ChaMD5威胁情报 | 漏洞情报播报
| 360 网络安全响应中心 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 638b08e6df884cc1a5c0dd7c8ce8c08d | 2023-04-03 09:32:42 | 安全事件周报 2023-03-27 第13周 | 详情 | |
| 4ad53fb76838f4a82d7e011825d5934b | CVE-2023-29059 | 2023-03-31 07:28:38 | CVE-2023-29059:3CXDesktop App 代码执行漏洞通告 | 详情 |
| c8989d2e807ceb53d24ad02bd54fbe60 | CVE-2023-22809 | 2023-03-30 08:49:36 | CVE-2023-22809:Sudo权限提升漏洞通告 | 详情 |
| 55fd37b2456c87556f03a593901b743a | 2023-03-27 08:47:34 | 安全事件周报 2023-03-20 第12周 | 详情 | |
| c571983fae71cfe11b5bb86c67159080 | CVE-2023-28432 | 2023-03-23 09:46:17 | MinIO信息泄露漏洞通告 | 详情 |
| 96f44e31e7ad34d978d34d8fa828b8a5 | CVE-2023-20860 | 2023-03-22 09:19:30 | CVE-2023-20860:Spring Framework身份验证绕过漏洞通告 | 详情 |
| 464f9bbd749d9b7e63993ae0384582d1 | 2023-03-20 07:23:23 | 安全事件周报 2023-03-13 第11周 | 详情 | |
| f3125d3ed890f0d54c88b1ded2feee81 | CVE-2023-23397 | 2023-03-17 02:06:29 | Microsoft Outlook权限提升漏洞通告 | 详情 |
| 2401d255767cdbab18ab0add4cda39f8 | 2023-03-15 08:13:10 | 2023-03 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
| ae733c9e19d8a91d1e36ae4ef7dbcdde | CVE-2023-23638 | 2023-03-14 07:05:15 | CVE-2023-23638:Apache Dubbo反序列化漏洞通告 | 详情 |
| f5c4a287130244d1e00dc124d7d36c78 | 2023-03-13 07:48:11 | 安全事件周报 2023-03-06 第10周 | 详情 | |
| 0ff6a0a7187480b2f5160f7e877b6e7b | CVE-2023-21768 | 2023-03-10 08:45:13 | CVE-2023-21768:Windows Ancillary Function 本地权限提升漏洞通告 | 详情 |
| 02017e32ba80b6610ea0ebe823a8307c | CVE-2023-25610 | 2023-03-10 08:41:35 | CVE-2023-25610:FortiOS / FortiProxy 远程代码执行漏洞通告 | 详情 |
| 5b0b816d287d6b909f202e0ae78dd4f2 | CVE-2023-21768 | 2023-03-10 08:04:10 | CVE-2023-21768:Windows Ancillary Function Driver for WinSock 权限提升漏洞通告 | 详情 |
| 3f300836f1101aac33c8a0d2e3a13b15 | CVE-2023-27898 | 2023-03-09 08:41:32 | CVE-2023-27898/27905:Jenkins跨站脚本漏洞通告 | 详情 |
| e789b5055a4a30fd3f2f81447efc91c0 | CVE-2023-21716 | 2023-03-07 09:38:55 | Microsoft Word 远程代码执行漏洞通告 | 详情 |
| 62f500b7a9dc87c0935c4a1ac8f0c990 | 2023-03-06 09:25:36 | Smartbi远程命令执行漏洞通告 | 详情 | |
| 45330254ad5d2642f0fa82225aefaefb | 2023-03-06 07:35:11 | 安全事件周报 2023-02-27 第9周 | 详情 | |
| 98a5b68d96d5541e9781ff32ec966a13 | CVE-2023-0050 | 2023-03-03 07:22:27 | CVE-2023-0050:GitLab跨站脚本漏洞通告 | 详情 |
| 0b4545f346ae941fb86499887e937bfa | 2023-02-27 06:56:34 | 安全事件周报 (02.20-02.26) | 详情 | |
| 24580b4fb69a1db8407211e2cb3464c9 | 2023-02-24 08:21:55 | 泛微e-cology9 SQL注入漏洞通告 | 详情 | |
| 4d1dee02cae7d8cde565f47645ac229b | CVE-2023-20858 | 2023-02-23 07:25:17 | CVE-2023-20858:VMware Carbon Black App Control 远程代码执行漏洞通告 | 详情 |
| bd7e6380055dd5778eb26c10474562a1 | CVE-2023-23752 | 2023-02-21 08:50:11 | CVE-2023-23752:Joomla未授权访问漏洞通告 | 详情 |
| 5209a8ffed474d179b8a882d62ec3a80 | CVE-2023-24998 | 2023-02-21 08:02:29 | CVE-2023-24998:Apache Commons FileUpload拒绝服务漏洞通告 | 详情 |
| e4126033e6653e8f5d84595554a2ba3a | CVE-2023-23752 | 2023-02-21 07:01:19 | CVE-2023-23752:Joomla未授权访问漏洞通告 | 详情 |
| 90fffab9d66d505311596a71af6abbb9 | 2023-02-20 09:55:02 | 安全事件周报 (02.13-02.19) | 详情 | |
| 920484737cd9fc0121ce5697641c88f8 | CVE-2021-42756 | 2023-02-20 08:20:26 | CVE-2021-42756/CVE-2022-39952:Fortinet 多个漏洞通告 | 详情 |
| a4db607d2eea8ff76fdcb05e8a33321b | CVE-2021-42756 | 2023-02-20 08:01:11 | CVE-2021-42756:Fortinet FortiWeb缓冲区溢出漏洞通告 | 详情 |
| ab482fa4d4be6a2f06a3f918ef245b7f | CVE-2023-25725 | 2023-02-17 07:03:52 | HAProxy请求走私漏洞通告 | 详情 |
| e38bcb9d859fdc4496254a7425d4d8bc | 2023-02-15 07:12:40 | 2023-02 补丁日: 微软多个漏洞安全更新通告 | 详情 |
| Tenable (Nessus) [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 30ea32f8146929d430ee8519275a3386 | CVE-2023-1961 | 2023-04-08 12:15:00  |
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/?page=system_info. The manipulation of the argument System Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225348. | 详情 |
| 7d9c794639d8ebea9bc8933b729c43fd | CVE-2023-1960 | 2023-04-08 12:15:00 |
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225347. | 详情 |
| bad80b00417ca3485fb02b08a93f3d94 | CVE-2023-1959 | 2023-04-08 11:15:00 |
A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225346 is the identifier assigned to this vulnerability. | 详情 |
| 1ba01767e161313b4fc7c226661ec55b | CVE-2023-1958 | 2023-04-08 11:15:00 |
A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_sub_category. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225345 was assigned to this vulnerability. | 详情 |
| 517a798d1f1f95aba3d0ceb124f55498 | CVE-2023-1957 | 2023-04-08 11:15:00 |
A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_sub_category of the component Subcategory Handler. The manipulation of the argument sub_category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225344. | 详情 |
| 9fa7dc472b3899fb043d46d4abcd04e6 | CVE-2023-1956 | 2023-04-08 10:15:00 |
A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_img of the component Image Handler. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225343. | 详情 |
| c4c326127699664f6817e0a8c5718534 | CVE-2023-1955 | 2023-04-08 10:15:00 |
A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is an unknown function of the file login.php of the component User Registration. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225342 is the identifier assigned to this vulnerability. | 详情 |
| 8cbdebfbe89607c1181d515756443f4e | CVE-2023-1954 | 2023-04-08 10:15:00 |
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been rated as critical. This issue affects the function save_inventory of the file /admin/product/manage.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225341 was assigned to this vulnerability. | 详情 |
| f7c01a31e343a6901c230253985df92c | CVE-2023-1953 | 2023-04-08 10:15:00 |
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/sales/index.php. The manipulation of the argument date_start/date_end leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225340. | 详情 |
| 98d7e775ea6fe2cd6892c9113d2ed2de | CVE-2023-1952 | 2023-04-08 09:15:00 |
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as critical. This affects an unknown part of the file /?p=products of the component Product Search. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225339. | 详情 |
| 32704107b7534180d18f4b91c2dac934 | CVE-2015-10098 | 2023-04-08 09:15:00 |
A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152. | 详情 |
| e5ad2f304ae4a4db36e92b19827c564b | CVE-2013-10023 | 2023-04-08 09:15:00 |
A vulnerability was found in Editorial Calendar Plugin up to 2.6. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql injection. The attack can be launched remotely. Upgrading to version 2.7 is able to address this issue. The name of the patch is a9277f13781187daee760b4dfd052b1b68e101cc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-225151. | 详情 |
| 779dfe4cbd490ec67d60c270d169aee3 | CVE-2023-1951 | 2023-04-08 08:15:00 |
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this issue is the function delete_brand of the file /admin/maintenance/brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225338 is the identifier assigned to this vulnerability. | 详情 |
| 8a93262e7b9e9d340aa1f9fd454d2821 | CVE-2023-1950 | 2023-04-08 08:15:00 |
A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file password-recovery.php of the component Password Recovery. The manipulation of the argument emailid/contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225337 was assigned to this vulnerability. | 详情 |
| 5ae8c8dea86f324fda961016fc0ea057 | CVE-2023-1949 | 2023-04-08 08:15:00 |
A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file change-password.php of the component Change Password Handler. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225336. | 详情 |
| 74120daa93a90a76439b23baa098081e | CVE-2023-1948 | 2023-04-08 08:15:00 |
A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225335. | 详情 |
| 785582bb4d70d21373ec9073afaf9426 | CVE-2023-24626 | 2023-04-08 05:15:00 |
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. | 详情 |
| a3dc5f96702b2201e21474645dce7f24 | CVE-2023-1947 | 2023-04-07 23:15:00 |
A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability. | 详情 |
| 44e41f98772f24311bf8166ce7a4437d | CVE-2023-1946 | 2023-04-07 23:15:00 |
A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225329 was assigned to this vulnerability. | 详情 |
| f7f61a0f679eed4adbd77a9f7b346503 | CVE-2023-27180 | 2023-04-07 21:15:00 |
GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php. | 详情 |
| 4fa753c04ee939a6bc890f5835e2d13b | CVE-2023-27033 | 2023-04-07 21:15:00 |
Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent(). | 详情 |
| 640d8c55ddc9ae048759bf61a75b060c | CVE-2023-1801 | 2023-04-07 21:15:00 |
The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. | 详情 |
| 204f96647d83631c6043fd078cf066d4 | CVE-2022-43309 | 2023-04-07 21:15:00 |
Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. | 详情 |
| e8878a5182d51296927dab2afbae9d96 | CVE-2023-23762 | 2023-04-07 19:15:00 |
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program. | 详情 |
| d9333138970e998a4ab0b5bfe84e378e | CVE-2023-23761 | 2023-04-07 19:15:00 |
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist’s URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program. | 详情 |
| 92ebccdd2bf542572583bdbcc9a06a56 | CVE-2023-1942 | 2023-04-07 18:15:00 |
A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225319. | 详情 |
| 20894de760d703a4120d95b2c3eb7506 | CVE-2023-1941 | 2023-04-07 18:15:00 |
A vulnerability, which was classified as critical, has been found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225317 was assigned to this vulnerability. | 详情 |
| 401fa251daf524c367d446161130cbd3 | CVE-2023-1940 | 2023-04-07 18:15:00 |
A vulnerability classified as critical was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This vulnerability affects unknown code of the file delete_user_query.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225316. | 详情 |
| 39ee0cf9d0baa6b0b79b8886de45e70d | CVE-2023-1909 | 2023-04-07 17:15:00 |
A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225318 is the identifier assigned to this vulnerability. | 详情 |
| 9ac66912850bb8b781699d2a6049492b | CVE-2023-29388 | 2023-04-07 15:15:00 |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCode Product Catalog Simple plugin <= 1.6.17 versions. | 详情 |
| 信息安全漏洞门户 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 70be8948738a6642db41fd71bada4d02 | CVE-2023-26093 | 2023-02-20 08:41:31 | Untitled vulnerability | 详情 |
| 3293fb0bc9a4d8889fb317bc9199d5d8 | CVE-2023-26092 | 2023-02-20 08:41:31 | Untitled vulnerability | 详情 |
| 3ce8785a4634ffe05a7a0bac642967e7 | CVE-2022-48329 | 2023-02-20 08:41:31 | Untitled vulnerability | 详情 |
| e41d7b9d3eb3a782fb5f51a72eb578bb | CVE-2022-48328 | 2023-02-20 08:41:31 | Untitled vulnerability | 详情 |
| 80d002440e6e0d65aecd2da69f96a0f3 | CVE-2023-26081 | 2023-02-20 08:41:31 | Untitled vulnerability | 详情 |
| d0759f57d728fa5633cc910d3fd4a05c | CVE-2016-15024 | 2023-02-19 20:37:19 | RESERVED CVE CANDIDATE NUMBER... | 详情 |
| 55de80cea46291a033955eaa68e55f31 | CVE-2014-125087 | 2023-02-19 20:37:19 | RESERVED CVE CANDIDATE NUMBER... | 详情 |
| 199655b622cddfb9d320524d51d05a4f | CVE-2012-10007 | 2023-02-19 20:37:19 | RESERVED CVE CANDIDATE NUMBER... | 详情 |
| 0e933f1d6cb1bb6f46066ec7e8d3d65e | CVE-2023-0919 | 2023-02-19 20:37:19 | RESERVED CVE CANDIDATE NUMBER... | 详情 |
| 83b0154e52b547b1f88b83d7f6abeada | CVE-2023-0918 | 2023-02-19 16:44:03 | A vulnerability has been found in codeprojects... | 详情 |
| cbd7e2e34dd53872680db01a1a94d3a2 | CVE-2023-0917 | 2023-02-19 16:44:03 | A vulnerability, which was classified as... | 详情 |
| 7b14c254357ed88e6d830b6bc5cc76c3 | CVE-2023-0916 | 2023-02-19 16:44:03 | A vulnerability classified as critical was... | 详情 |
| eb2286d86806477aa83d65d24e0af419 | CVE-2023-0915 | 2023-02-19 16:44:03 | A vulnerability classified as critical has... | 详情 |
| e9ee423e2fb925fe28e6ef82d217780c | CVE-2023-0914 | 2023-02-19 16:44:03 | Improper Authorization in GitHub repository... | 详情 |
| 424ee0655941080ead25cec88a47f063 | CVE-2023-0918 | 2023-02-19 12:55:12 | Untitled vulnerability | 详情 |
| 4c8e2bec4ee9cbcb2833a5e9e35a3f4f | CVE-2023-0917 | 2023-02-19 12:55:12 | Untitled vulnerability | 详情 |
| 72ecfb877830eb52e394fee68a788a67 | CVE-2023-0916 | 2023-02-19 12:55:12 | Untitled vulnerability | 详情 |
| 14cf29bb46538384a91b82250657a689 | CVE-2023-0915 | 2023-02-19 12:55:12 | Untitled vulnerability | 详情 |
| e1a2c1a4a32b94d423ab6e6f9c4bc4cc | CVE-2023-0914 | 2023-02-19 09:13:30 | Untitled vulnerability | 详情 |
| 75b1643f0f49340d824e0b3eb7624cda | CVE-2023-0910 | 2023-02-18 16:44:08 | A vulnerability has been found in... | 详情 |
| 99a33120ceb502f202f0e7256f94ab6c | CVE-2023-0909 | 2023-02-18 16:44:08 | A vulnerability, which was classified as... | 详情 |
| d2c41754fad0f623b04dd286bfa252f8 | CVE-2023-0908 | 2023-02-18 16:44:08 | A vulnerability, which was classified as... | 详情 |
| 8f4bb09dd5849025e645dc8299cecf64 | CVE-2023-0907 | 2023-02-18 16:44:08 | A vulnerability, which was classified as... | 详情 |
| bd73cde09423de4a35e167284c947351 | CVE-2023-0906 | 2023-02-18 16:44:08 | A vulnerability classified as critical was... | 详情 |
| a007d59466a41507e830783a17c9cf40 | CVE-2023-0905 | 2023-02-18 16:44:08 | A vulnerability classified as critical has... | 详情 |
| 97427653b6d4d69ae0e8f3b7eff21432 | CVE-2023-0904 | 2023-02-18 16:44:08 | A vulnerability was found in SourceCodester... | 详情 |
| 210626c9ccb76ee3412c9e97f5c817a5 | CVE-2023-0903 | 2023-02-18 16:44:08 | A vulnerability was found in SourceCodester... | 详情 |
| de5db54fd1092cec78e3e9ef75666656 | CVE-2023-0902 | 2023-02-18 16:44:08 | A vulnerability was found in SourceCodester... | 详情 |
| faf562f9cc32f610edb824e87284edb6 | CVE-2022-40348 | 2023-02-18 16:44:08 | Cross Site Scripting (XSS) vulnerability in... | 详情 |
| 28b97353f5120839fe9b5988f692b007 | CVE-2023-0913 | 2023-02-18 16:44:03 | A vulnerability classified as critical was... | 详情 |
| 国家信息安全漏洞共享平台(CNVD) [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 37774214a722024500b4fefa67581d9a | CNVD-2023-23552 (CVE-2023-24998) | 2023-04-06 16:20:24 | Apache Commons FileUpload拒绝服务漏洞 | 详情 |
| 6344b3e82bf3941454094a5175652b4a | CNVD-2023-23569 (CVE-2022-43639) | 2023-04-04 22:35:39 | Foxit PDF Reader远程代码执行漏洞 | 详情 |
| 1fccff209d4cd2b4736b96d89a8e28d9 | CNVD-2023-23570 (CVE-2022-37391) | 2023-04-04 22:35:37 | Foxit PDF Reader远程代码执行漏洞 | 详情 |
| e91a165e4b347b0c4923476a321b18b1 | CNVD-2023-23887 (CVE-2023-1133) | 2023-04-04 16:20:21 | Delta Electronics InfraSuite Device Master反序列化漏洞 | 详情 |
| 622ae52d5abe0de11fb61f45a3e78238 | CNVD-2023-23886 (CVE-2023-1137) | 2023-04-04 16:20:19 | Delta Electronics InfraSuite Device Master访问控制错误漏洞 | 详情 |
| 62894714c7a925d1771c421a68ed24de | CNVD-2023-23885 (CVE-2023-1136) | 2023-04-04 16:20:17 | Delta Electronics InfraSuite Device Master认证错误漏洞 | 详情 |
| ad8a696eed6f31c38185c83223f851a7 | CNVD-2023-23884 (CVE-2023-1134) | 2023-04-04 16:20:15 | Delta Electronics InfraSuite Device Master路径遍历漏洞 | 详情 |
| 441958ba15ea92385aaf61fe72deb1c2 | CNVD-2023-23883 (CVE-2023-1139) | 2023-04-04 16:20:12 | Delta Electronics InfraSuite Device Master反序列化漏洞 | 详情 |
| 8c3ba690b38ba97cb5040a47ae141858 | CNVD-2023-23882 (CVE-2023-1143) | 2023-04-04 16:20:10 | Delta Electronics InfraSuite Device Master存在未明漏洞 | 详情 |
| 9feeabc0e17db99762f037176746dad4 | CNVD-2023-23566 (CVE-2022-37381) | 2023-04-04 16:17:06 | Foxit PDF Reader远程代码执行漏洞 | 详情 |
| d295c5b4ce809079a4950328aa4bdfe0 | CNVD-2023-23560 (CVE-2022-37377) | 2023-04-04 16:16:54 | Foxit PDF Editor远程代码执行漏洞 | 详情 |
| 673991ee7f5f6f4d492cf9fe9bf01e6e | CNVD-2023-23894 (CVE-2023-1138) | 2023-04-04 16:16:14 | Delta Electronics InfraSuite Device Master访问控制错误漏洞 | 详情 |
| 7f226191136261fc7b11164734df4910 | CNVD-2023-23893 (CVE-2023-1135) | 2023-04-04 16:16:12 | Delta Electronics InfraSuite Device Master授权问题漏洞 | 详情 |
| 143a1b9e8101895f7b1e0e0457db0bae | CNVD-2023-23892 (CVE-2023-1140) | 2023-04-04 16:16:10 | Delta Electronics InfraSuite Device Master身份验证错误漏洞 | 详情 |
| e6994d15904a4609f3578fb7f6756300 | CNVD-2023-23891 (CVE-2023-1141) | 2023-04-04 16:16:08 | Delta Electronics InfraSuite Device Master命令注入漏洞 | 详情 |
| 171d572a240836f10ceff7d82bfcc628 | CNVD-2023-23890 (CVE-2023-1142) | 2023-04-04 16:16:05 | Delta Electronics InfraSuite Device Master路径遍历漏洞 | 详情 |
| 2aacff0d6eff6906977e0ac8932b3a93 | CNVD-2023-23889 (CVE-2023-1144) | 2023-04-04 16:16:03 | Delta Electronics InfraSuite Device Master访问控制错误漏洞 | 详情 |
| f80d2517b70111005e940e38c9603084 | CNVD-2023-23888 (CVE-2023-1145) | 2023-04-04 16:16:01 | Delta Electronics InfraSuite Device Master反序列化漏洞 | 详情 |
| 1f085ec58c4d251828399ce770698d18 | CNVD-2023-23568 (CVE-2022-43638) | 2023-04-03 22:35:41 | Foxit PDF Reader远程代码执行漏洞 | 详情 |
| ad16e8a4b248462e8a1921b949181e75 | CNVD-2023-23567 (CVE-2022-43649) | 2023-04-03 16:17:09 | Foxit PDF Reader远程代码执行漏洞 | 详情 |
| 25ddc9eb64835d72c1cc72639407a0f8 | CNVD-2023-23565 (CVE-2022-37388) | 2023-04-03 16:17:04 | Foxit PDF Reader远程代码执行漏洞 | 详情 |
| 1aab58b5a3a9e13cab69e79b49a83a82 | CNVD-2023-23564 (CVE-2022-43640) | 2023-04-03 16:17:01 | Foxit PDF Reader信息泄露漏洞 | 详情 |
| a1fa2de5bf60ad5a3a53d0ddfb2813ee | CNVD-2023-23563 (CVE-2022-37378) | 2023-04-03 16:16:59 | Foxit PDF Editor远程代码执行漏洞 | 详情 |
| 8a7b1724f56cd153e5d0cc67f926be9c | CNVD-2023-23562 (CVE-2022-37376) | 2023-04-03 16:16:57 | Foxit PDF Editor信息泄露漏洞 | 详情 |
| aa0de486800f8802b9b27bbb274b3364 | CNVD-2023-23573 (CVE-2023-1531) | 2023-04-03 10:35:39 | Google Chrome ANGLE内存错误引用漏洞 | 详情 |
| 56d5e976b4e3e6292a3d7a2aca325214 | CNVD-2023-23572 (CVE-2023-20979) | 2023-04-03 10:35:37 | Google Pixel bta_av_co.cc文件缓冲区溢出漏洞 | 详情 |
| 140866269bde3b4e98432d10a6d6f4d9 | CNVD-2023-23571 (CVE-2023-21040) | 2023-04-03 10:35:34 | Google Pixel bluetooth_ccc.cc文件逻辑错误漏洞 | 详情 |
| 90d7b3bc5dc86fa8b4533e9779604263 | CNVD-2023-23561 (CVE-2023-21035) | 2023-04-03 10:35:32 | Google Pixel BackupHelper.java文件授权问题漏洞 | 详情 |
| ce1e3f82c327a59ec6cf425104ac1d98 | CNVD-2023-23559 (CVE-2023-21047) | 2023-04-03 10:35:30 | Google Pixel aidl_utils.cc文件缓冲区溢出漏洞 | 详情 |
| 58f5c7f34944a2775ac0685bd042b22e | CNVD-2023-23557 (CVE-2023-25197) | 2023-04-03 10:13:40 | Apache Fineract SQL注入漏洞 | 详情 |
| 国家信息安全漏洞库(CNNVD) [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 56358b73280e18ed2eaf62bf4b7fba5f | CNNVD-202210-1696 (CVE-2021-44776) | 2022-10-24 12:41:06 | Lanner IAC-AST2500A 安全漏洞 | 详情 |
| 07eddc3a7e5e3731956c02a50f538970 | CNNVD-202210-1697 (CVE-2021-26732) | 2022-10-24 12:41:04 | Lanner IAC-AST2500A 安全漏洞 | 详情 |
| 4b051d50f18e2bb4a1f272b12f873223 | CNNVD-202210-1698 (CVE-2021-26731) | 2022-10-24 12:41:02 | Lanner IAC-AST2500A 缓冲区错误漏洞 | 详情 |
| 0d79d7ad89e7b6f52a89de2e3762a492 | CNNVD-202210-1699 (CVE-2021-42010) | 2022-10-24 12:40:59 | Apache Heron 注入漏洞 | 详情 |
| 9596051a8fb75da90bf94bd495b53e94 | CNNVD-202210-1700 (CVE-2021-26733) | 2022-10-24 12:40:56 | Lanner IAC-AST2500A 安全漏洞 | 详情 |
| 883bec62dd4552d68130c0f925873e93 | CNNVD-202210-1701 (CVE-2022-42432) | 2022-10-24 12:40:54 | Linux kernel 安全漏洞 | 详情 |
| 755328fe5484ce3f71a4940d10f50b34 | CNNVD-202210-1702 (CVE-2021-44769) | 2022-10-24 12:40:51 | Lanner IAC-AST2500A 输入验证错误漏洞 | 详情 |
| 9c53a984103cd446d6e447c12c9c66c6 | CNNVD-202210-1703 (CVE-2021-44467) | 2022-10-24 12:40:49 | Lanner IAC-AST2500A 安全漏洞 | 详情 |
| 30dfa903ed49845732fc6cef266206e9 | CNNVD-202210-1704 (CVE-2022-41974) | 2022-10-24 12:40:46 | Red Hat device-mapper-multipath 安全漏洞 | 详情 |
| 9c6324677d17c72db81aec2e1797791f | CNNVD-202210-1705 (CVE-2022-41973) | 2022-10-24 12:40:44 | Red Hat device-mapper-multipath 安全漏洞 | 详情 |
| 4ec5a4ccefd5879e573cd53c2123dd3a | CNNVD-202210-1612 (CVE-2022-39272) | 2022-10-22 12:40:26 | Flux2 安全漏洞 | 详情 |
| c3846b92a4965777ef3e53a1f4618717 | CNNVD-202210-1600 (CVE-2022-3646) | 2022-10-21 12:40:47 | Linux kernel 安全漏洞 | 详情 |
| 9a761144255ce6f90bb54e219ea40282 | CNNVD-202210-1601 (CVE-2022-34438) | 2022-10-21 12:40:44 | Dell PowerScale OneFS 安全漏洞 | 详情 |
| 44290d228b51ffbf0aab6efd4d6e678e | CNNVD-202210-1602 (CVE-2022-31239) | 2022-10-21 12:40:42 | Dell PowerScale OneFS 安全漏洞 | 详情 |
| 9ca9cbb2a337c33899bcdf19d91d7d78 | CNNVD-202210-1603 (CVE-2022-34437) | 2022-10-21 12:40:40 | Dell PowerScale OneFS 安全漏洞 | 详情 |
| 0a96e1daad10fc7b842abaa350831db2 | CNNVD-202210-1605 (CVE-2022-26870) | 2022-10-21 12:40:38 | Dell EMC PowerStore 安全漏洞 | 详情 |
| 35f41caeb97feaaa8373f4dbbbd7a249 | CNNVD-202210-1606 (CVE-2020-5355) | 2022-10-21 12:40:36 | Dell EMC Isilon OneFS 安全漏洞 | 详情 |
| d314bbe34de68aa67eddd75a9f4ce40c | CNNVD-202210-1609 (CVE-2022-3649) | 2022-10-21 12:40:34 | Linux kernel 资源管理错误漏洞 | 详情 |
| 351642a659185d5b0604973397c7fa3b | CNNVD-202210-1610 (CVE-2022-39259) | 2022-10-21 12:40:31 | Skylot Jadx 安全漏洞 | 详情 |
| ebbdab47bb0184312da10141d7d010e7 | CNNVD-202210-1611 (CVE-2022-23462) | 2022-10-21 12:40:29 | Softmotions IOWOW 安全漏洞 | 详情 |
| 8c86f10ec92b3124f4395faa27ee8ae3 | CNNVD-202210-1517 (CVE-2022-29477) | 2022-10-20 12:40:17 | Adobe Iota 信任管理问题漏洞 | 详情 |
| 3c33a32472c03f27b2b606714eb74e0a | CNNVD-202210-1518 (CVE-2022-36966) | 2022-10-20 12:40:15 | SolarWinds Platform 安全漏洞 | 详情 |
| 280b662d6c30e683e90c26748fa86a26 | CNNVD-202210-1519 (CVE-2022-36958) | 2022-10-20 12:40:13 | SolarWinds Platform 代码问题漏洞 | 详情 |
| 1d1787e08b1093c5bd9723a8b9465e0f | CNNVD-202210-1520 (CVE-2022-27805) | 2022-10-20 12:40:11 | Adobe Iota 访问控制错误漏洞 | 详情 |
| 632da31aee8b02c08d2e63767809782a | CNNVD-202210-1521 (CVE-2022-36957) | 2022-10-20 12:40:08 | SolarWinds Platform 安全漏洞 | 详情 |
| 28743e448b695bd2eee529e66954d3c4 | CNNVD-202210-1522 (CVE-2022-3623) | 2022-10-20 12:40:06 | Linux kernel 竞争条件问题漏洞 | 详情 |
| 92679bd487d2a90451cf297905a8f3c3 | CNNVD-202210-1523 (CVE-2022-32586) | 2022-10-20 12:40:04 | Adobe Iota 操作系统命令注入漏洞 | 详情 |
| bcd4eca45c95707bab85d60a3c30d643 | CNNVD-202210-1524 (CVE-2022-3619) | 2022-10-20 12:40:01 | Linux kernel 安全漏洞 | 详情 |
| 95cdab65f668ebae996fbf3df854d1e9 | CNNVD-202210-1525 (CVE-2022-3620) | 2022-10-20 12:39:59 | Exim 资源管理错误漏洞 | 详情 |
| 9e701d3b09a7f774ceea498474bc4d40 | CNNVD-202210-1526 (CVE-2022-3621) | 2022-10-20 12:39:55 | Linux kernel 安全漏洞 | 详情 |
| 奇安信 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 45ab4afdafe578698bcfccccd65d833e | yt | QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 | 详情 | |
| 74691465618764c64d52a2ff58013ac4 | yt | QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 | 详情 | |
| 7010355bb6ffff38cb1a885acf784ca7 | ft | QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 | 详情 | |
| 5edb21a58a7e21692bd0ddd622d39279 | St | QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 | 详情 | |
| f749eac58b87d0954f0e4a84b5d67057 | CVE-2020-1350 | 2020-07-15 15:57:00 | QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 | 详情 |
| 90b93cb7073fe73b17746ac166a09637 | CVE-2020-6819, CVE-2020-6820 | 2020-04-08 10:34:35 | QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 | 详情 |
| e318a5efa4803b50cdef480b90b1784d | 2020-03-25 13:58:51 | QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 | 详情 | |
| cffc3035f7899495cfeae521451f91b2 | CVE-2020-0796 | 2020-03-12 10:32:09 | QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 | 详情 |
| 3e6175d47d17c6f94bd9ba10d81c3717 | CVE-2020-0674 | 2020-03-02 14:52:46 | QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 | 详情 |
| d99d073afb7d248a8a62fb068921997f | CVE-2020-0601 | 2020-01-15 14:11:41 | QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 | 详情 |
| b7b45b14a3af1225ef6eec72d74964df | CVE-2019-1367 | 2019-09-25 17:23:00 | QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 | 详情 |
| 504fc79f0123db109a11b149c334b75c | CVE-2019-0708 | 2019-09-09 10:20:47 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
| 5b727692d583d4a6e7cdb0f670eac12a | CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 | 2019-08-14 11:09:05 | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 |
| 54b48d765fccbc8dcfa3de0920459f8d | CVE-2019-11707 | 2019-06-19 16:53:47 | QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 | 详情 |
| 数字观星POC++ [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 14957f4905661a59a079c76c08911ad3 | CVE-2023-25195,CVE-2023-25196,CVE-2023-25197 | 2023-03-28 18:11:37 | Apache Fineract 多个漏洞 | 详情 |
| 233082ae5a46e16ee9ea52bd28643a7a | CVE-2023-28432 | 2023-03-23 21:21:20 | MinIO 信息泄露漏洞 | 详情 |
| fae536d2fbc9e9a29cea421e456db23f | CVE-2023-28708 | 2023-03-23 21:15:00 | Apache Tomcat 信息泄露漏洞 | 详情 |
| 71a8628fa3a298716e0a3fa491c506aa | CVE-2023-20860 | 2023-03-22 14:11:36 | Spring Framework 身份认证绕过漏洞 | 详情 |
| db51e848041f1774b84ad6294d3c05fa | CVE-2023-26360,CVE-2023-26359,CVE-2023-26361 | 2023-03-16 17:48:15 | Adobe ColdFusion 多个漏洞 | 详情 |
| b4e7d2dbd7aae36732fdd243e9d50a86 | CVE-2023-23415,CVE-2023-23411,CVE-2023-1017,CVE-2023-23416,CVE-2023-23392,CVE-2023-1018,CVE-2023-23404,CVE-2023-23397,CVE-2023-21708,CVE-2023-24880,CVE-2023-24861,CVE-2023-23410,CVE-2023-23398 | 2023-03-15 16:33:38 | 微软2023年3月安全更新多个高危漏洞 | 详情 |
| efc4ac3e9332b381365152fa456b086e | CVE-2023-23638 | 2023-03-10 21:05:41 | Apache Dubbo 反序列化漏洞 | 详情 |
| 876bc79cff600ff0a1fa495e1b8dd701 | CVE-2023-27898,CVE-2023-27905 | 2023-03-09 14:27:29 | Jenkins 跨站脚本漏洞 | 详情 |
| 690f0d3d9e5ec8a9f50500bbb695daa7 | CVE-2023-1164 | 2023-03-08 20:57:16 | KylinSoft kylin-activation 文件写入漏洞 | 详情 |
| 91f293cddac603083f127debd49cab8e | 2023-03-08 13:32:13 | Apache HTTP Server请求走私漏洞 | 详情 | |
| 3cfc839223216279dd59695ab8ba898f | CVE-2023-25690 | 2023-03-08 13:32:13 | Apache HTTP Server请求走私漏洞 | 详情 |
| be856ab1aec164c8600db5f4589e667c | CVE-2023-0567 | 2023-03-07 14:18:45 | PHP 验证错误漏洞 | 详情 |
| 07b74bb100dbc862bba37e18fc51c6ff | CVE-2023-0050 | 2023-03-03 14:09:39 | GitLab CE/EE跨站脚本漏洞 | 详情 |
| f1c9fda8d4d7ff86c92d2cc459621662 | 2023-03-01 16:29:26 | Smartbi 远程命令执行漏洞 | 详情 | |
| d8931e247eb2889e001726e2f8d9a090 | 2023-03-01 16:29:26 | Smartbi商业智能BI软件 SyncServlet.stub 存在代码执行漏洞 | 详情 | |
| f3b19fd6778df9cc145c1356afcc0655 | 2023-02-23 18:56:54 | 泛微e-cology9 SQL注入漏洞 | 详情 | |
| 0a8e7c26535f81f2f8c6444e8f975b35 | 2023-02-23 18:56:54 | 泛微e-cology9 browser.jsp存在SQL注入漏洞 | 详情 | |
| c842517d05367e659619b7923f974ae8 | CVE-2023-20858 | 2023-02-22 17:34:27 | VMware Carbon Black App Control 远程代码执行漏洞 | 详情 |
| f2109e9fc9de3b62432ae2620d1f0e84 | CVE-2023-24998 | 2023-02-21 17:13:08 | Apache Commons FileUpload 拒绝服务攻击漏洞 | 详情 |
| 5f60d1181bcc3ac8e2ac69cb1ebe1992 | CVE-2023-23752 | 2023-02-21 14:03:03 | Joomla未授权访问漏洞 | 详情 |
| e08a0e52d21cf3d089ba373d0f828dc7 | CVE-2023-23752 | 2023-02-21 14:03:03 | Joomla 存在未授权访问漏洞 | 详情 |
| 38cd0ecf3306e88606774bf7e52a6540 | CVE-2022-39952 | 2023-02-20 14:04:02 | Fortinet FortiNAC 外部控制漏洞 | 详情 |
| 4250aafdc8503aac42b9100095e0be48 | CVE-2023-22490,CVE-2023-23946 | 2023-02-16 11:43:19 | GitLab CE/EE 多个漏洞 | 详情 |
| 68d22621908bd5552a496ea40e210569 | CVE-2023-24580 | 2023-02-16 09:57:31 | Django 拒绝服务漏洞 | 详情 |
| 8445cbd8521bec366f922230de5b7684 | CVE-2023-21808,CVE-2023-21716,CVE-2023-21718,CVE-2023-21815,CVE-2023-23381,CVE-2023-21803,CVE-2023-21692,CVE-2023-21690,CVE-2023-21689,CVE-2023-23376,CVE-2023-21812,CVE-2023-21823,CVE-2023-21822,CVE-2023-21715,CVE-2023-21707,CVE-2023-21706,CVE-2023-21529 | 2023-02-15 16:08:26 | 微软2023年2月安全更新多个高危漏洞 | 详情 |
| 4b89dc29896c65e8d282493766bf52bd | CVE-2023-25194 | 2023-02-09 10:19:42 | Apache Kafka 远程代码执行漏洞 | 详情 |
| 6afa60106913041dd9d264b3d249f115 | CVE-2023-25194 | 2023-02-09 10:19:42 | Apache Kafka 存在代码执行漏洞 | 详情 |
| 2032a24c3df7ff14225b0d57ec8d449e | CVE-2023-23477 | 2023-02-08 18:35:07 | IBM WebSphere Application Server 远程代码执行漏洞 | 详情 |
| dd41efc59344cee0b27342752d377d65 | CVE-2023-0286,CVE-2022-4304,CVE-2022-4203,CVE-2023-0215,CVE-2022-4450,CVE-2023-0216,CVE-2023-0217,CVE-2023-0401 | 2023-02-08 14:18:47 | OpenSSL存在多个漏洞 | 详情 |
| 9bab6695b7cd9a06b607fc0f614b92d9 | CVE-2023-25136 | 2023-02-06 16:38:42 | OpenSSH 双重释放漏洞 | 详情 |
| 斗象 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 096b6298d82574500dc1a14c9dba4065 | CVE-2022-22038, CVE-2022-22047, CVE-2022-30216, CVE-2022-22029 | 2022-07-15 00:38:28 | 微软2022年7月补丁日漏洞通告 | 详情 |
| 6018f718b2d751478bf1ce069ac65f0d | CVE-2022-2185 | 2022-07-01 09:02:05 | GitLab 远程代码执行漏洞(CVE-2022-2185) | 详情 |
| 844719cf0bb4843aff73d2f33cc6dd0b | CVE-2022-30190, CVE-2022-30136 | 2022-06-15 05:48:12 | 微软2022年6月补丁日漏洞通告 | 详情 |
| 8b47000e1abfbacdadb7df6f09152d89 | CVE-2022-26134 | 2022-06-03 05:48:38 | Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134) | 详情 |
| eebe93468b36d2ca24cf4b82136a5635 | CVE-2022-30190 | 2022-05-31 13:57:17 | Microsoft Windows MSDT 远程代码执行漏洞(CVE-2022-30190) | 详情 |
| 95525e3f5907a776dc7cd4f87f2e2154 | 2022-05-23 07:11:04 | Fastjson 反序列化漏洞 | 详情 | |
| 945fd6e612634d9721f861833f1ecb75 | CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923 | 2022-05-11 03:45:48 | 微软2022年5月补丁日漏洞通告 | 详情 |
| e2938ff82d0cc152508e0240697def4c | CVE-2022-1388 | 2022-05-06 05:53:04 | F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388) | 详情 |
| bcf7253d2ee580c618737de137d370c4 | CVE-2022-29464 | 2022-04-22 02:21:17 | WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464) | 详情 |
| 07c09799b08afb04c63a9de750b70aca | CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904 | 2022-04-13 07:51:00 | 微软2022年4月补丁日漏洞通告 | 详情 |
| f5b543501ed5679d423411edac502e24 | CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 | 2022-04-08 03:49:31 | VMware 产品多个高危漏洞通告 | 详情 |
| f421bcdb306e2bc1ffbf58fcb024a0dd | 2022-03-29 17:11:30 | Spring 框架远程代码执行漏洞 | 详情 | |
| 0473358d95e58c7c3f2e7db0109f56f4 | 2022-03-29 17:11:30 | Spring Framework 远程代码执行漏洞(CVE-2022-22965) | 详情 | |
| a888c948ca1172f8a06a3879479f1de4 | CVE-2022-22965 | 2022-03-29 17:11:30 | Spring Framework 远程代码执行漏洞(CVE-2022-22965) | 详情 |
| 71ed541bb737196268b75c7ba435e1a9 | 2022-03-28 04:57:30 | Spring Cloud Function SpEL表达式注入漏洞 | 详情 | |
| f7a5dcd376be777c6593a29b8ebd411a | CVE-2022-0778 | 2022-03-18 07:09:22 | OpenSSL拒绝服务漏洞(CVE-2022-0778) | 详情 |
| 6c4124fed44906a79843cd2dd383c695 | CVE-2022-0847 | 2022-03-15 03:32:03 | Linux Kernel本地提权漏洞(CVE-2022-0847) | 详情 |
| a2795e4829bff16f108cf191eba663c3 | CVE-2022-21990, CVE-2022-24508, CVE-2022-23277 | 2022-03-11 02:14:56 | 微软2022年3月补丁日漏洞通告 | 详情 |
| d09f0641bf65c64a16d802cd78e14097 | CVE-2022-0847 | 2022-03-08 08:23:08 | Linux 内核本地提权漏洞(CVE-2022-0847) | 详情 |
| 69052e2a8c09416f5df674f92cba25a6 | CVE-2022-22947 | 2022-03-02 11:42:55 | Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947) | 详情 |
| 5f42b6f584a9ace426787dc8dfd6e6e5 | 2022-02-16 10:44:18 | 向日葵远程命令执行漏洞(CNVD-2022-10270) | 详情 | |
| 79556071f6236ab4674f75b3beee4d79 | CVE-2022-24112 | 2022-02-11 06:13:35 | Apache APISIX 远程代码执行漏洞 (CVE-2022-24112) | 详情 |
| 485f2c57713f4a39830e8c2d01e43cfe | CVE-2021-4034 | 2022-01-26 06:19:16 | Linux Polkit 权限提升漏洞(CVE-2021-4034) | 详情 |
| 0aa6eab412c0318b74c6a470ee774df1 | CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 | 2022-01-12 03:44:50 | 微软2022年1月补丁日漏洞通告 | 详情 |
| 88a8c676b52a739c0335d7c21ca810a9 | 2022-01-06 08:19:17 | MeterSphere 远程代码执行漏洞 | 详情 | |
| 76cad61d2d5a8750a6a714ab2c6dbc97 | CVE-2021-45232 | 2021-12-28 10:31:16 | Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) | 详情 |
| af4f5f63390eb00de8705b5029d8c376 | CVE-2021-44228, CVE-2021-45046 | 2021-12-14 01:56:52 | Apache Log4j 远程代码执行漏洞 | 详情 |
| 红后 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 5e72f72808c6e1e47e9f80829337e8e2 | CVE-2023-26290 | 2023-04-08 20:21:08 |
FORCEPOINT Multiple product Vulnerability | 详情 |
| c90eeb78c112dcad9fcb467535662a5b | CVE-2022-27641 | 2023-04-08 20:21:01 |
NETGEAR R6700安全漏洞 | 详情 |
| c949e71f2223bf40980b3f86897b598a | CVE-2022-43473 | 2023-04-08 20:20:48 |
ZOHOCORP Multiple product Vulnerability | 详情 |
| daf1a696a25cafc32e968148344f0c2f | CVE-2022-27644 | 2023-04-08 20:20:41 |
Netgear R6700v3 授权问题漏洞 | 详情 |
| 83e07ea55f22796452ff0f4852c4c216 | CVE-2022-48434 | 2023-04-08 20:20:34 |
FFMPEG FFMPEG Vulnerability | 详情 |
| 44ec8f873599c16c3851355a4cd0452e | CVE-2022-28303 | 2023-04-08 20:20:20 |
Bentley Systems MicroStation 资源管理错误漏洞 | 详情 |
| 2c6530021cf5718e2a44d1eb8783e41c | CVE-2023-28158 | 2023-04-07 20:20:36 |
APACHE ARCHIVA Vulnerability | 详情 |
| 4d344bad548c9e0be37dc0c5c1231b58 | CVE-2022-28301 | 2023-04-07 20:20:22 |
Bentley Systems MicroStation 代码注入漏洞 | 详情 |
| 59b076d644137c0b1a62803b82f39bec | CVE-2022-28302 | 2023-04-07 20:20:09 |
Bentley Systems MicroStation 代码注入漏洞 | 详情 |
| c4d363e50449b3065a5106d160644143 | CVE-2023-1702 | 2023-04-06 20:24:18 | PIMCORE PIMCORE Vulnerability | 详情 |
| 8a7b124c69b70272e53fa0c9e966e66a | CVE-2023-1701 | 2023-04-06 20:24:12 | PIMCORE PIMCORE Vulnerability | 详情 |
| ae4e9e76a407c781c0b4825fe4581813 | CVE-2023-1655 | 2023-04-06 20:24:05 | GPAC GPAC Vulnerability | 详情 |
| b8dbd55b8f39069c6ff3d6382dfedaec | CVE-2023-1703 | 2023-04-06 20:23:58 | PIMCORE PIMCORE Vulnerability | 详情 |
| c0df7a7ae3fbb9d5b91e220d71ae6ec9 | CVE-2023-25818 | 2023-04-06 20:23:52 | NEXTCLOUD NEXTCLOUD_SERVER Vulnerability | 详情 |
| 67393c047d3d92ccb81575ab2e10e0e7 | CVE-2023-1704 | 2023-04-06 20:23:45 | PIMCORE PIMCORE Vulnerability | 详情 |
| b5e0ef88d0713d885cb5769035460ace | CVE-2022-41354 | 2023-04-06 20:23:39 | LINUXFOUNDATION ARGO-CD Vulnerability | 详情 |
| 58d87140963226e3a0f6eb3148f47ecd | CVE-2023-1074 | 2023-04-06 20:23:32 | LINUX LINUX_KERNEL Vulnerability | 详情 |
| 05ff0e2d19571c31491fc0969aab1359 | CVE-2020-36666 | 2023-04-06 20:23:25 | E-PLUGINS Multiple product Vulnerability | 详情 |
| 895b9a6a95a9c3b2c5cd78993530a078 | CVE-2023-25661 | 2023-04-06 20:23:19 | GOOGLE TENSORFLOW Vulnerability | 详情 |
| c063a6a1767183ad02e81b783049db62 | CVE-2022-48427 | 2023-04-04 20:22:59 | JETBRAINS TEAMCITY Vulnerability | 详情 |
| 5e48d8cfdce1366a5067a6dfd51c984d | CVE-2023-0955 | 2023-04-04 20:22:39 | VERONALABS WP_STATISTICS Vulnerability | 详情 |
| 8f91c7b16f68156765b0cacf5e8f90fc | CVE-2023-25828 | 2023-04-04 20:22:33 | PLUCK-CMS PLUCK Vulnerability | 详情 |
| 9751547b4222c21877f1f494260e8d1f | CVE-2023-25195 | 2023-04-04 20:22:26 | APACHE FINERACT Vulnerability | 详情 |
| 0b271fe26ce7abf16afa964f9df2a50d | CVE-2022-48357 | 2023-04-04 20:22:12 | HUAWEI Multiple product Vulnerability | 详情 |
| 17fdd239cb6f1f398d0fb1691d89cf70 | CVE-2022-48430 | 2023-04-03 20:22:09 | JETBRAINS INTELLIJ_IDEA Vulnerability | 详情 |
| bbd4361b93b88b88cf88c1adddbf7da1 | CVE-2022-47438 | 2023-04-03 20:21:55 | WPDEVART BOOKING_CALENDAR Vulnerability | 详情 |
| d20451c070ea907d45c35c52f2063f43 | CVE-2023-1654 | 2023-04-03 20:21:49 | GPAC GPAC Vulnerability | 详情 |
| f0b7b074099c70b40686b887f6908093 | CVE-2022-48432 | 2023-04-03 20:21:42 | JETBRAINS INTELLIJ_IDEA Vulnerability | 详情 |
| ce031893a988276579d90ce002815295 | CVE-2022-48428 | 2023-04-03 20:21:36 | JETBRAINS TEAMCITY Vulnerability | 详情 |
| d7b482edeec18079f83ed7b07bf0b6fc | CVE-2022-48431 | 2023-04-03 20:21:29 | JETBRAINS INTELLIJ_IDEA Vulnerability | 详情 |
| 绿盟 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 7efd87d2537d4fb4df1be2dd30d2b308 | CVE-2023-20616 | 2023-04-07 09:12:40 |
MediaTek Chipsets越界读取漏洞 | 详情 |
| 448eb139c7c0878d84920c278118773b | CVE-2022-27893 | 2023-04-07 05:12:18 |
Palantir Foundry Magritte plugin osisoft-pi-web-connector信息泄露漏洞 | 详情 |
| 34528926b7021a6f7211f0fdca815c26 | CVE-2022-25746 | 2023-04-07 03:13:38 |
Qualcomm多款产品缓冲区溢出漏洞 | 详情 |
| e3813dd8474ce264d4d602e78039214a | CVE-2022-3721 | 2023-04-07 03:13:38 |
Froxlor跨站脚本漏洞 | 详情 |
| 54b02824c1c7210a14b04f79527ef9ab | CVE-2023-20610 | 2023-04-07 03:13:38 |
MediaTek Chipsets内存破坏漏洞 | 详情 |
| 5fd6e3988854e779ccd87b5d023167d8 | CVE-2022-25725 | 2023-04-07 03:13:38 |
Qualcomm多款产品内存错误引用漏洞 | 详情 |
| a2693421cfe5cc06bf915464525edcf9 | CVE-2022-32656 | 2023-04-06 09:12:40 | MediaTek Chipsets权限提升漏洞 | 详情 |
| 16088344a7f504d5ecc0a4499f07302a | CVE-2022-32595 | 2023-04-06 09:12:40 | MediaTek Chipsets越界读取漏洞 | 详情 |
| 201fceeebeb34b0cf5c72ae77d98f2b5 | CVE-2022-32642 | 2023-04-06 09:12:40 | MediaTek Chipsets内存破坏漏洞 | 详情 |
| da61e18c5f2fea8b83d2b347e4541136 | CVE-2022-32654 | 2023-04-06 09:12:40 | MediaTek Chipsets权限提升漏洞 | 详情 |
| 6c25d172a85f69f44b8aa4c144890d97 | CVE-2023-20602 | 2023-04-06 09:12:40 | MediaTek Chipsets越界写入漏洞 | 详情 |
| 18e6ffe471515f1ecb7aa2cff56a1498 | CVE-2022-32663 | 2023-04-06 09:12:40 | MediaTek Chipsets拒绝服务漏洞 | 详情 |
| 3e5fe75e9af3fb677d0e4e664e33f2c4 | CVE-2022-22088 | 2023-04-06 09:12:40 | Qualcomm多款产品缓冲区溢出漏洞 | 详情 |
| a316005d1152716e971a75dd0fb0ce4a | CVE-2023-20609 | 2023-04-06 09:12:40 | MediaTek Chipsets越界读取漏洞 | 详情 |
| 36070e773df9204ae3677bd524f40037 | CVE-2022-32655 | 2023-04-06 09:12:40 | MediaTek Chipsets输入验证错误漏洞 | 详情 |
| bbec24b894aba5b56c3c37bcff68eb67 | 2023-04-06 03:13:38 | Intel(R) oneAPI DPC++/C++ Compiler和Intel Fortran Compiler不受控制的搜索路径元素漏洞(CVE-2022- | 详情 | |
| b27e77b957b64d97e48a547af5d4d7c6 | CVE-2022-41342 | 2023-04-06 03:13:38 | Intel(R) C++ Compiler Classic权限提升漏洞 | 详情 |
| f0ed9ff9ca216a6efb8ff59baf528ac9 | CVE-2022-40196 | 2023-04-06 03:13:38 | Intel(R)访问控制错误漏洞 | 详情 |
| 41509948118d11fbea297a4543725001 | CVE-2023-0106 | 2023-04-06 03:13:38 | Memos跨站脚本漏洞 | 详情 |
| 071b4463ed7233abeb7fe6d73bd479d3 | CVE-2022-22079 | 2023-04-06 03:13:38 | Qualcomm多款产品越界读取漏洞 | 详情 |
| 811c67990484639a3175179f9895da2f | CVE-2022-4489 | 2023-04-06 03:13:38 | WordPress plugin HUSKY不受信数据反序列化漏洞 | 详情 |
| 7cdcbab3ce3378ffe881f4dc6c639488 | CVE-2021-45446 | 2023-04-06 03:13:38 | Hitachi Pentaho Business Analytics信息泄露漏洞 | 详情 |
| 55c918d3e77b747b976c98c7620ac350 | CVE-2022-42744 | 2023-04-06 03:13:38 | CandidATS SQL注入漏洞 | 详情 |
| 8c6eccdb16cc3469ff6d7a8b9513acfb | CVE-2022-43989 | 2023-04-06 03:13:38 | SICK SIM Series访问控制错误漏洞 | 详情 |
| 9bfc2c467cca6169a0fdcd652052645f | CVE-2022-25923 | 2023-04-06 03:13:38 | Exec-local-bin命令注入漏洞 | 详情 |
| 1d512cafe01b350d157c0a555af4f0f6 | CVE-2023-20604 | 2023-04-06 03:13:38 | MediaTek Chipsets越界写入漏洞 | 详情 |
| 7a40315fe6b60994461d5c03c98e6ea2 | CVE-2022-40204 | 2023-04-04 11:10:45 | Digital Alert Systems DASDEC EAS跨站脚本漏洞 | 详情 |
| 6cf8619382f24247569550bf41845a4e | CVE-2022-40204 | 2023-04-04 09:12:57 | Digital Alert Systems DASDEC EAS跨站脚本执行漏洞 | 详情 |
| 1cb69e5b2e2a3a51bc7d0f86bc92cbdb | CVE-2022-42314 | 2023-04-04 09:12:57 | Xenstore拒绝服务漏洞 | 详情 |
| ad4aa782703c3655cb163613b9fcba20 | CVE-2022-42314 | 2023-04-04 09:12:57 | Xenstore拒绝服务漏洞 | 详情 |
| 美国国家漏洞数据库(NVD) [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 3d36076c8b76e61435479daa886590da | CVE-2023-26529 | 2023-04-03 13:15:07 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DupeOff.Com DupeOff plugin <= 1.6 versions. | 详情 |
| 61a9df0c4f6db30ac1f037a972967aa5 | CVE-2023-26119 | 2023-04-03 05:15:07 | Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. | 详情 |
| e057669adecec7c59a3c884da69846a7 | CVE-2023-26283 | 2023-04-02 21:15:08 | IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416. | 详情 |
| 38bffdd5628ce5fbd49d845cad6c0fbb | CVE-2023-26822 | 2023-04-01 23:15:07 | D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main. | 详情 |
| 37b37de7ce3156e8f468dd35fea61fdf | CVE-2023-28464 | 2023-03-31 16:15:07 | hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. | 详情 |
| d8e0d7ad7394f2393635c4958e162b51 | CVE-2023-28727 | 2023-03-31 07:15:06 | Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers. | 详情 |
| f6ec5bd77449ecc6b9d779d618a7eb83 | CVE-2023-28726 | 2023-03-31 07:15:06 | Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands. | 详情 |
| 8fc669e7e0ee473e28980b38152ebed6 | CVE-2023-26692 | 2023-03-30 20:15:07 | ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Management System (ZBBS) 4.14k is vulnerable to Cross Site Scripting (XSS). | 详情 |
| 5196339959d9d5240b605c2036c4b7d3 | CVE-2023-26482 | 2023-03-30 19:15:06 | Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs, invoking webhooks or running scripts on the server. Due to this combination depending on the available apps the issue can result in a RCE at the end. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should disable app `workflow_scripts` and `workflow_pdf_converter` as a mitigation. | 详情 |
| b86c410c85eaae3674f0b9280552fd18 | CVE-2023-28733 | 2023-03-30 12:15:07 | AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0. | 详情 |
| 1def7c4dab22a0b86b7b3fdf70bd28a2 | CVE-2023-28732 | 2023-03-30 12:15:07 | Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin in versions below 8.3.0. | 详情 |
| 91e12cb5ac472a3b50e655b2b11dccf3 | CVE-2023-28731 | 2023-03-30 12:15:07 | AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0. | 详情 |
| 55086a2bd5b1da04ebb2a5d227ea69c0 | CVE-2023-26118 | 2023-03-30 05:15:07 | All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | 详情 |
| 2cceffe738be2c1fda1cff8e0671623f | CVE-2023-26117 | 2023-03-30 05:15:07 | All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | 详情 |
| 217c5a7401ac4eb3a81e40b8c1a3e6f9 | CVE-2023-26116 | 2023-03-30 05:15:07 | All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | 详情 |
| 60df86fc635b8af646ea583fc15adce4 | CVE-2023-28506 | 2023-03-29 21:15:08 | Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow, where a string is copied into a buffer using a memcpy-like function and a user-provided length. This requires a valid login to exploit. | 详情 |
| d133efa8f76675a1cd1a64da2c557f69 | CVE-2023-28505 | 2023-03-29 21:15:08 | Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a buffer overflow in an API function, where a string is copied into a caller-provided buffer without checking the length. This requires a valid login to exploit. | 详情 |
| 5ebf2fe2afcdc7408ddb25e9c288b402 | CVE-2023-28504 | 2023-03-29 21:15:08 | Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow that can lead to remote code execution as the root user. | 详情 |
| c264eeea89daeedd1634863fe79c6672 | CVE-2023-28503 | 2023-03-29 21:15:08 | Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user. | 详情 |
| 0ab124d077c7a7fc4a00bb6e130ec4f7 | CVE-2023-28502 | 2023-03-29 21:15:08 | Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow in the "udadmin" service that can lead to remote code execution as the root user. | 详情 |
| 09b66d1cf33550035c445af461a9016c | CVE-2023-28501 | 2023-03-29 20:15:07 | Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based buffer overflow in the unirpcd daemon that, if successfully exploited, can lead to remote code execution as the root user. | 详情 |
| 88d427dfafb4ea20355057e7785ef63f | CVE-2023-25809 | 2023-03-29 19:15:22 | runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec --rootless`; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host . Other users's cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. Users unable to upgrade may unshare the cgroup namespace (`(docker|podman|nerdctl) run --cgroupns=private)`. This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts. or add `/sys/fs/cgroup` to `maskedPaths`. | 详情 |
| e9a163b6bb3df56bdd9af6ab7e6808e0 | CVE-2023-26292 | 2023-03-29 17:15:07 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_submit.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_submit.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. | 详情 |
| 4d644aca79da3f3d51011b23bba08017 | CVE-2023-26291 | 2023-03-29 17:15:07 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_form.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. | 详情 |
| 02d1612bf68579e09c87ff3907b74082 | CVE-2023-26290 | 2023-03-29 17:15:07 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_reset_request.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. | 详情 |
| a6602af107af95d4b796792b1eea4032 | CVE-2023-1575 | 2023-03-29 15:15:07 | The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 详情 |
| cd55dba3e762bb52cb6aff3e8c08d3e1 | CVE-2023-26982 | 2023-03-29 15:15:07 | Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function. | 详情 |
| 9ed769e7bf6f8cdbe919cdeaefd75084 | CVE-2023-28892 | 2023-03-29 15:15:07 | Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link. | 详情 |
| eadebb69b20d8e745f988a6797f5602e | CVE-2023-28158 | 2023-03-29 13:15:08 | Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user. | 详情 |
| 2096ac7e28ead9d261d8d4b54fba9301 | CVE-2023-28718 | 2023-03-28 21:15:11 | Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. This may allow an attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website. | 详情 |
| 阿里云 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 62b07d0b48c8ca3669c0435019408dda | AVD-2023-1661544 | 2023-04-06 07:35:04 | Apache StreamPark 默认口令漏洞 | 详情 |
| 74d9cf90a7f1a340debfe568d33eeadf | CVE-2023-1177 | 2023-03-24 02:24:16 | MLFlow 任意文件读取漏洞(CVE-2023-1177) | 详情 |
| 92226bea26903314c764c04e384177f7 | CVE-2023-28432 | 2023-03-23 11:11:26 | MinIO 信息泄露漏洞(CVE-2023-28432) | 详情 |
| 5edd7c4071bb77d8a130ee7b35f51c57 | AVD-2023-1659052 | 2023-03-22 07:35:41 | Array VPN client_sec 远程代码执行漏洞 | 详情 |
| 914ef40d9a44f4bc51d3befd3635319d | CVE-2023-1454 | 2023-03-17 08:17:55 | jmreport qurestSql SQL注入漏洞(CVE-2023-1454) | 详情 |
| 3bd2d46d63152745fac3e64129c9e0a1 | CVE-2023-23415 | 2023-03-15 08:18:00 | Microsoft ICMP远程代码执行漏洞(CVE-2023-23415) | 详情 |
| 0f48dd6d49f9d0f8f05041f5a82b6010 | AVD-2023-1655789 | 2023-03-14 10:17:22 | Nacos 默认 secret.key 配置不当权限绕过漏洞 | 详情 |
| 3c210c63b950db1f6af9dd470e5a6994 | CVE-2023-23638 | 2023-03-08 11:35:53 | Apache Dubbo 反序列化远程代码执行漏洞(CVE-2023-23638) | 详情 |
| 81f39b329ea4475db25309e47f96a16e | AVD-2023-1656560 | 2023-02-24 07:13:17 | Smartbi Stub DB2补丁绕过 远程代码执行漏洞 | 详情 |
| 8049f202b7242403de11276729076a94 | CVE-2022-39952 | 2023-02-17 08:18:27 | FortiNAC keyUpload zipslip 远程代码执行漏洞(CVE-2022-39952) | 详情 |
| 7069358b6d3ce19f3df3eeb2db587f88 | CVE-2023-23752 | 2023-02-17 02:39:59 | Joomla Rest API 未授权访问漏洞(CVE-2023-23752) | 详情 |
| d287d6753b8e76d3d417b975704fc5cc | CVE-2023-25194 | 2023-02-08 11:11:39 | Apache Kafka Connect 远程代码执行漏洞(CVE-2023-25194)(CVE-2023-25194) | 详情 |
| 621b2257589d0e38a94fdf1307dd4115 | CVE-2023-25194 | 2023-02-08 08:18:03 | Apache Kafka 远程代码执行漏洞(CVE-2023-25194) | 详情 |
| 534e9f7b6ec3809adcaf63d4ceca86de | CVE-2023-25194 | 2023-02-08 02:36:46 | Apache Kafka Connect 远程代码执行漏洞(CVE-2023-25194) | 详情 |
| 3c1c79c3b7307225f21d1a51f7d54f9c | CVE-2023-0669 | 2023-02-07 03:19:26 | Goanywhere MFT lic/accept 远程代码执行漏洞(CVE-2023-0669) | 详情 |
| 16a841cb13c0e675572a2f15e4234afd | CVE-2023-23477 | 2023-02-04 02:40:42 | WebSphere Application Server远程代码执行漏洞(CVE-2023-23477) | 详情 |
| 9f0c569d30455ce4e57082015c292bf5 | CVE-2022-47986 | 2023-02-03 06:17:32 | Aspera Faspex Yaml 反序列化漏洞(CVE-2022-47986) | 详情 |
| b6ad9db978b17e5033be06fa95beb6f7 | CVE-2023-25135 | 2023-02-03 06:17:32 | vBulletin searchprefs phar反序列化代码执行漏洞(CVE-2023-25135) | 详情 |
| c095f3f69af795ffb11108ff3995723d | CVE-2023-23924 | 2023-02-01 03:15:01 | Dompdf SVG URI 代码执行漏洞(CVE-2023-23924) | 详情 |
| 484a47e08254dbb7754c7a6b8747deab | AVD-2023-1658131 | 2023-01-28 08:17:48 | Weaver OA workflowrequestservlet XXE漏洞 | 详情 |
| 0360c83ce3d8632eec54e2bde613af23 | CVE-2022-47966 | 2023-01-19 08:38:46 | Zoho ManageEngine SAML 任意代码执行漏洞(CVE-2022-47966) | 详情 |
| c2265dd0867eb475edcfd8f8658a08ec | CVE-2023-21839 | 2023-01-18 09:14:03 | Oracle WebLogic T3/IIOP 反序列化漏洞(CVE-2023-21839) | 详情 |
| e4a37cce270f6022eeac9e202c862bba | CVE-2023-21839 | 2023-01-18 03:16:07 | Oracle WebLogic 身份验证绕过漏洞(CVE-2023-21839) | 详情 |
| 70dbfd4c38df9220312ee3605d9861e8 | CVE-2023-22480 | 2023-01-14 08:38:46 | KubeOperator 前台kubeconfig下载漏洞(CVE-2023-22480) | 详情 |
| 06aaa6a60606a73bdc39c99d4311bbcd | AVD-2023-1651310 | 2023-01-06 09:37:08 | 禅道项⽬管理系统权限绕过与命令执行漏洞 | 详情 |
| bb85f0abb1dea87473959b9b5f05b395 | AVD-2023-1651310 | 2023-01-06 09:15:11 | 禅道研发项⽬管理系统权限绕过与命令注⼊漏洞 | 详情 |
| ae7d68caba61a66a88a3bd5a6fdd1a04 | AVD-2023-1651310 | 2023-01-06 06:17:30 | 禅道研发项⽬管理系统命令注⼊漏洞 | 详情 |
| 3c7175c4d1f163014837f243f7613887 | CVE-2022-44877 | 2023-01-06 03:14:38 | Control Web Panel login 远程命令执行漏洞(CVE-2022-44877) | 详情 |
| 1a3be5737bfb535dd4eca7be5d6947d3 | CVE-2022-43396 | 2022-12-30 11:11:07 | Apache Kylin 命令注入漏洞(CVE-2022-43396) | 详情 |
| 84e8f7352649abc83d6486cd3eeb3a1c | CVE-2022-44621 | 2022-12-30 11:11:07 | Apache Kylin 命令注入漏洞(CVE-2022-44621) | 详情 |