Fabric OS 代码问题漏洞 详情
8b0e98f117732e813318bdec77d0fb4b CNNVD-202308-066 (CVE-2023-31928) 2023-08-01 12:42:57 Brocade Fabric OS 跨站脚本漏洞 详情
73ffd9540daad0a04d3d54041ba9df14 CNNVD-202307-2321 (CVE-2023-37772) 2023-07-31 12:44:10 Online Shopping Portal 安全漏洞 详情
10f462bbd81ee431ab32c6a160fc068d CNNVD-202307-2322 (CVE-2023-3983) 2023-07-31 12:44:08 Advantech iView 安全漏洞 详情
91dcd4420b85064dbae045bceabb71b9 CNNVD-202307-2323 (CVE-2023-37496) 2023-07-31 12:44:07 HCL Technologies HCL Verse 安全漏洞 详情
c81e50233ec479272b638b8dbddedeea CNNVD-202307-2324 (CVE-2023-38989) 2023-07-31 12:44:05 jeesite 安全漏洞 详情
775849c6f8c5fe41588806137e12cfa8 CNNVD-202307-2326 (CVE-2023-3462) 2023-07-31 12:44:03 HashiCorp Vault 安全漏洞 详情
f995ebc4f6961ed50c6d18ec0f7efcf4 CNNVD-202307-2327 (CVE-2022-42183) 2023-07-31 12:44:01 Precisely Spectrum Spatial Analyst 安全漏洞 详情
67539644d8b06577c03aeab1ac018450 CNNVD-202307-2328 (CVE-2022-42182) 2023-07-31 12:43:59 Precisely Spectrum Spatial Analyst 安全漏洞 详情
b61f0e730dfb90bb1c6f8f6e83508ae7 CNNVD-202307-2329 (CVE-2023-39122) 2023-07-31 12:43:56 BMC Control-M 安全漏洞 详情
a09d1da1d10d2b5f823d7b8b41490660 CNNVD-202307-2330 (CVE-2023-3825) 2023-07-31 12:42:54 PTC Kepware KEPServerEX 资源管理错误漏洞 详情
05caf2e95b7a0f72e0c071c443e1d82b CNNVD-202307-2331 (CVE-2023-4033) 2023-07-31 12:42:52 Mlflow 操作系统命令注入漏洞 详情

奇安信 [TOP 30] CVES TIME TITLE URL
45ab4afdafe578698bcfccccd65d833e yt QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 详情
74691465618764c64d52a2ff58013ac4 yt QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 详情
6bd01daffa85191c80698354fc8e252f wt QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
59085bf4ae9a7a3802468d9764c94968 wt QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 详情
7010355bb6ffff38cb1a885acf784ca7 ft QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 详情
5edb21a58a7e21692bd0ddd622d39279 St QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 详情
3e8973410ef7c04408d63fa10c230487 St QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 详情
e8bc02a0c3bfbafd4c84d9ec26e9bede St QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 详情
f749eac58b87d0954f0e4a84b5d67057 CVE-2020-1350 2020-07-15 15:57:00 QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 详情
90b93cb7073fe73b17746ac166a09637 CVE-2020-6819, CVE-2020-6820 2020-04-08 10:34:35 QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 详情
e318a5efa4803b50cdef480b90b1784d 2020-03-25 13:58:51 QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 详情
cffc3035f7899495cfeae521451f91b2 CVE-2020-0796 2020-03-12 10:32:09 QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 详情
3e6175d47d17c6f94bd9ba10d81c3717 CVE-2020-0674 2020-03-02 14:52:46 QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 详情
d99d073afb7d248a8a62fb068921997f CVE-2020-0601 2020-01-15 14:11:41 QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 详情
b7b45b14a3af1225ef6eec72d74964df CVE-2019-1367 2019-09-25 17:23:00 QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 详情
504fc79f0123db109a11b149c334b75c CVE-2019-0708 2019-09-09 10:20:47 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情
5b727692d583d4a6e7cdb0f670eac12a CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 2019-08-14 11:09:05 QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
54b48d765fccbc8dcfa3de0920459f8d CVE-2019-11707 2019-06-19 16:53:47 QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 详情
5b4d5fea09fbc2dca45be53f162d39de CVE-2019-0708 2019-05-31 17:03:19 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情

安全客 [TOP 30] CVES TIME TITLE URL
03afa8b4eaf4a0160784152fca5465b2 CVE-2021-27308 2021-07-11 14:22:05 4images 跨站脚本漏洞 详情
8b0ace4c54a7fc20a99d21e294152a99 CVE-2020-15261 2021-07-11 14:22:05 Veyon Service 安全漏洞 详情
d4f12de949590ab346b61986a29d8b4d CVE-2021-35039 2021-07-09 17:30:13 Linux kernel 安全漏洞 详情
f790e7ef3b5de3774d42ee32b9b10c01 CVE-2021-34626 2021-07-09 17:30:13 WordPress 访问控制错误漏洞 详情
71bf261eb2113d5ff870ab9bafd29f55 CVE-2021-25952 2021-07-09 17:30:13 just-safe-set 安全漏洞 详情
152793cbc104933584f5f227606f433d CVE-2021-0597 2021-07-09 17:30:13 Google Android 信息泄露漏洞 详情
75f153c327984fdfdd2d9c463a91371d CVE-2021-34430 2021-07-09 17:30:13 Eclipse TinyDTLS 安全特征问题漏洞 详情
9610336f1a41241cc8edea22a2780ec5 CVE-2021-3638 2021-07-09 17:30:13 QEMU 安全漏洞 详情
92fe450ae5c5dfa48072aca79d64ba63 CVE-2021-34614 2021-07-09 14:24:32 Aruba ClearPass Policy Manager 安全漏洞 详情
680a4218fc32922746717210664a3d62 CVE-2021-22144 2021-07-09 13:28:16 Elasticsearch 安全漏洞 详情
373930f669f2c1f7b61101a925304779 CVE-2021-24022 2021-07-09 13:28:16 Fortinet FortiManager 安全漏洞 详情
8556f9cd0699f88c1f6cca9a43463bdd CVE-2021-33012 2021-07-09 13:28:16 Allen Bradley Micrologix 1100输入验证错误漏洞 详情
480ae713cc88cc0985e1ebc079974d83 CVE-2021-0592 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8ef4dbefa6604ea2312621401c3ec0b9 CVE-2021-1598 2021-07-09 13:28:16 Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 详情
d6e8714c32df7a0dcc2f3910ec68b42d CVE-2021-20782 2021-07-09 13:28:16 Software License Manager 跨站请求伪造漏洞 详情
4e60b22611b8bb0fd7e532896498af29 CVE-2021-20781 2021-07-09 13:28:16 WordPress 跨站请求伪造漏洞 详情
5ca48ad58fb499c069ae0800c3b39875 CVE-2021-32961 2021-07-09 13:28:16 MDT AutoSave代码问题漏洞 详情
2ed854890b43f08e52340a1e8fe6d39f CVE-2021-0577 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8d63110e1475bbd245715b2ee1824d13 CVE-2021-31816 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
72bef2ae2f5db7dd066e1cdefa618dc5 CVE-2021-31817 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
1f7369b2609dbd2cd40d091f7de540cd CVE-2020-20217 2021-07-09 13:28:16 Mikrotik RouterOs 安全漏洞 详情
1793176eecc5813c3348f026dc9909c9 CVE-2020-28598 2021-07-09 13:28:16 PrusaSlicer 安全漏洞 详情
7f4cf34ceb545548dcfcc3c0e7120268 CVE-2021-32945 2021-07-09 13:28:16 MDT AutoSave加密问题漏洞 详情
58553eb00d6e3e83b633f09464c4e98a CVE-2021-29712 2021-07-09 13:28:16 IBM InfoSphere Information Server 跨站脚本漏洞 详情
d8e27ec42fb0b89998fcc006f49b249b CVE-2021-25432 2021-07-09 13:28:16 Samsung Members 信息泄露漏洞 详情
8f2adc6c247725bf2eb7f53256c93ea7 CVE-2021-25433 2021-07-09 13:28:16 Samsung Tizen安全漏洞 详情
8f949676124339eb6f64f9c607af5470 CVE-2021-25431 2021-07-09 13:28:16 Samsung Mobile Device Cameralyzer 访问控制错误漏洞 详情
069818a8958f9c158fcb0956ee32fc03 CVE-2021-25434 2021-07-09 13:28:16 Samsung Tizen 代码注入漏洞 详情
55b9126220b9722ff5d730d3996877e9 CVE-2021-32949 2021-07-09 13:28:16 MDT AutoSave 路径遍历漏洞 详情
ebab009fffdee3d360dcdff74b0ed061 CVE-2021-25435 2021-07-09 13:28:16 Samsung Tizen代码注入漏洞 详情

斗象 [TOP 30] CVES TIME TITLE URL
096b6298d82574500dc1a14c9dba4065 CVE-2022-22038, CVE-2022-22047, CVE-2022-30216, CVE-2022-22029 2022-07-15 00:38:28 微软2022年7月补丁日漏洞通告 详情
6018f718b2d751478bf1ce069ac65f0d CVE-2022-2185 2022-07-01 09:02:05 GitLab 远程代码执行漏洞(CVE-2022-2185) 详情
844719cf0bb4843aff73d2f33cc6dd0b CVE-2022-30190, CVE-2022-30136 2022-06-15 05:48:12 微软2022年6月补丁日漏洞通告 详情
8b47000e1abfbacdadb7df6f09152d89 CVE-2022-26134 2022-06-03 05:48:38 Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134) 详情
eebe93468b36d2ca24cf4b82136a5635 CVE-2022-30190 2022-05-31 13:57:17 Microsoft Windows MSDT 远程代码执行漏洞(CVE-2022-30190) 详情
95525e3f5907a776dc7cd4f87f2e2154 2022-05-23 07:11:04 Fastjson 反序列化漏洞 详情
945fd6e612634d9721f861833f1ecb75 CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923 2022-05-11 03:45:48 微软2022年5月补丁日漏洞通告 详情
e2938ff82d0cc152508e0240697def4c CVE-2022-1388 2022-05-06 05:53:04 F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388) 详情
bcf7253d2ee580c618737de137d370c4 CVE-2022-29464 2022-04-22 02:21:17 WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464) 详情
07c09799b08afb04c63a9de750b70aca CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904 2022-04-13 07:51:00 微软2022年4月补丁日漏洞通告 详情
f5b543501ed5679d423411edac502e24 CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 2022-04-08 03:49:31 VMware 产品多个高危漏洞通告 详情
f421bcdb306e2bc1ffbf58fcb024a0dd 2022-03-29 17:11:30 Spring 框架远程代码执行漏洞 详情
0473358d95e58c7c3f2e7db0109f56f4 2022-03-29 17:11:30 Spring Framework 远程代码执行漏洞(CVE-2022-22965) 详情
a888c948ca1172f8a06a3879479f1de4 CVE-2022-22965 2022-03-29 17:11:30 Spring Framework 远程代码执行漏洞(CVE-2022-22965) 详情
71ed541bb737196268b75c7ba435e1a9 2022-03-28 04:57:30 Spring Cloud Function SpEL表达式注入漏洞 详情
f7a5dcd376be777c6593a29b8ebd411a CVE-2022-0778 2022-03-18 07:09:22 OpenSSL拒绝服务漏洞(CVE-2022-0778) 详情
6c4124fed44906a79843cd2dd383c695 CVE-2022-0847 2022-03-15 03:32:03 Linux Kernel本地提权漏洞(CVE-2022-0847) 详情
a2795e4829bff16f108cf191eba663c3 CVE-2022-21990, CVE-2022-24508, CVE-2022-23277 2022-03-11 02:14:56 微软2022年3月补丁日漏洞通告 详情
d09f0641bf65c64a16d802cd78e14097 CVE-2022-0847 2022-03-08 08:23:08 Linux 内核本地提权漏洞(CVE-2022-0847) 详情
69052e2a8c09416f5df674f92cba25a6 CVE-2022-22947 2022-03-02 11:42:55 Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947) 详情
5f42b6f584a9ace426787dc8dfd6e6e5 2022-02-16 10:44:18 向日葵远程命令执行漏洞(CNVD-2022-10270) 详情
79556071f6236ab4674f75b3beee4d79 CVE-2022-24112 2022-02-11 06:13:35 Apache APISIX 远程代码执行漏洞 (CVE-2022-24112) 详情
485f2c57713f4a39830e8c2d01e43cfe CVE-2021-4034 2022-01-26 06:19:16 Linux Polkit 权限提升漏洞(CVE-2021-4034) 详情
0aa6eab412c0318b74c6a470ee774df1 CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 2022-01-12 03:44:50 微软2022年1月补丁日漏洞通告 详情
88a8c676b52a739c0335d7c21ca810a9 2022-01-06 08:19:17 MeterSphere 远程代码执行漏洞 详情
76cad61d2d5a8750a6a714ab2c6dbc97 CVE-2021-45232 2021-12-28 10:31:16 Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) 详情
af4f5f63390eb00de8705b5029d8c376 CVE-2021-44228, CVE-2021-45046 2021-12-14 01:56:52 Apache Log4j 远程代码执行漏洞 详情
43456ae172e45c12087c40c03d925e0e CVE-2021-44228 2021-12-11 03:21:34 Apache Log4j 远程代码执行漏洞 详情
392b133d98d6f61aee36ce6c8784f4df 2021-12-09 15:20:54 Apache Log4j 远程代码执行漏洞 详情
1e193280a8f45427c06cb4945be4f126 2021-12-07 06:48:55 Grafana 任意文件读取漏洞 详情

红后 [TOP 30] CVES TIME TITLE URL
6fa0a347889bf0da0cae47ef068a6a99 CVE-2023-32836 2023-11-16 21:05:37 GOOGLE ANDROID Vulnerability 详情
49751f9f84ed69956c96cc87959ec666 CVE-2021-22499 2023-11-16 21:05:34 Micro Focus Application Performance Management 跨站脚本漏洞 详情
eaa040f80d817832a627456843d3e24c CVE-2021-23883 2023-11-16 21:05:33 迈克菲 McAfee Endpoint Security 代码问题漏洞 详情
d52ddce51389f668d6fad6e7044bd974 CVE-2021-23878 2023-11-16 21:05:33 迈克菲 McAfee Endpoint Security 加密问题漏洞 详情
b62432054e9970a34c4d9e4d9efd1075 CVE-2023-32838 2023-11-16 21:05:33 GOOGLE ANDROID Vulnerability 详情
162855c32b8e1a1dafd6ef3e7a3b3da8 CVE-2022-43554 2023-11-16 21:05:33 IVANTI AVALANCHE Vulnerability 详情
dff8e982c8571446fc1d46fdb5263781 CVE-2021-21019 2023-11-16 21:05:33 Adobe Magento 注入漏洞 详情
5c28bf13629d4240819bb4f492d588a9 CVE-2022-34396 2023-11-15 21:56:12 DELL OPENMANAGE_SERVER_ADMINISTRATOR Vulnerability 详情
8876fd1be50182e42f17aaf033bfaf25 CVE-2022-45098 2023-11-15 21:56:10 DELL EMC_POWERSCALE_ONEFS Vulnerability 详情
d8a4cb7ca4e0f29533302f9f97f22a55 CVE-2022-45102 2023-11-15 21:55:56 DELL Multiple product Vulnerability 详情
72e081fb5149198ecc92f3f06383f0d5 CVE-2023-0512 2023-11-15 21:55:53 VIM VIM Vulnerability 详情
741e4f08caf4baef7072136884f07ae6 CVE-2023-24829 2023-11-15 21:55:48 APACHE IOTDB Vulnerability 详情
06eca26d44409544e5ec96702bf85ce0 CVE-2023-23628 2023-11-15 21:54:44 METABASE METABASE Vulnerability 详情
830da4b9e4f027d37c9e39125a30cc18 CVE-2022-3488 2023-11-15 21:54:27 ISC BIND Vulnerability 详情
93ceb6d645101eee2b05535717260299 CVE-2022-45808 2023-11-15 21:54:21 THIMPRESS LEARNPRESS Vulnerability 详情
d79756a4e0c6522a5ba958c82d0b4c88 CVE-2023-22482 2023-11-15 21:54:17 LINUXFOUNDATION ARGO-CD Vulnerability 详情
1c317622086c85695ff9266e3c5cf66f CVE-2022-4323 2023-11-15 21:54:16 SUMO GOOGLE_ANALYTICATOR Vulnerability 详情
6e8e12e7cd90fd6550e5cef8c12a4a50 CVE-2023-24069 2023-11-15 21:54:13 SIGNAL SIGNAL-DESKTOP Vulnerability 详情
de78bbaf8c5f6d744b657b8b7733d20e CVE-2023-24044 2023-11-15 21:54:12 PLESK OBSIDIAN Vulnerability 详情
44e1e95916d186bbbc5cabca01532712 CVE-2022-41733 2023-11-15 21:54:05 IBM INFOSPHERE_INFORMATION_SERVER Vulnerability 详情
136d79ca309f157fcf93764b6993609c CVE-2022-20752 2023-11-15 20:59:35 Cisco Unified Communications Manager 和 Cisco Unity Connection安全漏洞 详情
cfa598cc25996bf7c25d8622f86868f3 CVE-2022-32208 2023-11-15 20:59:35 curl 缓冲区错误漏洞 详情
5dc2248c28a031fb6cb3e94f714da748 CVE-2021-31677 2023-11-15 20:59:35 PESCMS 跨站请求伪造漏洞 详情
2df25199d06527c66c1929ede927aa18 CVE-2022-20800 2023-11-15 20:59:35 Cisco Unified Communications Manager 跨站脚本漏洞 详情
537152d5106a70b12b4e0204db3ba5b3 CVE-2022-2304 2023-11-15 20:59:34 Vim 安全漏洞 详情
dee30b1a759cdba8cda08222c3b6cf63 CVE-2022-2309 2023-11-15 20:59:34 lxml 和 libxml2 代码问题漏洞 详情
edc189cc3f6caea2e67f158e0f93dd19 CVE-2022-31116 2023-11-15 20:59:34 UltraJSON 其他漏洞 详情
3e53baf169ff30745b9dfa6f9505233b CVE-2022-20791 2023-11-15 20:59:26 Cisco Unified Communications Manager 路径遍历漏洞 详情
6ae237378a32e08e6f0495fa3dbce32b CVE-2022-20812 2023-11-15 20:59:26 Cisco Expressway Series 和 Cisco TelePresence Video Communication Server 路径遍历漏洞 详情
a2523ef82d3016d54faf64dd9af12f3f CVE-2022-31129 2023-11-15 20:59:26 Moment.js 资源管理错误漏洞 详情

绿盟 [TOP 30] CVES TIME TITLE URL
d6f27fdf5d5d6f6116015e82bc121416 CVE-2024-54342 2025-03-12 09:24:32 Wordpress Staggs Product Configurator for WooCommerce跨站脚本漏洞 详情
e9a0b607886133a9c31cb16a36f9f02d CVE-2024-54349 2025-03-12 09:24:32 Wordpress mashiurz.com Plain Post plugin跨站脚本漏洞 详情
11f449583c33b7eb89bac956050841e5 CVE-2024-54343 2025-03-12 09:24:32 Wordpress Connect Contact Form 7 to Constant Contact跨站脚本漏洞 详情
6bdaa412ee7bf60b469968f2e574d291 CVE-2025-1916 2025-03-12 09:24:32 Google Chromium内存错误引用漏洞 详情
ffa2bf126309fee29a179d343f2367ce CVE-2024-54347 2025-03-12 09:24:32 Wordpress BAKKBONE Australia FloristPress Plugin跨站脚本漏洞 详情
9215ebdde261639a53b819b14b2af4a1 CVE-2025-1917 2025-03-12 09:24:32 Google Chromium实现不当漏洞 详情
85ecc9ce902a4b0d65dda54b31093b41 CVE-2025-1918 2025-03-12 09:24:32 Google Chromium实现不当漏洞 详情
ea23a20dd9bf6853baa3999b9c3f378d CVE-2025-1919 2025-03-12 09:24:32 Google Chromium越界读取漏洞 详情
4587694a2285861b6ccc6022a7c4fb21 CVE-2025-1921 2025-03-12 09:24:32 Google Chromium实现不当漏洞 详情
a01ed89c43bfc9c3cabf9d5b4b1bb4da CVE-2025-1922 2025-03-12 09:24:32 Google Chromium实现不当漏洞 详情
dc69ace56dbd9f29f611f285f215972c CVE-2025-1923 2025-03-12 09:24:32 Google Chromium实现不当漏洞 详情
566fdb1d8c8197b5d7b9b02e0acd51af CVE-2024-54346 2025-03-12 09:24:32 Wordpress SKT Themes Barter Plugin跨站脚本漏洞 详情
c524e0c67893752ac1758b09e324c904 CVE-2024-54345 2025-03-12 09:24:32 Wordpress SKT Themes Bicycleshop Plugin跨站脚本漏洞 详情
c5028af7bdf15d8544a392342d455ce4 CVE-2024-54344 2025-03-12 09:24:32 Wordpress Fahad Mahmood WP Quick Shop Plugin跨站脚本漏洞 详情
7b28913363ebdb469e5492750375b329 CVE-2024-54340 2025-03-12 09:24:32 Wordpress Sylvia van Os Simple Presenter plugin跨站脚本漏洞 详情
036058f7f676cba0934fee2f28aa32b1 CVE-2025-26645 2025-03-12 03:30:36 Microsoft Windows Remote Desktop Client远程代码执行漏洞 详情
fa8ee7dabeab1c9664a72efa6eeeed34 CVE-2025-26630 2025-03-12 03:30:36 Microsoft Access远程代码执行漏洞 详情
e50cb859716aa1f6a100c9a2e19299c5 CVE-2025-21180 2025-03-12 03:30:36 Microsoft Windows exFAT File System远程代码执行漏洞 详情
4f9a32cb59820da0cb7731835e612ced CVE-2025-2119 2025-03-12 03:30:36 Microsoft Azure Agent Installer for Backup and Site Recovery权限提升漏洞(CVE-2025-2119 详情
57f796717b5a13d756850d9450e9a04e CVE-2025-24043 2025-03-12 03:30:36 Microsoft Windows WinDbg远程代码执行漏洞 详情
66075be17d473e2dcd793c78214a8b35 CVE-2025-26629 2025-03-12 03:30:36 Microsoft Office远程代码执行漏洞 详情
14c416532591c30f389cc91955b1e741 CVE-2025-26627 2025-03-12 03:30:36 Microsoft Azure Arc Installer权限提升漏洞 详情
50b871d6aa253c29a0d10b2ec746a16e CVE-2025-25008 2025-03-12 03:30:36 Microsoft Windows Server权限提升漏洞 详情
02dee183c0d3d1005ec5ea19ff0d86a7 CVE-2025-25003 2025-03-12 03:30:36 Microsoft Visual Studio权限提升漏洞 详情
77529cb562c22704fe43ed9bd45a39ac CVE-2025-24998 2025-03-12 03:30:36 Microsoft Visual Studio Installer权限提升漏洞 详情
3151d370ace520608fc6396cb91cf31c CVE-2025-24997 2025-03-12 03:30:36 Microsoft Windows DirectX Graphics Kernel File拒绝服务漏洞 详情
267eebebeb9678d53e3ba5013148a317 CVE-2025-24050 2025-03-12 03:30:36 Microsoft Windows Hyper-V权限提升漏洞 详情
13f1d582bdba840962494e654c6365ed CVE-2025-24049 2025-03-12 03:30:36 Microsoft Azure CLI权限提升漏洞 详情
d07852083d64afe8e8b11941ec93e6f9 CVE-2025-24048 2025-03-12 03:30:36 Microsoft Windows Hyper-V权限提升漏洞 详情
f42476df83391584e36d79cebf643af3 CVE-2025-24046 2025-03-12 03:30:36 Microsoft Windows Kernel Streaming Service Driver权限提升漏洞 详情

美国国家漏洞数据库(NVD) [TOP 30] CVES TIME TITLE URL
c6b3897e8411249dddc03a2582c3afdc CVE-2023-45955 2023-10-31 18:15:08 An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands. 详情
752c86d745d9d6748f49970fc6c72bf7 CVE-2022-48189 2023-10-30 15:15:39 An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. 详情
8e0bb5e55759a9b19da4ce8a5bf48799 CVE-2022-4573 2023-10-30 15:15:39 An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code. 详情
790b026d2f9b8a38a121baf7cc9fbbe2 CVE-2023-45797 2023-10-30 07:15:12 A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code. 详情
9fee627171b8e0c7c2f065dae65c293c CVE-2023-46468 2023-10-28 01:15:51 An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function. 详情
1f2c404d06acfac83f7761c8ab878dee CVE-2023-43322 2023-10-28 01:15:51 ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/. 详情
eea9f6fc871d45cb3672714124c1d416 CVE-2023-46211 2023-10-27 21:15:09 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 versions. 详情
8496e7ff58df6fda25c681900fb6dfb8 CVE-2023-46209 2023-10-27 21:15:09 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus – Unlimited grid plugin <= 1.3.2 versions. 详情
751468e26927001b02f1b97a3d980488 CVE-2023-46208 2023-10-27 21:15:09 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions. 详情
26e1875553f4c463d954949d41128765 CVE-2023-46200 2023-10-27 21:15:09 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.3 versions. 详情
a86c2cbf359259b1e38cd6e0c560a363 CVE-2023-46509 2023-10-27 21:15:09 An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. 详情
c608240b549dc25f03e04b5397e48e1b CVE-2023-46199 2023-10-27 08:15:31 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Triberr plugin <= 4.1.1 versions. 详情
c4bd3098463c3624a284c838fd6ecb48 CVE-2023-46194 2023-10-27 08:15:31 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.5 versions. 详情
e79edbb292a519fa08055a884d86921e CVE-2023-46192 2023-10-27 08:15:31 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions. 详情
528422b82114eedfc8a332c895b5d475 CVE-2023-46504 2023-10-27 04:15:10 Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component. 详情
4b4a8cd15c35de7b7cb3e0f5110f178b CVE-2023-46503 2023-10-27 04:15:10 Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules. 详情
9637804577e375e89e0c34d1e9dc7daa CVE-2023-46505 2023-10-27 01:15:32 Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacker to execute arbitrary code via the content1 parameter in the demo.php file. 详情
ccc0d1dc9e1e6371fc7ed4a7e6bc67c9 CVE-2023-46491 2023-10-27 00:15:09 ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library. 详情
925767e89590e6107a882a20468a3153 CVE-2023-42188 2023-10-27 00:15:09 IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF). 详情
8affd999965e83dbd42583837011424c CVE-2023-42406 2023-10-26 22:15:08 SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component. 详情
7d0ccfb0da7a7225f1fd25c20c95a57e CVE-2023-46435 2023-10-26 18:15:08 Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id. 详情
0ab665a469513a0f70af2e1f17519e41 CVE-2023-5792 2023-10-26 17:15:10 A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243598 is the identifier assigned to this vulnerability. 详情
692b9ba4d9cf7c90b6a3e5b8396a5302 CVE-2023-5791 2023-10-26 17:15:10 A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243597 was assigned to this vulnerability. 详情
7e262fff58c0ebc8ddc6cdfb7535d7e2 CVE-2023-5790 2023-10-26 17:15:10 A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595. 详情
c643f1003e7a0ee28d9e54cda26d6b85 CVE-2023-43208 2023-10-26 17:15:09 NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679. 详情
3d3bc04cd7ec7fdf5aaaa0aa0a140b90 CVE-2023-46450 2023-10-26 15:15:09 Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function. 详情
844b1b549a5543c879cdc68d7237f444 CVE-2023-46449 2023-10-26 15:15:09 Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function. 详情
f494a8af43bc7ce0e5b6f1d2f18f3740 CVE-2023-46081 2023-10-26 13:15:09 Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions. 详情
3a451401fdd162ad57ab72c2f5d7b984 CVE-2023-46077 2023-10-26 13:15:09 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions. 详情
428d0a0df20b616e36d68a5b76023a38 CVE-2023-46076 2023-10-26 13:15:09 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <= 1.2.102 versions. 详情