Threat-Broadcast

眈眈探求 | 威胁情报播报

360 网络安全响应中心 [TOP 30]	CVES	TIME	TITLE	URL
4d42b2e96c478df11ac597898d1526f0		2024-04-17 11:18:19	2024-04 补丁日: Oracle多个产品漏洞安全风险通告	详情
448cfa0216a0757ec96f5862f86eafd4		2024-04-01 10:42:50	安全事件周报 2024-03-25 第13周	详情
1205680821e2717a58c599f99a9fb422		2024-03-26 07:23:13	安全事件周报 2024-03-18 第12周	详情
2e93df858fc2c5b287883dc9313a87fc		2024-03-18 07:07:47	安全事件周报 2024-03-11 第11周	详情
c1cad147c12a38c089cd941022bc395e		2024-03-13 04:34:11	2024-03 补丁日: 微软多个漏洞安全更新通告	详情
7119e349c423ea015d6f2a824c67ed63		2024-03-11 06:17:28	安全事件周报 2024-03-04 第10周	详情
b2c0e23dcf540c0b5d2bb144ceade98d	CVE-2024-27198	2024-03-06 08:44:35	CVE-2024-27198：JetBrains TeamCity 身份验证绕过漏洞通告	详情
5e103cbd4bae3244e692ba33c1d7fcf8		2024-03-04 07:07:59	安全事件周报 2024-02-26 第9周	详情
cab02a763bf285b3dc009731f40f8c29	CVE-2024-25065	2024-03-01 09:06:25	CVE-2024-25065：Apache OFBiz目录遍历漏洞通告	详情
194761e30d263596338cc998ac88cbaa		2024-02-28 08:51:55	SupermanMiner挖矿木马新变种持续活跃	详情
213a4c5c76a220c24da1c38c605fcc10	CVE-2024-25600	2024-02-27 09:55:55	CVE-2024-25600：WordPress Bricks Builder远程命令执行漏洞通告	详情
bc2c3923f651854c68f2dd6f99d69f0a		2024-02-26 03:00:09	安全事件周报 2024-02-19 第8周	详情
55c72f6f2af616fbddbb643df06c3b3a	CVE-2024-21413	2024-02-23 06:57:46	CVE-2024-21413：Microsoft Outlook 远程代码执行漏洞通告	详情
f000a20bfa53fd8b0f5231b52ff34577		2024-02-19 10:10:13	2024-02 补丁日: 微软多个漏洞安全更新通告	详情
48ff3925c0cc22862b0d6e1f52140bdc		2024-02-06 07:10:07	安全事件周报 2024-01-29 第5周	详情
d8c34853fbcc6b39ae0a3783c6fa6d44	CVE-2024-21626	2024-02-01 08:38:56	CVE-2024-21626：runc容器逃逸漏洞通告	详情
6ff357e8344fde5ea96c964cc0161137		2024-01-29 10:02:54	安全事件周报 2024-01-22 第4周	详情
8fc558ad63c1387fb3ed919bf754820e	CVE-2024-0204	2024-01-25 08:26:39	CVE-2024-0204：GoAnywhere MFT 身份认证绕过漏洞通告	详情
f4359caac3c70e9141439aa773e1e8a5		2024-01-22 11:39:38	安全事件周报 2024-01-15 第3周	详情
4939f25b3f3d3242726cd400c645be04	CVE-2024-0519	2024-01-17 09:08:07	CVE-2024-0519：Google Chrome V8越界访问漏洞通告	详情
300687d61adecf75afb4de6d78398518	CVE-2024-0519	2024-01-17 08:09:14	CVE-2024-0519：Google Chrome V8类型混淆漏洞通告	详情
28f74976e64bebdcd2b71df42f44817e	CVE-2023-22527	2024-01-16 09:50:35	CVE-2023-22527：Atlassian Confluence 远程代码执行漏洞通告	详情
ec39eae21390157f92422897b04aad66		2024-01-15 08:28:24	安全事件周报 2024-01-08 第2周	详情
de12aee5eaff6382190430b22e2c643f		2024-01-11 10:55:37	2024-01 补丁日: 微软多个漏洞安全更新通告	详情
c2b35c67c2732343be5c23579ebcdd04		2024-01-08 07:37:47	安全事件周报 2024-01-01 第1周	详情
666a3a36b86650d472f7203220b3a4f5		2024-01-02 09:34:01	安全事件周报 2023-12-25 第52周	详情
f91862c02f62f7f8e9d01e209e59487b	CVE-2023-51467	2023-12-27 08:57:10	CVE-2023-51467：Apache OFBiz 未授权远程代码执行漏洞通告	详情
0c520d1f3614bc8cba4450fee6f03f5d		2023-12-25 08:21:40	安全事件周报 2023-12-18 第51周	详情
ffb5d5f9ba0fa1576f9bd8325a8d3e66		2023-12-18 08:50:39	安全事件周报 2023-12-11 第50周	详情
382c73d6388430b9cea6072c6c61858e		2023-12-13 08:50:10	2023-12 补丁日: 微软多个漏洞安全更新通告	详情

Tenable (Nessus) [TOP 30]	CVES	TIME	TITLE	URL
c879811c36e647f10b142d3f25e1be27	CVE-2025-24024	2025-01-21 20:15:46	Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0 responds to management commands from any room the bot is member of. This can allow users who aren't operators of the bot to use the bot's functions, including server administration components if enabled. Version 1.9.1 reverts the feature that introduced the bug, and version 1.9.2 reintroduces the feature safely. Downgrading to version 1.8.3 is recommended if upgrading to 1.9.1 or higher isn't possible.	详情
236be0691d71cbab0abe59cb42b82b44	CVE-2025-23369	2025-01-21 19:15:12	An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already an existing user were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0. This vulnerability was reported via the GitHub Bug Bounty program.	详情
9adfe6793641dd3350ea14e707fcde2c	CVE-2024-51417	2025-01-21 19:15:10	An issue in System.Linq.Dynamic.Core Latest version v.1.4.6 allows remote access to properties on reflection types and static properties/fields.	详情
a2def0d711ace4cf42d684605498187a	CVE-2025-24461	2025-01-21 18:15:19	In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint	详情
94335b14a79fdc26310e9a908f0cc5e9	CVE-2025-24460	2025-01-21 18:15:19	In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool	详情
11f1fd4111c75f67f2028411902b65ee	CVE-2025-24459	2025-01-21 18:15:18	In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page	详情
7adfaf98042806c1bd1c7a0a1ecd70aa	CVE-2025-24458	2025-01-21 18:15:18	In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration	详情
e8f95264423980f11b8e34589a823915	CVE-2025-24456	2025-01-21 18:15:18	In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping	详情
d3487859bdea82f2bfa5adc713aa12c3	CVE-2025-23996	2025-01-21 18:15:17	Cross-Site Request Forgery (CSRF) vulnerability in anyroad.com AnyRoad allows Cross Site Request Forgery. This issue affects AnyRoad: from n/a through 1.3.2.	详情
523db9d669cd7bd5a13f39dd9b0539e2	CVE-2025-23994	2025-01-21 18:15:17	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatebud Estatebud – Properties & Listings allows Stored XSS. This issue affects Estatebud – Properties & Listings: from n/a through 5.5.0.	详情
041117659363a3a7f8cc73c363c3dc0c	CVE-2025-24337	2025-01-20 14:15:27	WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.	详情
9f813f3f046f9dcd3a893f2aa24fea2c	CVE-2025-21655	2025-01-20 14:15:27	In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directly if the refcount drops to zero. This isn't correct, as any potential freeing of the io_ev_fd should be deferred another RCU grace period. Just call io_eventfd_put() rather than open-code the dec-and-test and free, which will correctly defer it another RCU grace period.	详情
884c68164dc181cae44b67d30e9ed9db	CVE-2024-13176	2025-01-20 14:15:26	Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low.	详情
1a8fc5b6ad4053fc025224dc2e070c95	CVE-2023-52923	2025-01-20 10:48:13	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: adapt set backend to use GC transaction API Use the GC transaction API to replace the old and buggy gc API and the busy mark approach. No set elements are removed from async garbage collection anymore, instead the _DEAD bit is set on so the set element is not visible from lookup path anymore. Async GC enqueues transaction work that might be aborted and retried later. rbtree and pipapo set backends does not set on the _DEAD bit from the sync GC path since this runs in control plane path where mutex is held. In this case, set elements are deactivated, removed and then released via RCU callback, sync GC never fails.	详情
1f4000f198b297d781340dc3dfdbc6a6	CVE-2025-0590	2025-01-20 07:17:10	Improper permission settings for mobile applications (com.transsion.carlcare) may lead to information leakage risk.	详情
c4df16c25f8484681234c90fb51aa38d	CVE-2025-0586	2025-01-20 03:15:09	The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution.	详情
57c64641138b9e0a14974ba0ceaae4b3	CVE-2025-0585	2025-01-20 03:15:09	The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.	详情
d54818cca93ccf4c67cf428ff157990f	CVE-2025-0584	2025-01-20 03:15:09	The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network.	详情
5cd84b3f052ac13a6fe560b0047fc444	CVE-2025-0582	2025-01-20 03:15:08	A vulnerability classified as critical was found in itsourcecode Farm Management System up to 1.0. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigphoto leads to unrestricted upload. The attack can be initiated remotely.	详情
6cf94fbff9b3a77ea94e58b699285f0e	CVE-2025-0581	2025-01-20 03:15:08	A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. This affects an unknown part of the file /chat/group/send of the component Chat History. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.	详情
de48939a638f970caa51f9ec709ba4c2	CVE-2024-41783	2025-01-19 15:15:21	IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of a specified type of input.	详情
d359dcd7a6132f7e4843a87239679d6c	CVE-2024-41743	2025-01-19 15:15:20	IBM TXSeries for Multiplatforms 10.1 could allow a remote attacker to cause a denial of service using persistent connections due to improper allocation of resources.	详情
9a53550bdd172293c92317f3bd7972a3	CVE-2024-41742	2025-01-19 15:15:20	IBM TXSeries for Multiplatforms 10.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.	详情
eec34ac8336beb9ed80725fdf951be59	CVE-2024-38337	2025-01-19 15:15:19	IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments.	详情
657d280076176411fecda454df1640b2	CVE-2024-57929	2025-01-19 12:15:27	In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dm_array_cursor_end When dm_bm_read_lock() fails due to locking or checksum errors, it releases the faulty block implicitly while leaving an invalid output pointer behind. The caller of dm_bm_read_lock() should not operate on this invalid dm_block pointer, or it will lead to undefined result. For example, the dm_array_cursor incorrectly caches the invalid pointer on reading a faulty array block, causing a double release in dm_array_cursor_end(), then hitting the BUG_ON in dm-bufio cache_put(). Reproduce steps: 1. initialize a cache device dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc $262144" dd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" 2. wipe the second array block offline dmsteup remove cache cmeta cdata corig mapping_root=$(dd if=/dev/sdc bs=1c count=8 skip=192 \ 2>/dev/null \| hexdump -e '1/8 "%u\n"') ablock=$(dd if=/dev/sdc bs=1c count=8 skip=$((4096*mapping_root+2056)) \ 2>/dev/null \| hexdump -e '1/8 "%u\n"') dd if=/dev/zero of=/dev/sdc bs=4k count=1 seek=$ablock 3. try reopen the cache device dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc $262144" dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" Kernel logs: (snip) device-mapper: array: array_block_check failed: blocknr 0 != wanted 10 device-mapper: block manager: array validator check failed for block 10 device-mapper: array: get_ablock failed device-mapper: cache metadata: dm_array_cursor_next for mapping failed ------------[ cut here ]------------ kernel BUG at drivers/md/dm-bufio.c:638! Fix by setting the cached block pointer to NULL on errors. In addition to the reproducer described above, this fix can be verified using the "array_cursor/damaged" test in dm-unit: dm-unit run /pdata/array_cursor/damaged --kernel-dir	详情
5bcd158a64fce146cb27cfce0d093813	CVE-2024-57928	2025-01-19 12:15:26	In the Linux kernel, the following vulnerability has been resolved: netfs: Fix enomem handling in buffered reads If netfs_read_to_pagecache() gets an error from either ->prepare_read() or from netfs_prepare_read_iterator(), it needs to decrement ->nr_outstanding, cancel the subrequest and break out of the issuing loop. Currently, it only does this for two of the cases, but there are two more that aren't handled. Fix this by moving the handling to a common place and jumping to it from all four places. This is in preference to inserting a wrapper around netfs_prepare_read_iterator() as proposed by Dmitry Antipov[1].	详情
ce1f6002f7dc4c159babd26911bd51ba	CVE-2024-57927	2025-01-19 12:15:26	In the Linux kernel, the following vulnerability has been resolved: nfs: Fix oops in nfs_netfs_init_request() when copying to cache When netfslib wants to copy some data that has just been read on behalf of nfs, it creates a new write request and calls nfs_netfs_init_request() to initialise it, but with a NULL file pointer. This causes nfs_file_open_context() to oops - however, we don't actually need the nfs context as we're only going to write to the cache. Fix this by just returning if we aren't given a file pointer and emit a warning if the request was for something other than copy-to-cache. Further, fix nfs_netfs_free_request() so that it doesn't try to free the context if the pointer is NULL.	详情
9873631e568f9d23e78e7f43caf6e8da	CVE-2024-57926	2025-01-19 12:15:26	In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err The pointer need to be set to NULL, otherwise KASAN complains about use-after-free. Because in mtk_drm_bind, all private's drm are set as follows. private->all_drm_private[i]->drm = drm; And drm will be released by drm_dev_put in case mtk_drm_kms_init returns failure. However, the shutdown path still accesses the previous allocated memory in drm_atomic_helper_shutdown. [ 84.874820] watchdog: watchdog0: watchdog did not stop! [ 86.512054] ================================================================== [ 86.513162] BUG: KASAN: use-after-free in drm_atomic_helper_shutdown+0x33c/0x378 [ 86.514258] Read of size 8 at addr ffff0000d46fc068 by task shutdown/1 [ 86.515213] [ 86.515455] CPU: 1 UID: 0 PID: 1 Comm: shutdown Not tainted 6.13.0-rc1-mtk+gfa1a78e5d24b-dirty #55 [ 86.516752] Hardware name: Unknown Product/Unknown Product, BIOS 2022.10 10/01/2022 [ 86.517960] Call trace: [ 86.518333] show_stack+0x20/0x38 (C) [ 86.518891] dump_stack_lvl+0x90/0xd0 [ 86.519443] print_report+0xf8/0x5b0 [ 86.519985] kasan_report+0xb4/0x100 [ 86.520526] __asan_report_load8_noabort+0x20/0x30 [ 86.521240] drm_atomic_helper_shutdown+0x33c/0x378 [ 86.521966] mtk_drm_shutdown+0x54/0x80 [ 86.522546] platform_shutdown+0x64/0x90 [ 86.523137] device_shutdown+0x260/0x5b8 [ 86.523728] kernel_restart+0x78/0xf0 [ 86.524282] __do_sys_reboot+0x258/0x2f0 [ 86.524871] __arm64_sys_reboot+0x90/0xd8 [ 86.525473] invoke_syscall+0x74/0x268 [ 86.526041] el0_svc_common.constprop.0+0xb0/0x240 [ 86.526751] do_el0_svc+0x4c/0x70 [ 86.527251] el0_svc+0x4c/0xc0 [ 86.527719] el0t_64_sync_handler+0x144/0x168 [ 86.528367] el0t_64_sync+0x198/0x1a0 [ 86.528920] [ 86.529157] The buggy address belongs to the physical page: [ 86.529972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff0000d46fd4d0 pfn:0x1146fc [ 86.531319] flags: 0xbfffc0000000000(node=0\|zone=2\|lastcpupid=0xffff) [ 86.532267] raw: 0bfffc0000000000 0000000000000000 dead000000000122 0000000000000000 [ 86.533390] raw: ffff0000d46fd4d0 0000000000000000 00000000ffffffff 0000000000000000 [ 86.534511] page dumped because: kasan: bad access detected [ 86.535323] [ 86.535559] Memory state around the buggy address: [ 86.536265] ffff0000d46fbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.537314] ffff0000d46fbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.538363] >ffff0000d46fc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.544733] ^ [ 86.551057] ffff0000d46fc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.557510] ffff0000d46fc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.563928] ================================================================== [ 86.571093] Disabling lock debugging due to kernel taint [ 86.577642] Unable to handle kernel paging request at virtual address e0e9c0920000000b [ 86.581834] KASAN: maybe wild-memory-access in range [0x0752049000000058-0x075204900000005f] ...	详情
53a5e99c6046837e0c020c4e33fea592	CVE-2024-57925	2025-01-19 12:15:26	In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix a missing return value check bug In the smb2_send_interim_resp(), if ksmbd_alloc_work_struct() fails to allocate a node, it returns a NULL pointer to the in_work pointer. This can lead to an illegal memory write of in_work->response_buf when allocate_interim_rsp_buf() attempts to perform a kzalloc() on it. To address this issue, incorporating a check for the return value of ksmbd_alloc_work_struct() ensures that the function returns immediately upon allocation failure, thereby preventing the aforementioned illegal memory access.	详情
141b1d19c29c6ff5ae5eb764551b118e	CVE-2024-57924	2025-01-19 12:15:26	In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem >encode_fh() method that may fail for various reasons. The legacy users of exportfs_encode_fh(), namely, nfsd and name_to_handle_at(2) syscall are ready to cope with the possibility of failure to encode a file handle. There are a few other users of exportfs_encode_{fh,fid}() that currently have a WARN_ON() assertion when ->encode_fh() fails. Relax those assertions because they are wrong. The second linked bug report states commit 16aac5ad1fa9 ("ovl: support encoding non-decodable file handles") in v6.6 as the regressing commit, but this is not accurate. The aforementioned commit only increases the chances of the assertion and allows triggering the assertion with the reproducer using overlayfs, inotify and drop_caches. Triggering this assertion was always possible with other filesystems and other reasons of ->encode_fh() failures and more particularly, it was also possible with the exact same reproducer using overlayfs that is mounted with options index=on,nfs_export=on also on kernels < v6.6. Therefore, I am not listing the aforementioned commit as a Fixes commit. Backport hint: this patch will have a trivial conflict applying to v6.6.y, and other trivial conflicts applying to stable kernels < v6.6.	详情

国家信息安全漏洞共享平台（CNVD） [TOP 30]	CVES	TIME	TITLE	URL
8686fda9b2b49e4e1666b54e2248f935	CNVD-2021-74882	2021-11-14 16:43:52	四创科技有限公司建站系统存在SQL注入漏洞	详情
8f6972d84ad188b05ff9cc14d4334949	CNVD-2021-87021 (CVE-2020-4690)	2021-11-12 12:43:14	IBM Security Guardium硬编码凭证漏洞	详情
3bfe7b053a0c59d8a3d38c18f86aa143	CNVD-2021-87022 (CVE-2021-38870)	2021-11-12 12:43:12	IBM Aspera跨站脚本漏洞	详情
a4649bb17f4db4d1c7f879ebceb46ed0	CNVD-2021-87011 (CVE-2021-29753)	2021-11-12 12:43:11	IBM Business Automation Workflow存在未明漏洞	详情
094c613f9ed4b8b9d887dc912789043c	CNVD-2021-87025 (CVE-2021-20563)	2021-11-12 12:43:10	IBM Sterling File Gateway信息泄露漏洞	详情
41c47f01a4c65dcb6efc9ebf483fe762	CNVD-2021-87010 (CVE-2021-38887)	2021-11-12 12:43:08	IBM InfoSphere Information Server信息泄露漏洞	详情
f51d33e7a09fd61ca90ede453515a830	CNVD-2021-87016 (CVE-2021-29764)	2021-11-12 12:43:07	IBM Sterling B2B Integrator跨站脚本漏洞	详情
33615a5f78df822e82e6d3436045c48c	CNVD-2021-87026 (CVE-2021-38877)	2021-11-12 12:43:06	IBM Jazz for Service Management跨站脚本漏洞	详情
8e729177bcb4105dd831fb1e123ed1bb	CNVD-2021-87014 (CVE-2021-29679)	2021-11-12 12:43:04	IBM Cognos Analytics远程代码执行漏洞	详情
1a3b856f78e9fbdca12aeddc7d665aca	CNVD-2021-87029 (CVE-2021-29752)	2021-11-12 12:43:03	IBM Db2信息泄露漏洞	详情
6f1aa3a0cb819d97519baa47fd0232d5	CNVD-2021-87015 (CVE-2021-29745)	2021-11-12 12:43:02	IBM Cognos Analytics权限提升漏洞	详情
cbcb12f5f51d6e7d6d8a9fa581aa863a	CNVD-2021-73908	2021-11-11 16:42:44	泛微e-cology存在SQL注入漏洞	详情
ae6fd467da55de31aa7219187cf5c2d4	CNVD-2021-86904 (CVE-2021-20351)	2021-11-11 08:31:46	IBM Engineering跨站脚本漏洞	详情
412a15b40959ed9cf9330ee79f99e079	CNVD-2021-86903 (CVE-2021-31173)	2021-11-11 08:31:44	Microsoft SharePoint Server信息泄露漏洞	详情
1cbc5d5faac431d3e82c9e5ea9588b5f	CNVD-2021-86902 (CVE-2021-31172)	2021-11-11 08:31:43	Microsoft SharePoint欺骗漏洞	详情
686c7cfb20933b41c3d679cbba79a2ad	CNVD-2021-86901 (CVE-2021-31181)	2021-11-11 08:31:42	Microsoft SharePoint远程代码执行漏洞	详情
72fdfb2d44c0d41d638e4632bdfc10b8	CNVD-2021-86900 (CVE-2021-3561)	2021-11-11 08:31:41	fig2dev缓冲区溢出漏洞	详情
3ba6f0e9394f9414e2cadb9495e2d5f5	CNVD-2021-85884 (CVE-2021-41210)	2021-11-10 07:24:57	Google TensorFlow堆分配数组越界读取漏洞	详情
4d8c4744ea972fb2fcb9673fea1fc7b7	CNVD-2021-85883 (CVE-2021-41226)	2021-11-10 07:24:56	Google TensorFlow堆越界访问漏洞	详情
8778f9cd924cae585ca5e2e0b8be3b3f	CNVD-2021-85882 (CVE-2021-41224)	2021-11-10 07:24:54	Google TensorFlow堆越界访问漏洞	详情
e1b2722e6d5c509c680b584416d9cb20	CNVD-2021-85881 (CVE-2021-42770)	2021-11-10 07:24:53	OPNsense跨站脚本漏洞	详情
ed09c9fa5586e2d4d9b4e95fe3b447a0	CNVD-2021-85880 (CVE-2021-28024)	2021-11-10 07:24:52	ServiceTonic访问控制不当漏洞	详情
8a642f0922f7f915e81b2b947276a96c	CNVD-2021-85879 (CVE-2021-28023)	2021-11-10 07:24:50	ServiceTonic任意文件上传漏洞	详情
c00b061c2cfdee4016a869a188135db5	CNVD-2021-85878 (CVE-2021-28022)	2021-11-10 07:24:49	ServiceTonic SQL注入漏洞	详情
9c4b20a28ad2bd4ab916448f0e1272bd	CNVD-2021-85877 (CVE-2021-32483)	2021-11-10 07:24:48	Cloudera Manager不正确访问控制漏洞	详情
4d4423857b7b1f38e49738f00e8949ba	CNVD-2021-85876 (CVE-2021-32481)	2021-11-10 07:24:46	Cloudera Hue跨站脚本漏洞	详情
6b12b7fc216d603e8e07351603851c86	CNVD-2021-85875 (CVE-2021-29994)	2021-11-10 07:24:45	Cloudera Hue跨站脚本漏洞	详情
72894fb3a3538de240d2f6810aae63c9	CNVD-2021-85892 (CVE-2021-42701)	2021-11-10 02:38:27	DAQFactory中间人攻击漏洞	详情
94a1f99a64ba24540cc1594d0a0b3152	CNVD-2021-85893 (CVE-2021-42699)	2021-11-10 02:38:26	DAQFactory明文传输漏洞	详情
5d9bac33be8f2f88391f6de02fb89c73	CNVD-2021-85894 (CVE-2021-42698)	2021-11-10 02:38:24	DAQFactory反序列化漏洞	详情

国家信息安全漏洞库（CNNVD） [TOP 30]	CVES	TIME	TITLE	URL
b5815af17792cf5abac5732bae3094e9	CNNVD-202308-131 (CVE-2023-20215)	2023-08-03 12:41:47	Cisco Secure Web Appliance 安全漏洞	详情
8d98bb094a70919c9e881cc7da5898d4	CNNVD-202308-132 (CVE-2023-20204)	2023-08-03 12:40:44	Cisco BroadWorks CommPilot 安全漏洞	详情
c65e18d821cb73d6036dc2df6a726951	CNNVD-202308-123 (CVE-2023-29409)	2023-08-02 12:45:03	Google Golang 资源管理错误漏洞	详情
452c53b54ef3a658eaf6bd8e7d93fe05	CNNVD-202308-124 (CVE-2023-4070)	2023-08-02 12:44:01	Google Chrome 安全漏洞	详情
ac7b17414d163c2f26008516638e3a99	CNNVD-202308-125 (CVE-2023-39113)	2023-08-02 12:42:59	ngiflib 安全漏洞	详情
224fd467b813dbee234efe1e61e2ec66	CNNVD-202308-126 (CVE-2023-39114)	2023-08-02 12:42:57	ngiflib 安全漏洞	详情
72d862f454eb3d0e4dd221413d85f6b2	CNNVD-202308-127 (CVE-2023-1437)	2023-08-02 12:42:55	Advantech WebAccess/SCADA 安全漏洞	详情
a3b636c53a2116b7ab85ea0c29470e76	CNNVD-202308-128 (CVE-2023-3329)	2023-08-02 12:42:53	SpiderControl SCADA Webserver 路径遍历漏洞	详情
0e8e3c3600e145e70920c2026bde8feb	CNNVD-202308-129 (CVE-2023-4069)	2023-08-02 12:42:51	Google Chrome 安全漏洞	详情
619ce483843859fb783525b2b8d00f59	CNNVD-202308-130 (CVE-2023-4068)	2023-08-02 12:41:48	Google Chrome 安全漏洞	详情
6a73381eaa628503bd8c242cd313f005	CNNVD-202308-057 (CVE-2023-36121)	2023-08-01 12:48:12	e107 跨站脚本漏洞	详情
086c171bc44677f87e0ad45c8ab5dab6	CNNVD-202308-058 (CVE-2023-2164)	2023-08-01 12:47:10	GitLab 跨站脚本漏洞	详情
bc6915cfb72ce7e27f2aa64ff3a35ee2	CNNVD-202308-059 (CVE-2023-31432)	2023-08-01 12:47:08	Brocade Fabric OS 安全漏洞	详情
915090fa2939ee9d9978125be4eeff27	CNNVD-202308-060 (CVE-2023-3739)	2023-08-01 12:46:07	Google Chrome 安全漏洞	详情
b790441bc923d37c914ea50edcdfaa16	CNNVD-202308-061 (CVE-2023-3385)	2023-08-01 12:46:05	GitLab 路径遍历漏洞	详情
a6be4479387eddda68e1c7808965c1bc	CNNVD-202308-062 (CVE-2022-40609)	2023-08-01 12:46:03	IBM SDK, Java Technology Edition 安全漏洞	详情
55409ee74ffe87168f7d61814b568334	CNNVD-202308-063 (CVE-2023-31431)	2023-08-01 12:46:02	Brocade Fabric OS 安全漏洞	详情
a4340da9d26800c671fa800a080c3d01	CNNVD-202308-064 (CVE-2023-36210)	2023-08-01 12:45:00	MotoCMS 安全漏洞	详情
d70ae2187ae1aa50a2af6befce15bfbd	CNNVD-202308-065 (CVE-2023-31428)	2023-08-01 12:43:58	Brocade Fabric OS 代码问题漏洞	详情
8b0e98f117732e813318bdec77d0fb4b	CNNVD-202308-066 (CVE-2023-31928)	2023-08-01 12:42:57	Brocade Fabric OS 跨站脚本漏洞	详情
73ffd9540daad0a04d3d54041ba9df14	CNNVD-202307-2321 (CVE-2023-37772)	2023-07-31 12:44:10	Online Shopping Portal 安全漏洞	详情
10f462bbd81ee431ab32c6a160fc068d	CNNVD-202307-2322 (CVE-2023-3983)	2023-07-31 12:44:08	Advantech iView 安全漏洞	详情
91dcd4420b85064dbae045bceabb71b9	CNNVD-202307-2323 (CVE-2023-37496)	2023-07-31 12:44:07	HCL Technologies HCL Verse 安全漏洞	详情
c81e50233ec479272b638b8dbddedeea	CNNVD-202307-2324 (CVE-2023-38989)	2023-07-31 12:44:05	jeesite 安全漏洞	详情
775849c6f8c5fe41588806137e12cfa8	CNNVD-202307-2326 (CVE-2023-3462)	2023-07-31 12:44:03	HashiCorp Vault 安全漏洞	详情
f995ebc4f6961ed50c6d18ec0f7efcf4	CNNVD-202307-2327 (CVE-2022-42183)	2023-07-31 12:44:01	Precisely Spectrum Spatial Analyst 安全漏洞	详情
67539644d8b06577c03aeab1ac018450	CNNVD-202307-2328 (CVE-2022-42182)	2023-07-31 12:43:59	Precisely Spectrum Spatial Analyst 安全漏洞	详情
b61f0e730dfb90bb1c6f8f6e83508ae7	CNNVD-202307-2329 (CVE-2023-39122)	2023-07-31 12:43:56	BMC Control-M 安全漏洞	详情
a09d1da1d10d2b5f823d7b8b41490660	CNNVD-202307-2330 (CVE-2023-3825)	2023-07-31 12:42:54	PTC Kepware KEPServerEX 资源管理错误漏洞	详情
05caf2e95b7a0f72e0c071c443e1d82b	CNNVD-202307-2331 (CVE-2023-4033)	2023-07-31 12:42:52	Mlflow 操作系统命令注入漏洞	详情

奇安信 [TOP 30]	CVES	TIME	TITLE	URL
45ab4afdafe578698bcfccccd65d833e		yt	QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞（ADV200006）通告	详情
74691465618764c64d52a2ff58013ac4		yt	QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞（CVE-2019-11707）预警通告	详情
6bd01daffa85191c80698354fc8e252f		wt	QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告	详情
59085bf4ae9a7a3802468d9764c94968		wt	QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告	详情
7010355bb6ffff38cb1a885acf784ca7		ft	QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞（CVE-2020-0796）通告	详情
5edb21a58a7e21692bd0ddd622d39279		St	QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞（CVE-2020-1350）通告	详情
3e8973410ef7c04408d63fa10c230487		St	QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞（CVE-2020-0674）通告	详情
e8bc02a0c3bfbafd4c84d9ec26e9bede		St	QianxinTI-SV-2020-0001 微软核心加密库漏洞（CVE-2020-0601）通告	详情
f749eac58b87d0954f0e4a84b5d67057	CVE-2020-1350	2020-07-15 15:57:00	QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞（CVE-2020-1350）通告	详情
90b93cb7073fe73b17746ac166a09637	CVE-2020-6819, CVE-2020-6820	2020-04-08 10:34:35	QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞（CVE-2020-6819、CVE-2020-6820）通告	详情
e318a5efa4803b50cdef480b90b1784d		2020-03-25 13:58:51	QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞（ADV200006）通告	详情
cffc3035f7899495cfeae521451f91b2	CVE-2020-0796	2020-03-12 10:32:09	QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞（CVE-2020-0796）通告	详情
3e6175d47d17c6f94bd9ba10d81c3717	CVE-2020-0674	2020-03-02 14:52:46	QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞（CVE-2020-0674）通告	详情
d99d073afb7d248a8a62fb068921997f	CVE-2020-0601	2020-01-15 14:11:41	QianxinTI-SV-2020-0001 微软核心加密库漏洞（CVE-2020-0601）通告	详情
b7b45b14a3af1225ef6eec72d74964df	CVE-2019-1367	2019-09-25 17:23:00	QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告	详情
504fc79f0123db109a11b149c334b75c	CVE-2019-0708	2019-09-09 10:20:47	QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞（CVE-2019-0708）预警通告	详情
5b727692d583d4a6e7cdb0f670eac12a	CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226	2019-08-14 11:09:05	QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告	详情
54b48d765fccbc8dcfa3de0920459f8d	CVE-2019-11707	2019-06-19 16:53:47	QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞（CVE-2019-11707）预警通告	详情
5b4d5fea09fbc2dca45be53f162d39de	CVE-2019-0708	2019-05-31 17:03:19	QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞（CVE-2019-0708）预警通告	详情

安全客 [TOP 30]	CVES	TIME	TITLE	URL
03afa8b4eaf4a0160784152fca5465b2	CVE-2021-27308	2021-07-11 14:22:05	4images 跨站脚本漏洞	详情
8b0ace4c54a7fc20a99d21e294152a99	CVE-2020-15261	2021-07-11 14:22:05	Veyon Service 安全漏洞	详情
d4f12de949590ab346b61986a29d8b4d	CVE-2021-35039	2021-07-09 17:30:13	Linux kernel 安全漏洞	详情
f790e7ef3b5de3774d42ee32b9b10c01	CVE-2021-34626	2021-07-09 17:30:13	WordPress 访问控制错误漏洞	详情
71bf261eb2113d5ff870ab9bafd29f55	CVE-2021-25952	2021-07-09 17:30:13	just-safe-set 安全漏洞	详情
152793cbc104933584f5f227606f433d	CVE-2021-0597	2021-07-09 17:30:13	Google Android 信息泄露漏洞	详情
75f153c327984fdfdd2d9c463a91371d	CVE-2021-34430	2021-07-09 17:30:13	Eclipse TinyDTLS 安全特征问题漏洞	详情
9610336f1a41241cc8edea22a2780ec5	CVE-2021-3638	2021-07-09 17:30:13	QEMU 安全漏洞	详情
92fe450ae5c5dfa48072aca79d64ba63	CVE-2021-34614	2021-07-09 14:24:32	Aruba ClearPass Policy Manager 安全漏洞	详情
680a4218fc32922746717210664a3d62	CVE-2021-22144	2021-07-09 13:28:16	Elasticsearch 安全漏洞	详情
373930f669f2c1f7b61101a925304779	CVE-2021-24022	2021-07-09 13:28:16	Fortinet FortiManager 安全漏洞	详情
8556f9cd0699f88c1f6cca9a43463bdd	CVE-2021-33012	2021-07-09 13:28:16	Allen Bradley Micrologix 1100输入验证错误漏洞	详情
480ae713cc88cc0985e1ebc079974d83	CVE-2021-0592	2021-07-09 13:28:16	Google Android 安全漏洞	详情
8ef4dbefa6604ea2312621401c3ec0b9	CVE-2021-1598	2021-07-09 13:28:16	Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞	详情
d6e8714c32df7a0dcc2f3910ec68b42d	CVE-2021-20782	2021-07-09 13:28:16	Software License Manager 跨站请求伪造漏洞	详情
4e60b22611b8bb0fd7e532896498af29	CVE-2021-20781	2021-07-09 13:28:16	WordPress 跨站请求伪造漏洞	详情
5ca48ad58fb499c069ae0800c3b39875	CVE-2021-32961	2021-07-09 13:28:16	MDT AutoSave代码问题漏洞	详情
2ed854890b43f08e52340a1e8fe6d39f	CVE-2021-0577	2021-07-09 13:28:16	Google Android 安全漏洞	详情
8d63110e1475bbd245715b2ee1824d13	CVE-2021-31816	2021-07-09 13:28:16	Octopus Server 安全漏洞	详情
72bef2ae2f5db7dd066e1cdefa618dc5	CVE-2021-31817	2021-07-09 13:28:16	Octopus Server 安全漏洞	详情
1f7369b2609dbd2cd40d091f7de540cd	CVE-2020-20217	2021-07-09 13:28:16	Mikrotik RouterOs 安全漏洞	详情
1793176eecc5813c3348f026dc9909c9	CVE-2020-28598	2021-07-09 13:28:16	PrusaSlicer 安全漏洞	详情
7f4cf34ceb545548dcfcc3c0e7120268	CVE-2021-32945	2021-07-09 13:28:16	MDT AutoSave加密问题漏洞	详情
58553eb00d6e3e83b633f09464c4e98a	CVE-2021-29712	2021-07-09 13:28:16	IBM InfoSphere Information Server 跨站脚本漏洞	详情
d8e27ec42fb0b89998fcc006f49b249b	CVE-2021-25432	2021-07-09 13:28:16	Samsung Members 信息泄露漏洞	详情
8f2adc6c247725bf2eb7f53256c93ea7	CVE-2021-25433	2021-07-09 13:28:16	Samsung Tizen安全漏洞	详情
8f949676124339eb6f64f9c607af5470	CVE-2021-25431	2021-07-09 13:28:16	Samsung Mobile Device Cameralyzer 访问控制错误漏洞	详情
069818a8958f9c158fcb0956ee32fc03	CVE-2021-25434	2021-07-09 13:28:16	Samsung Tizen 代码注入漏洞	详情
55b9126220b9722ff5d730d3996877e9	CVE-2021-32949	2021-07-09 13:28:16	MDT AutoSave 路径遍历漏洞	详情
ebab009fffdee3d360dcdff74b0ed061	CVE-2021-25435	2021-07-09 13:28:16	Samsung Tizen代码注入漏洞	详情

斗象 [TOP 30]	CVES	TIME	TITLE	URL
096b6298d82574500dc1a14c9dba4065	CVE-2022-22038, CVE-2022-22047, CVE-2022-30216, CVE-2022-22029	2022-07-15 00:38:28	微软2022年7月补丁日漏洞通告	详情
6018f718b2d751478bf1ce069ac65f0d	CVE-2022-2185	2022-07-01 09:02:05	GitLab 远程代码执行漏洞(CVE-2022-2185)	详情
844719cf0bb4843aff73d2f33cc6dd0b	CVE-2022-30190, CVE-2022-30136	2022-06-15 05:48:12	微软2022年6月补丁日漏洞通告	详情
8b47000e1abfbacdadb7df6f09152d89	CVE-2022-26134	2022-06-03 05:48:38	Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134)	详情
eebe93468b36d2ca24cf4b82136a5635	CVE-2022-30190	2022-05-31 13:57:17	Microsoft Windows MSDT 远程代码执行漏洞(CVE-2022-30190)	详情
95525e3f5907a776dc7cd4f87f2e2154		2022-05-23 07:11:04	Fastjson 反序列化漏洞	详情
945fd6e612634d9721f861833f1ecb75	CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923	2022-05-11 03:45:48	微软2022年5月补丁日漏洞通告	详情
e2938ff82d0cc152508e0240697def4c	CVE-2022-1388	2022-05-06 05:53:04	F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388)	详情
bcf7253d2ee580c618737de137d370c4	CVE-2022-29464	2022-04-22 02:21:17	WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464)	详情
07c09799b08afb04c63a9de750b70aca	CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904	2022-04-13 07:51:00	微软2022年4月补丁日漏洞通告	详情
f5b543501ed5679d423411edac502e24	CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961	2022-04-08 03:49:31	VMware 产品多个高危漏洞通告	详情
f421bcdb306e2bc1ffbf58fcb024a0dd		2022-03-29 17:11:30	Spring 框架远程代码执行漏洞	详情
0473358d95e58c7c3f2e7db0109f56f4		2022-03-29 17:11:30	Spring Framework 远程代码执行漏洞(CVE-2022-22965)	详情
a888c948ca1172f8a06a3879479f1de4	CVE-2022-22965	2022-03-29 17:11:30	Spring Framework 远程代码执行漏洞(CVE-2022-22965)	详情
71ed541bb737196268b75c7ba435e1a9		2022-03-28 04:57:30	Spring Cloud Function SpEL表达式注入漏洞	详情
f7a5dcd376be777c6593a29b8ebd411a	CVE-2022-0778	2022-03-18 07:09:22	OpenSSL拒绝服务漏洞(CVE-2022-0778)	详情
6c4124fed44906a79843cd2dd383c695	CVE-2022-0847	2022-03-15 03:32:03	Linux Kernel本地提权漏洞（CVE-2022-0847）	详情
a2795e4829bff16f108cf191eba663c3	CVE-2022-21990, CVE-2022-24508, CVE-2022-23277	2022-03-11 02:14:56	微软2022年3月补丁日漏洞通告	详情
d09f0641bf65c64a16d802cd78e14097	CVE-2022-0847	2022-03-08 08:23:08	Linux 内核本地提权漏洞(CVE-2022-0847)	详情
69052e2a8c09416f5df674f92cba25a6	CVE-2022-22947	2022-03-02 11:42:55	Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947)	详情
5f42b6f584a9ace426787dc8dfd6e6e5		2022-02-16 10:44:18	向日葵远程命令执行漏洞(CNVD-2022-10270)	详情
79556071f6236ab4674f75b3beee4d79	CVE-2022-24112	2022-02-11 06:13:35	Apache APISIX 远程代码执行漏洞 (CVE-2022-24112)	详情
485f2c57713f4a39830e8c2d01e43cfe	CVE-2021-4034	2022-01-26 06:19:16	Linux Polkit 权限提升漏洞(CVE-2021-4034)	详情
0aa6eab412c0318b74c6a470ee774df1	CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919	2022-01-12 03:44:50	微软2022年1月补丁日漏洞通告	详情
88a8c676b52a739c0335d7c21ca810a9		2022-01-06 08:19:17	MeterSphere 远程代码执行漏洞	详情
76cad61d2d5a8750a6a714ab2c6dbc97	CVE-2021-45232	2021-12-28 10:31:16	Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232)	详情
af4f5f63390eb00de8705b5029d8c376	CVE-2021-44228, CVE-2021-45046	2021-12-14 01:56:52	Apache Log4j 远程代码执行漏洞	详情
43456ae172e45c12087c40c03d925e0e	CVE-2021-44228	2021-12-11 03:21:34	Apache Log4j 远程代码执行漏洞	详情
392b133d98d6f61aee36ce6c8784f4df		2021-12-09 15:20:54	Apache Log4j 远程代码执行漏洞	详情
1e193280a8f45427c06cb4945be4f126		2021-12-07 06:48:55	Grafana 任意文件读取漏洞	详情

红后 [TOP 30]	CVES	TIME	TITLE	URL
6fa0a347889bf0da0cae47ef068a6a99	CVE-2023-32836	2023-11-16 21:05:37	GOOGLE ANDROID Vulnerability	详情
49751f9f84ed69956c96cc87959ec666	CVE-2021-22499	2023-11-16 21:05:34	Micro Focus Application Performance Management 跨站脚本漏洞	详情
eaa040f80d817832a627456843d3e24c	CVE-2021-23883	2023-11-16 21:05:33	迈克菲 McAfee Endpoint Security 代码问题漏洞	详情
d52ddce51389f668d6fad6e7044bd974	CVE-2021-23878	2023-11-16 21:05:33	迈克菲 McAfee Endpoint Security 加密问题漏洞	详情
b62432054e9970a34c4d9e4d9efd1075	CVE-2023-32838	2023-11-16 21:05:33	GOOGLE ANDROID Vulnerability	详情
162855c32b8e1a1dafd6ef3e7a3b3da8	CVE-2022-43554	2023-11-16 21:05:33	IVANTI AVALANCHE Vulnerability	详情
dff8e982c8571446fc1d46fdb5263781	CVE-2021-21019	2023-11-16 21:05:33	Adobe Magento 注入漏洞	详情
5c28bf13629d4240819bb4f492d588a9	CVE-2022-34396	2023-11-15 21:56:12	DELL OPENMANAGE_SERVER_ADMINISTRATOR Vulnerability	详情
8876fd1be50182e42f17aaf033bfaf25	CVE-2022-45098	2023-11-15 21:56:10	DELL EMC_POWERSCALE_ONEFS Vulnerability	详情
d8a4cb7ca4e0f29533302f9f97f22a55	CVE-2022-45102	2023-11-15 21:55:56	DELL Multiple product Vulnerability	详情
72e081fb5149198ecc92f3f06383f0d5	CVE-2023-0512	2023-11-15 21:55:53	VIM VIM Vulnerability	详情
741e4f08caf4baef7072136884f07ae6	CVE-2023-24829	2023-11-15 21:55:48	APACHE IOTDB Vulnerability	详情
06eca26d44409544e5ec96702bf85ce0	CVE-2023-23628	2023-11-15 21:54:44	METABASE METABASE Vulnerability	详情
830da4b9e4f027d37c9e39125a30cc18	CVE-2022-3488	2023-11-15 21:54:27	ISC BIND Vulnerability	详情
93ceb6d645101eee2b05535717260299	CVE-2022-45808	2023-11-15 21:54:21	THIMPRESS LEARNPRESS Vulnerability	详情
d79756a4e0c6522a5ba958c82d0b4c88	CVE-2023-22482	2023-11-15 21:54:17	LINUXFOUNDATION ARGO-CD Vulnerability	详情
1c317622086c85695ff9266e3c5cf66f	CVE-2022-4323	2023-11-15 21:54:16	SUMO GOOGLE_ANALYTICATOR Vulnerability	详情
6e8e12e7cd90fd6550e5cef8c12a4a50	CVE-2023-24069	2023-11-15 21:54:13	SIGNAL SIGNAL-DESKTOP Vulnerability	详情
de78bbaf8c5f6d744b657b8b7733d20e	CVE-2023-24044	2023-11-15 21:54:12	PLESK OBSIDIAN Vulnerability	详情
44e1e95916d186bbbc5cabca01532712	CVE-2022-41733	2023-11-15 21:54:05	IBM INFOSPHERE_INFORMATION_SERVER Vulnerability	详情
136d79ca309f157fcf93764b6993609c	CVE-2022-20752	2023-11-15 20:59:35	Cisco Unified Communications Manager 和 Cisco Unity Connection安全漏洞	详情
cfa598cc25996bf7c25d8622f86868f3	CVE-2022-32208	2023-11-15 20:59:35	curl 缓冲区错误漏洞	详情
5dc2248c28a031fb6cb3e94f714da748	CVE-2021-31677	2023-11-15 20:59:35	PESCMS 跨站请求伪造漏洞	详情
2df25199d06527c66c1929ede927aa18	CVE-2022-20800	2023-11-15 20:59:35	Cisco Unified Communications Manager 跨站脚本漏洞	详情
537152d5106a70b12b4e0204db3ba5b3	CVE-2022-2304	2023-11-15 20:59:34	Vim 安全漏洞	详情
dee30b1a759cdba8cda08222c3b6cf63	CVE-2022-2309	2023-11-15 20:59:34	lxml 和 libxml2 代码问题漏洞	详情
edc189cc3f6caea2e67f158e0f93dd19	CVE-2022-31116	2023-11-15 20:59:34	UltraJSON 其他漏洞	详情
3e53baf169ff30745b9dfa6f9505233b	CVE-2022-20791	2023-11-15 20:59:26	Cisco Unified Communications Manager 路径遍历漏洞	详情
6ae237378a32e08e6f0495fa3dbce32b	CVE-2022-20812	2023-11-15 20:59:26	Cisco Expressway Series 和 Cisco TelePresence Video Communication Server 路径遍历漏洞	详情
a2523ef82d3016d54faf64dd9af12f3f	CVE-2022-31129	2023-11-15 20:59:26	Moment.js 资源管理错误漏洞	详情

绿盟 [TOP 30]	CVES	TIME	TITLE	URL
4eec0cd5332043067b2e657866138dd5	CVE-2024-8811	2025-01-22 09:22:37	WinZip网页标记绕过漏洞	详情
1a4d565659e15f617e2c318b4ac3fae4	CVE-2024-11528	2025-01-22 09:22:37	IrfanView内存破坏远程代码执行漏洞	详情
f5dd16a58847d134b0f7ca9913609228	CVE-2024-11577	2025-01-22 09:22:37	Luxion KeyShot堆缓冲区溢出远程代码执行漏洞	详情
58e3dcc8a306f7bc219130f1d56469f9	CVE-2024-11530	2025-01-22 09:22:37	IrfanView内存破坏远程代码执行漏洞	详情
2846868f433262e405f211e987832d78	CVE-2024-11581	2025-01-22 09:22:37	Luxion KeyShot越界读取远程代码执行漏洞	详情
7f80bcd7b782f35a0053e9f4d8d27dec	CVE-2024-11578	2025-01-22 09:22:37	Luxion KeyShot堆栈缓冲区溢出远程代码执行漏洞	详情
37cdb48f3c540abc81cd9ddf98381480	CVE-2024-9742	2025-01-22 09:22:37	Tungsten Automation Power PDF堆缓冲区溢出远程代码执行漏洞	详情
08cba386fe3e5802cafd78b8e55d6c82	CVE-2024-9740	2025-01-22 09:22:37	Tungsten Automation Power PDF内存破坏远程代码执行漏洞	详情
138cb425aa1c144d547c9b6ddf400ae4	CVE-2024-8827	2025-01-22 09:22:37	PDF-XChange Editor越界写入远程代码执行漏洞	详情
ad046f266c55ec198a91c584ac9cc028	CVE-2024-9746	2025-01-22 09:22:37	Tungsten Automation Power PDF越界写入远程代码执行漏洞	详情
0f82930b4335570fca83a6887a1e1a0d	CVE-2024-8849	2025-01-22 09:22:37	PDF-XChange Editor越界读取信息泄露漏洞	详情
1f8afd16388634672fb35b2ad1de8333	CVE-2024-9257	2025-01-22 09:22:37	Logsign Unified SecOps Platform输入验证任意文件删除漏洞	详情
e7b7559085102574521b8f500e44f6a3	CVE-2024-9732	2025-01-22 09:22:37	Tungsten Automation Power PDF内存错误引用远程代码执行漏洞	详情
95dd3c2a26661ddbdfda46c1d810cbb6	CVE-2024-9758	2025-01-22 09:22:37	Tungsten Automation Power PDF越界读取信息泄露漏洞	详情
1a1238a8e6660c63f9e4c490c8530ed7	CVE-2024-9747	2025-01-22 09:22:37	Tungsten Automation Power PDF越界写入远程代码执行漏洞	详情
0eca3f6be50678f1b5cf7d02ded62ea6	CVE-2024-11398	2025-01-21 15:23:11	Synology Router Manager路径遍历漏洞	详情
832fd6df5fb6a3b687b021d48d3202a8	CVE-2024-43381	2025-01-21 15:23:11	reNgine存储型跨站脚本漏洞	详情
9fac76755e3d1f3b4c2a8e5b58f9785c	CVE-2023-52943	2025-01-21 15:23:11	Synology Surveillance Station授权错误漏洞	详情
3f68eae3cd3ac8db61346ce74de98fbc	CVE-2024-43809	2025-01-21 15:23:11	JetBrains TeamCity跨站脚本漏洞	详情
c8d2d2d820d9cb827901b9acb16863d4	CVE-2024-43808	2025-01-21 15:23:11	JetBrains TeamCity跨站脚本漏洞	详情
ba5e016512cef5c41e29f0e4434048a4	CVE-2024-45717	2025-01-21 15:23:11	SolarWinds Platform跨站脚本漏洞	详情
be5f4d9a80a0ce2f43dd6edad8f599a3	CVE-2024-6456	2025-01-21 15:23:11	AVEVA Historian Server SQL注入漏洞	详情
9e1b5e4bccba7dbd2a954f9ea2cb999c	CVE-2024-7868	2025-01-21 15:23:11	Xpdf变量未初始化漏洞	详情
e29b08ff1bf7253d6cb2c2ec002654bb	CVE-2024-7839	2025-01-21 15:23:11	Itsourcecode Billing System SQL注入漏洞	详情
2b941d67f11cb599d8344a21f155f9e5	CVE-2024-34737	2025-01-21 15:23:11	Google Android权限提升漏洞	详情
e608fb105a7049859fdc380d250ab6c9	CVE-2024-12123	2025-01-21 15:23:11	Issuetrak隐藏字段操纵漏洞	详情
62d4385c895ae99334faccb1917a7250	CVE-2024-7145	2025-01-21 15:23:11	WordPress JetElements Plugin本地文件包含漏洞	详情
ce5167d828adc7feda1d0c961259962f	CVE-2024-42465	2025-01-21 15:23:11	upKeeper身份验证限制漏洞	详情
fcf728e6d8af8f99559c3bb28ffcaa5d	CVE-2024-12099	2025-01-21 15:23:11	WordPress Dollie Hub plugin授权绕过漏洞	详情
17091922f64d0269b20662069668c36a	CVE-2024-42457	2025-01-21 15:23:11	Veeam Backup & Replication凭据保护不足漏洞	详情

美国国家漏洞数据库（NVD） [TOP 30]	CVES	TIME	TITLE	URL
c6b3897e8411249dddc03a2582c3afdc	CVE-2023-45955	2023-10-31 18:15:08	An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands.	详情
752c86d745d9d6748f49970fc6c72bf7	CVE-2022-48189	2023-10-30 15:15:39	An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.	详情
8e0bb5e55759a9b19da4ce8a5bf48799	CVE-2022-4573	2023-10-30 15:15:39	An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.	详情
790b026d2f9b8a38a121baf7cc9fbbe2	CVE-2023-45797	2023-10-30 07:15:12	A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code.	详情
9fee627171b8e0c7c2f065dae65c293c	CVE-2023-46468	2023-10-28 01:15:51	An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function.	详情
1f2c404d06acfac83f7761c8ab878dee	CVE-2023-43322	2023-10-28 01:15:51	ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/.	详情
eea9f6fc871d45cb3672714124c1d416	CVE-2023-46211	2023-10-27 21:15:09	Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <=Â 3.19.14 versions.	详情
8496e7ff58df6fda25c681900fb6dfb8	CVE-2023-46209	2023-10-27 21:15:09	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus â€“ Unlimited grid plugin <=Â 1.3.2 versions.	详情
751468e26927001b02f1b97a3d980488	CVE-2023-46208	2023-10-27 21:15:09	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors â€“ Car Dealer, Classifieds & Listing plugin <=Â 1.4.6 versions.	详情
26e1875553f4c463d954949d41128765	CVE-2023-46200	2023-10-27 21:15:09	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <=Â 1.1.3 versions.	详情
a86c2cbf359259b1e38cd6e0c560a363	CVE-2023-46509	2023-10-27 21:15:09	An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component.	详情
c608240b549dc25f03e04b5397e48e1b	CVE-2023-46199	2023-10-27 08:15:31	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Triberr plugin <=Â 4.1.1 versions.	详情
c4bd3098463c3624a284c838fd6ecb48	CVE-2023-46194	2023-10-27 08:15:31	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist â€“ Custom Archive Templates plugin <=Â 1.7.5 versions.	详情
e79edbb292a519fa08055a884d86921e	CVE-2023-46192	2023-10-27 08:15:31	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <=Â 1.2.3 versions.	详情
528422b82114eedfc8a332c895b5d475	CVE-2023-46504	2023-10-27 04:15:10	Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component.	详情
4b4a8cd15c35de7b7cb3e0f5110f178b	CVE-2023-46503	2023-10-27 04:15:10	Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules.	详情
9637804577e375e89e0c34d1e9dc7daa	CVE-2023-46505	2023-10-27 01:15:32	Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacker to execute arbitrary code via the content1 parameter in the demo.php file.	详情
ccc0d1dc9e1e6371fc7ed4a7e6bc67c9	CVE-2023-46491	2023-10-27 00:15:09	ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library.	详情
925767e89590e6107a882a20468a3153	CVE-2023-42188	2023-10-27 00:15:09	IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF).	详情
8affd999965e83dbd42583837011424c	CVE-2023-42406	2023-10-26 22:15:08	SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component.	详情
7d0ccfb0da7a7225f1fd25c20c95a57e	CVE-2023-46435	2023-10-26 18:15:08	Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id.	详情
0ab665a469513a0f70af2e1f17519e41	CVE-2023-5792	2023-10-26 17:15:10	A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243598 is the identifier assigned to this vulnerability.	详情
692b9ba4d9cf7c90b6a3e5b8396a5302	CVE-2023-5791	2023-10-26 17:15:10	A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243597 was assigned to this vulnerability.	详情
7e262fff58c0ebc8ddc6cdfb7535d7e2	CVE-2023-5790	2023-10-26 17:15:10	A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595.	详情
c643f1003e7a0ee28d9e54cda26d6b85	CVE-2023-43208	2023-10-26 17:15:09	NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.	详情
3d3bc04cd7ec7fdf5aaaa0aa0a140b90	CVE-2023-46450	2023-10-26 15:15:09	Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function.	详情
844b1b549a5543c879cdc68d7237f444	CVE-2023-46449	2023-10-26 15:15:09	Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.	详情
f494a8af43bc7ce0e5b6f1d2f18f3740	CVE-2023-46081	2023-10-26 13:15:09	Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <=Â 1.1.34 versions.	详情
3a451401fdd162ad57ab72c2f5d7b984	CVE-2023-46077	2023-10-26 13:15:09	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed â€“ Custom Feed plugin <=Â 2.2.5 versions.	详情
428d0a0df20b616e36d68a5b76023a38	CVE-2023-46076	2023-10-26 13:15:09	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <=Â 1.2.102 versions.	详情