眈眈探求 | 威胁情报播报


360 网络安全响应中心 [TOP 30] CVES TIME TITLE URL
c33d5d851f0eb017b3b3d40b27c4d5c0 2022-06-27 06:33:50 安全事件周报 (06.20-06.26) 详情
d8b60386ddf5aa6cb6b94d7bfdf15dab CVE-2022-21445 2022-06-24 08:59:13 Oracle JDeveloper ADF Faces 远程代码执行漏洞 详情
a722f1a07507fe9913ccf9b7c41d4fd1 2022-06-20 06:54:29 安全事件周报 (06.13-06.19) 详情
c2186167548f01d8ddfd96db86c40836 2022-06-15 08:29:35 2022-06 补丁日: 微软多个漏洞安全更新通告 详情
64389458cdb7503bb3b28aeafe20ffd4 2022-06-13 06:39:43 安全事件周报 (06.06-06.12) 详情
fb61c3ffe8c8e3aede718d3132feee90 2022-06-06 08:31:59 安全事件周报 (05.30-06.05) 详情
049da3841ebfd8fef5c9f3d1b5d87ef5 CVE-2022-26134 2022-06-04 02:50:19 CVE-2022-26134:Confluence OGNL 注入漏洞通告 详情
eaa2767b3c416d86dd05499c697c12e0 CVE-2022-30190 2022-06-02 02:14:38 [更新1.0] CVE-2022-30190:Microsoft Windows 支持诊断工具(MSDT)远程代码执行漏洞通告 详情
83e498526ca0d7c026a64a69f33d4a56 CVE-2022-30190 2022-06-01 08:36:19 CVE-2022-30190:Microsoft Windows 支持诊断工具(MSDT)远程代码执行漏洞通告 详情
d98de03075a051648774441a82d8ae09 2022-05-30 06:37:51 安全事件周报 (05.23-05.29) 详情
1caf614a1af92b187c5895f16e8959a0 2022-05-23 09:33:30 安全事件周报 (05.16-05.22) 详情
f63fd1cacab86b35d70c7794b00917c5 2022-05-23 07:36:08 Fastjson 反序列化漏洞通告 详情
fb66abd7a3d6f14fee26094115b0cb07 2022-05-16 08:37:44 安全事件周报 (05.09-05.16) 详情
f2f40e27fe16636b0d782bbb2b255af3 2022-05-11 07:04:18 2022-05 补丁日:微软多个漏洞安全更新通告 详情
936cf72cc38fb6e1679e4f30124016d5 2022-05-09 06:18:57 安全事件周报 (04.25-05.08) 详情
10191c5c70179ec2e0a6487b13389bef CVE-2022-1388 2022-05-06 07:09:23 CVE-2022-1388:F5 BIG-IP iControl REST身份验证绕过漏洞 详情
e2a962f9ffebd7d5a97382cd030ba8d2 CVE-2022-24706 2022-04-27 09:24:38 CVE-2022-24706:Apache CouchDB 远程代码执行漏洞通告 详情
42f7b238e3fcf3ff6591aece7b0693da 2022-04-25 08:24:24 安全事件周报 (04.18-04.24) 详情
794b588b98e3c8865de32c3b6fa6f8bd CVE-2022-0540 2022-04-21 07:45:57 CVE-2022-0540:Jira 身份验证绕过漏洞风险通告 详情
6269f651513b7b6a74ce8e6b15a6cb40 CVE-2022-0540 2022-04-21 07:15:38 CVE-2022-0540:Jira 身份认证绕过漏洞风险通告 详情
7eb322a673ef3c0b19410bdc96ba293b 2022-04-20 08:34:00 2022-04 补丁日: Oracle多个产品漏洞安全风险通告 详情
976cf8c971c9110deb43a103d5871c8a 2022-04-18 07:45:49 安全事件周报 (04.11-04.17) 详情
50e765bbe0968ff4c8d0119a3006a697 CVE-2022-1364 2022-04-15 10:41:15 CVE-2022-1364:Google Chrome V8类型混淆漏洞 详情
eb9f978360abd857f1444312ba91b859 2022-04-13 03:27:21 2022-04 补丁日: 微软多个漏洞安全更新通告 详情
b35a4f0535638825028460eb19b81973 CVE-2021-31805 2022-04-13 02:19:24 CVE-2021-31805:Apache Struts2远程代码执行漏洞通告 详情
6d56b9c4c8aa793989e3b840c3138cb9 2022-04-11 07:42:43 双平台挖矿僵尸网络Sysrv-hello加持新漏洞再度来袭 详情
7f540b1dbbe25045f70683a01ea68166 2022-04-11 07:07:10 安全事件周报 (04-04 ~ 04-10) 详情
9c88cce7f283abbe0d2ca73f017c7cca CVE-2022-1162 2022-04-07 09:40:36 Gitlab 硬编码漏洞通告 详情
e7c1b670f81a9e6ec46db927363c7420 2022-04-06 08:50:12 安全事件周报 (03-28 ~ 04-03) 详情
e4765c9e52e2c09c66d06d82bc951934 2022-03-28 07:28:54 安全事件周报 (03.21-03.27) 详情

Tenable (Nessus) [TOP 30] CVES TIME TITLE URL
4ccaafb75bb36d4993bae7fd1f05dfa0 CVE-2022-34134 2022-06-28 00:15:00 Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php. 详情
275290c3b08839d3e0f0ec8e49ca14d2 CVE-2022-34133 2022-06-28 00:15:00 Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php. 详情
f262df2d60880acefc0e70db0bd7ef1f CVE-2022-34132 2022-06-28 00:15:00 Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php. 详情
44b7408980fd381b21b8d6d9d05a8973 CVE-2022-31104 2022-06-28 00:15:00 Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bugs were presented in the `i8x16.swizzle` and `select` WebAssembly instructions. The `select` instruction is only affected when the inputs are of `v128` type. The correspondingly affected Cranelift instructions were `swizzle` and `select`. The `swizzle` instruction lowering in Cranelift erroneously overwrote the mask input register which could corrupt a constant value, for example. This means that future uses of the same constant may see a different value than the constant itself. The `select` instruction lowering in Cranelift wasn't correctly implemented for vector types that are 128-bits wide. When the condition was 0 the wrong instruction was used to move the correct input to the output of the instruction meaning that only the low 32 bits were moved and the upper 96 bits of the result were left as whatever the register previously contained (instead of the input being moved from). The `select` instruction worked correctly if the condition was nonzero, however. This bug in Wasmtime's implementation of these instructions on x86_64 represents an incorrect implementation of the specified semantics of these instructions according to the WebAssembly specification. The impact of this is benign for hosts running WebAssembly but represents possible vulnerabilities within the execution of a guest program. For example a WebAssembly program could take unintended branches or materialize incorrect values internally which runs the risk of exposing the program itself to other related vulnerabilities which can occur from miscompilations. We have released Wasmtime 0.38.1 and cranelift-codegen (and other associated cranelift crates) 0.85.1 which contain the corrected implementations of these two instructions in Cranelift. If upgrading is not an option for you at this time, you can avoid the vulnerability by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other aarch64 hosts are not affected. Note that s390x hosts don't yet implement the simd proposal and are not affected. 详情
273bcdec4d9f883ef8a77a027f4cecd9 CVE-2022-33009 2022-06-27 23:15:00 A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file. 详情
3447d8283fe9caa4484f5f7891593c07 CVE-2022-32995 2022-06-27 23:15:00 Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. 详情
f996951b366492e489b6409fa20249b4 CVE-2022-32994 2022-06-27 23:15:00 Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. 详情
fd069dd280238c4fb041000d007cf42c CVE-2022-31103 2022-06-27 23:15:00 lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter), therefore everyone using react-letter is also at risk. The problem has been patched in version 1.0.2. 详情
d210e05bc289eadc72912d18b83ffabd CVE-2022-31101 2022-06-27 23:15:00 prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue. 详情
5aafa6e07fd3bf3597ee5e94d0918091 CVE-2022-31099 2022-06-27 23:15:00 rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the process running rulex aborts due to a stack overflow. The crash is fixed in version **0.4.3**. Affected users are advised to update to this version. There are no known workarounds for this issue. 详情
e1c91b728e27c9220f1f91f4893997ff CVE-2022-33879 2022-06-27 22:15:00 The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1. 详情
ac884ae101ec5d8021e06fc7f243eb07 CVE-2022-33007 2022-06-27 22:15:00 TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main. 详情
23ab4a169a4aec0f5d872bb84b2e2552 CVE-2022-32092 2022-06-27 22:15:00 D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. 详情
b7fd5a7976b7b8b54a86f074afe2ef2d CVE-2022-31100 2022-06-27 22:15:00 rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the thread running rulex panics. The crashes are fixed in version **0.4.3**. Affected users are advised to update to this version. The only known workaround for this issue is to assume that regular expression parsing will panic and to add logic to catch panics. 详情
12b538cc8b2d40df1ab7e42a77a1f76a CVE-2022-31035 2022-06-27 19:15:00 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin). The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no completely-safe workarounds besides upgrading. 详情
71ef002b3fb9a4efa6df43d481e2c615 CVE-2022-31034 2022-06-27 19:15:00 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the relevant spec or by general best practices. In some cases, using too short a value made the entropy even less sufficient. The attacks on login flows which are meant to be mitigated by these parameters are difficult to accomplish but can have a high impact potentially granting an attacker admin access to Argo CD. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no known workarounds for this vulnerability. 详情
3e1199d970d248086c7278bff1901332 CVE-2022-28622 2022-06-27 19:15:00 A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2. 详情
520af9ad6f6379f76c24cfc42347c31f CVE-2022-2221 2022-06-27 19:15:00 Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. 详情
76c25cdfdacf7551ae92343d679a922d CVE-2017-20099 2022-06-27 19:15:00 A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely. 详情
71ddf9a285dcf0e816011b2322b9ab64 CVE-2017-20098 2022-06-27 19:15:00 A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. 详情
4de8ecffd16f31beb2d315fb60b1b18e CVE-2022-28172 2022-06-27 18:15:00 The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device. 详情
2eca8e98b18bc9fd1c4f1a46f90848c5 CVE-2022-28171 2022-06-27 18:15:00 The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device. 详情
ac6cdc15affdab9e454292aa6173e3aa CVE-2022-28168 2022-06-27 18:15:00 In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. 详情
44653037ad87dce7660e2a83fa6f20bd CVE-2022-28167 2022-06-27 18:15:00 Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log 详情
e4dfa19f16bef3f9e60dca8dd86226b5 CVE-2022-2140 2022-06-27 17:15:00 Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters. 详情
ea6e1e454127c402a4673b0433c9f477 CVE-2022-2106 2022-06-27 17:15:00 Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files. 详情
cbcf8a38231bb79bfaeefba1013c7cca CVE-2022-2088 2022-06-27 17:15:00 An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0. 详情
51aafc99a7a17f3434ec50692eb94839 CVE-2021-33654 2022-06-27 17:15:00 When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception. 详情
8e58f05fef7657543cac1cff458c230f CVE-2021-33653 2022-06-27 17:15:00 When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception. 详情
8d74f2a43537362751e8d347893d9244 CVE-2021-33652 2022-06-27 17:15:00 When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception. 详情

国家信息安全漏洞共享平台(CNVD) [TOP 30] CVES TIME TITLE URL
8686fda9b2b49e4e1666b54e2248f935 CNVD-2021-74882 2021-11-14 16:43:52 四创科技有限公司建站系统存在SQL注入漏洞 详情
8f6972d84ad188b05ff9cc14d4334949 CNVD-2021-87021 (CVE-2020-4690) 2021-11-12 12:43:14 IBM Security Guardium硬编码凭证漏洞 详情
3bfe7b053a0c59d8a3d38c18f86aa143 CNVD-2021-87022 (CVE-2021-38870) 2021-11-12 12:43:12 IBM Aspera跨站脚本漏洞 详情
a4649bb17f4db4d1c7f879ebceb46ed0 CNVD-2021-87011 (CVE-2021-29753) 2021-11-12 12:43:11 IBM Business Automation Workflow存在未明漏洞 详情
094c613f9ed4b8b9d887dc912789043c CNVD-2021-87025 (CVE-2021-20563) 2021-11-12 12:43:10 IBM Sterling File Gateway信息泄露漏洞 详情
41c47f01a4c65dcb6efc9ebf483fe762 CNVD-2021-87010 (CVE-2021-38887) 2021-11-12 12:43:08 IBM InfoSphere Information Server信息泄露漏洞 详情
f51d33e7a09fd61ca90ede453515a830 CNVD-2021-87016 (CVE-2021-29764) 2021-11-12 12:43:07 IBM Sterling B2B Integrator跨站脚本漏洞 详情
33615a5f78df822e82e6d3436045c48c CNVD-2021-87026 (CVE-2021-38877) 2021-11-12 12:43:06 IBM Jazz for Service Management跨站脚本漏洞 详情
8e729177bcb4105dd831fb1e123ed1bb CNVD-2021-87014 (CVE-2021-29679) 2021-11-12 12:43:04 IBM Cognos Analytics远程代码执行漏洞 详情
1a3b856f78e9fbdca12aeddc7d665aca CNVD-2021-87029 (CVE-2021-29752) 2021-11-12 12:43:03 IBM Db2信息泄露漏洞 详情
6f1aa3a0cb819d97519baa47fd0232d5 CNVD-2021-87015 (CVE-2021-29745) 2021-11-12 12:43:02 IBM Cognos Analytics权限提升漏洞 详情
cbcb12f5f51d6e7d6d8a9fa581aa863a CNVD-2021-73908 2021-11-11 16:42:44 泛微e-cology存在SQL注入漏洞 详情
ae6fd467da55de31aa7219187cf5c2d4 CNVD-2021-86904 (CVE-2021-20351) 2021-11-11 08:31:46 IBM Engineering跨站脚本漏洞 详情
412a15b40959ed9cf9330ee79f99e079 CNVD-2021-86903 (CVE-2021-31173) 2021-11-11 08:31:44 Microsoft SharePoint Server信息泄露漏洞 详情
1cbc5d5faac431d3e82c9e5ea9588b5f CNVD-2021-86902 (CVE-2021-31172) 2021-11-11 08:31:43 Microsoft SharePoint欺骗漏洞 详情
686c7cfb20933b41c3d679cbba79a2ad CNVD-2021-86901 (CVE-2021-31181) 2021-11-11 08:31:42 Microsoft SharePoint远程代码执行漏洞 详情
72fdfb2d44c0d41d638e4632bdfc10b8 CNVD-2021-86900 (CVE-2021-3561) 2021-11-11 08:31:41 fig2dev缓冲区溢出漏洞 详情
3ba6f0e9394f9414e2cadb9495e2d5f5 CNVD-2021-85884 (CVE-2021-41210) 2021-11-10 07:24:57 Google TensorFlow堆分配数组越界读取漏洞 详情
4d8c4744ea972fb2fcb9673fea1fc7b7 CNVD-2021-85883 (CVE-2021-41226) 2021-11-10 07:24:56 Google TensorFlow堆越界访问漏洞 详情
8778f9cd924cae585ca5e2e0b8be3b3f CNVD-2021-85882 (CVE-2021-41224) 2021-11-10 07:24:54 Google TensorFlow堆越界访问漏洞 详情
e1b2722e6d5c509c680b584416d9cb20 CNVD-2021-85881 (CVE-2021-42770) 2021-11-10 07:24:53 OPNsense跨站脚本漏洞 详情
ed09c9fa5586e2d4d9b4e95fe3b447a0 CNVD-2021-85880 (CVE-2021-28024) 2021-11-10 07:24:52 ServiceTonic访问控制不当漏洞 详情
8a642f0922f7f915e81b2b947276a96c CNVD-2021-85879 (CVE-2021-28023) 2021-11-10 07:24:50 ServiceTonic任意文件上传漏洞 详情
c00b061c2cfdee4016a869a188135db5 CNVD-2021-85878 (CVE-2021-28022) 2021-11-10 07:24:49 ServiceTonic SQL注入漏洞 详情
9c4b20a28ad2bd4ab916448f0e1272bd CNVD-2021-85877 (CVE-2021-32483) 2021-11-10 07:24:48 Cloudera Manager不正确访问控制漏洞 详情
4d4423857b7b1f38e49738f00e8949ba CNVD-2021-85876 (CVE-2021-32481) 2021-11-10 07:24:46 Cloudera Hue跨站脚本漏洞 详情
6b12b7fc216d603e8e07351603851c86 CNVD-2021-85875 (CVE-2021-29994) 2021-11-10 07:24:45 Cloudera Hue跨站脚本漏洞 详情
72894fb3a3538de240d2f6810aae63c9 CNVD-2021-85892 (CVE-2021-42701) 2021-11-10 02:38:27 DAQFactory中间人攻击漏洞 详情
94a1f99a64ba24540cc1594d0a0b3152 CNVD-2021-85893 (CVE-2021-42699) 2021-11-10 02:38:26 DAQFactory明文传输漏洞 详情
5d9bac33be8f2f88391f6de02fb89c73 CNVD-2021-85894 (CVE-2021-42698) 2021-11-10 02:38:24 DAQFactory反序列化漏洞 详情

国家信息安全漏洞库(CNNVD) [TOP 30] CVES TIME TITLE URL
4cf6b4a672f84aa2b15a241eea4350f3 CNNVD-202206-2545 (CVE-2020-27509) 2022-06-26 13:01:38 Galaxkey 安全漏洞 详情
09919062e71689395c015584fc9f4bb0 CNNVD-202206-2546 (CVE-2022-34495) 2022-06-26 13:01:36 Linux kernel 安全漏洞 详情
d1e9409efd6a0d3174dff3bfa834bce6 CNNVD-202206-2547 (CVE-2022-34494) 2022-06-26 13:01:34 Linux kernel 安全漏洞 详情
6b6e1dadb96a4e21705b6ebd6a148c7a CNNVD-202206-2549 (CVE-2022-2206) 2022-06-26 13:01:31 Vim 缓冲区错误漏洞 详情
e98f2460398a44f05a5292e0cf24c85e CNNVD-202206-2539 (CVE-2022-31017) 2022-06-25 13:01:52 Zulip 安全漏洞 详情
3dc11e6eab103a9b7888f7884009519c CNNVD-202206-2540 (CVE-2022-29168) 2022-06-25 13:01:49 Wire 安全漏洞 详情
89aaa75b55eabbed982fe2f4ff49c801 CNNVD-202206-2541 (CVE-2022-24893) 2022-06-25 13:01:47 Espressif ESP-IDF 安全漏洞 详情
44669ada672f6d0dc60cfdc7b5227d23 CNNVD-202206-2542 (CVE-2022-29931) 2022-06-25 13:01:45 Raytion 安全漏洞 详情
d510fb30c4ee460d46af967833dfcaec CNNVD-202206-2543 (CVE-2022-34491) 2022-06-25 13:01:43 MediaWiki 安全漏洞 详情
2000b3b626ffc3d43ab52337f2116df7 CNNVD-202206-2544 (CVE-2019-25071) 2022-06-25 13:01:41 Apple iPhone 安全漏洞 详情
9b7bda074abfea1f1f673778af3738c0 CNNVD-202206-2317 (CVE-2022-29519) 2022-06-24 12:55:41 Yokogawa STARDOM 安全漏洞 详情
9ba41b96fd98844a21eabcb1477832f0 CNNVD-202206-2318 (CVE-2022-30997) 2022-06-24 12:55:38 Yokogawa STARDOM 安全漏洞 详情
7812e406058b408aec549263168be173 CNNVD-202206-2309 (CVE-2022-2121) 2022-06-23 12:56:01 OFFIS DCMTK 代码问题漏洞 详情
27cb27b9f28ee41033f5b5b631946cf0 CNNVD-202206-2310 (CVE-2022-26864) 2022-06-23 12:55:59 Dell BIOS 安全漏洞 详情
54bfe55788015ab28f3f320b76a3f165 CNNVD-202206-2311 (CVE-2022-2120) 2022-06-23 12:55:56 OFFIS DCMTK 安全漏洞 详情
2b6c5a07b60d5d416f1362602393b5b6 CNNVD-202206-2312 (CVE-2022-33146) 2022-06-23 12:55:54 web2py 安全漏洞 详情
33a8219bc7bff9db882b5d6a46c6409a CNNVD-202206-2313 (CVE-2022-2119) 2022-06-23 12:55:51 OFFIS DCMTK 路径遍历漏洞 详情
5d01eb301f2af6d485a4352e7471368d CNNVD-202206-2314 (CVE-2022-26863) 2022-06-23 12:55:49 Dell BIOS 安全漏洞 详情
15d53a42b1d64933bdc6647b074c1600 CNNVD-202206-2315 (CVE-2022-26862) 2022-06-23 12:55:46 Dell BIOS 安全漏洞 详情
541d4dbde22eb7213901965270a17812 CNNVD-202206-2316 (CVE-2022-2147) 2022-06-23 12:55:43 Cloudflare Warp 安全漏洞 详情
ac19612cfdbda7e091250ac62d38b2ea CNNVD-202206-2205 (CVE-2022-23079) 2022-06-22 12:57:13 motor-admin 安全漏洞 详情
31806d8736ea2a9e5f6fcde0c86a331a CNNVD-202206-2206 (CVE-2022-31091) 2022-06-22 12:57:10 Guzzle 安全漏洞 详情
1e353b790bedb7eef0e7026f93bdb7d9 CNNVD-202206-2207 (CVE-2022-32549) 2022-06-22 12:57:08 Apache Sling 安全漏洞 详情
202fc1170eed6894b1a0f314d83b61b6 CNNVD-202206-2208 (CVE-2022-23077) 2022-06-22 12:57:06 habitica 跨站脚本漏洞 详情
bbfa4f52e9d55ce7480cd58f8239043d CNNVD-202206-2209 (CVE-2022-23078) 2022-06-22 12:57:03 habitica 输入验证错误漏洞 详情
9f5966abbf2bd0b70161c85887660420 CNNVD-202206-2210 (CVE-2022-32159) 2022-06-22 12:57:01 openlibrary 跨站脚本漏洞 详情
91f2556d4580115f730986861fb94ae1 CNNVD-202206-2211 (CVE-2022-20828) 2022-06-22 12:56:59 Cisco Adaptive Security Appliance 安全漏洞 详情
e76eb46f330e56189347b02066d5b31e CNNVD-202206-2212 (CVE-2022-23080) 2022-06-22 12:56:56 Directus 代码问题漏洞 详情
353461199d46029315d4c7d027d88d59 CNNVD-202206-2213 (CVE-2022-23081) 2022-06-22 12:56:54 openlibrary 跨站脚本漏洞 详情
0319759bba8251f2aa21d934dc4bd6c9 CNNVD-202206-2214 (CVE-2022-20829) 2022-06-22 12:56:52 多款Cisco产品数据伪造问题漏洞 详情

奇安信 [TOP 30] CVES TIME TITLE URL
6bd01daffa85191c80698354fc8e252f wt QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
f749eac58b87d0954f0e4a84b5d67057 CVE-2020-1350 2020-07-15 15:57:00 QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 详情
90b93cb7073fe73b17746ac166a09637 CVE-2020-6819, CVE-2020-6820 2020-04-08 10:34:35 QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 详情
e318a5efa4803b50cdef480b90b1784d 2020-03-25 13:58:51 QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 详情
cffc3035f7899495cfeae521451f91b2 CVE-2020-0796 2020-03-12 10:32:09 QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 详情
3e6175d47d17c6f94bd9ba10d81c3717 CVE-2020-0674 2020-03-02 14:52:46 QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 详情
d99d073afb7d248a8a62fb068921997f CVE-2020-0601 2020-01-15 14:11:41 QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 详情
b7b45b14a3af1225ef6eec72d74964df CVE-2019-1367 2019-09-25 17:23:00 QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 详情
504fc79f0123db109a11b149c334b75c CVE-2019-0708 2019-09-09 10:20:47 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情
5b727692d583d4a6e7cdb0f670eac12a CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 2019-08-14 11:09:05 QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
54b48d765fccbc8dcfa3de0920459f8d CVE-2019-11707 2019-06-19 16:53:47 QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 详情
5b4d5fea09fbc2dca45be53f162d39de CVE-2019-0708 2019-05-31 17:03:19 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情

安全客 [TOP 30] CVES TIME TITLE URL
03afa8b4eaf4a0160784152fca5465b2 CVE-2021-27308 2021-07-11 14:22:05 4images 跨站脚本漏洞 详情
8b0ace4c54a7fc20a99d21e294152a99 CVE-2020-15261 2021-07-11 14:22:05 Veyon Service 安全漏洞 详情
d4f12de949590ab346b61986a29d8b4d CVE-2021-35039 2021-07-09 17:30:13 Linux kernel 安全漏洞 详情
f790e7ef3b5de3774d42ee32b9b10c01 CVE-2021-34626 2021-07-09 17:30:13 WordPress 访问控制错误漏洞 详情
71bf261eb2113d5ff870ab9bafd29f55 CVE-2021-25952 2021-07-09 17:30:13 just-safe-set 安全漏洞 详情
152793cbc104933584f5f227606f433d CVE-2021-0597 2021-07-09 17:30:13 Google Android 信息泄露漏洞 详情
75f153c327984fdfdd2d9c463a91371d CVE-2021-34430 2021-07-09 17:30:13 Eclipse TinyDTLS 安全特征问题漏洞 详情
9610336f1a41241cc8edea22a2780ec5 CVE-2021-3638 2021-07-09 17:30:13 QEMU 安全漏洞 详情
92fe450ae5c5dfa48072aca79d64ba63 CVE-2021-34614 2021-07-09 14:24:32 Aruba ClearPass Policy Manager 安全漏洞 详情
680a4218fc32922746717210664a3d62 CVE-2021-22144 2021-07-09 13:28:16 Elasticsearch 安全漏洞 详情
373930f669f2c1f7b61101a925304779 CVE-2021-24022 2021-07-09 13:28:16 Fortinet FortiManager 安全漏洞 详情
8556f9cd0699f88c1f6cca9a43463bdd CVE-2021-33012 2021-07-09 13:28:16 Allen Bradley Micrologix 1100输入验证错误漏洞 详情
480ae713cc88cc0985e1ebc079974d83 CVE-2021-0592 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8ef4dbefa6604ea2312621401c3ec0b9 CVE-2021-1598 2021-07-09 13:28:16 Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 详情
d6e8714c32df7a0dcc2f3910ec68b42d CVE-2021-20782 2021-07-09 13:28:16 Software License Manager 跨站请求伪造漏洞 详情
4e60b22611b8bb0fd7e532896498af29 CVE-2021-20781 2021-07-09 13:28:16 WordPress 跨站请求伪造漏洞 详情
5ca48ad58fb499c069ae0800c3b39875 CVE-2021-32961 2021-07-09 13:28:16 MDT AutoSave代码问题漏洞 详情
2ed854890b43f08e52340a1e8fe6d39f CVE-2021-0577 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8d63110e1475bbd245715b2ee1824d13 CVE-2021-31816 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
72bef2ae2f5db7dd066e1cdefa618dc5 CVE-2021-31817 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
1f7369b2609dbd2cd40d091f7de540cd CVE-2020-20217 2021-07-09 13:28:16 Mikrotik RouterOs 安全漏洞 详情
1793176eecc5813c3348f026dc9909c9 CVE-2020-28598 2021-07-09 13:28:16 PrusaSlicer 安全漏洞 详情
7f4cf34ceb545548dcfcc3c0e7120268 CVE-2021-32945 2021-07-09 13:28:16 MDT AutoSave加密问题漏洞 详情
58553eb00d6e3e83b633f09464c4e98a CVE-2021-29712 2021-07-09 13:28:16 IBM InfoSphere Information Server 跨站脚本漏洞 详情
d8e27ec42fb0b89998fcc006f49b249b CVE-2021-25432 2021-07-09 13:28:16 Samsung Members 信息泄露漏洞 详情
8f2adc6c247725bf2eb7f53256c93ea7 CVE-2021-25433 2021-07-09 13:28:16 Samsung Tizen安全漏洞 详情
8f949676124339eb6f64f9c607af5470 CVE-2021-25431 2021-07-09 13:28:16 Samsung Mobile Device Cameralyzer 访问控制错误漏洞 详情
069818a8958f9c158fcb0956ee32fc03 CVE-2021-25434 2021-07-09 13:28:16 Samsung Tizen 代码注入漏洞 详情
55b9126220b9722ff5d730d3996877e9 CVE-2021-32949 2021-07-09 13:28:16 MDT AutoSave 路径遍历漏洞 详情
ebab009fffdee3d360dcdff74b0ed061 CVE-2021-25435 2021-07-09 13:28:16 Samsung Tizen代码注入漏洞 详情

斗象 [TOP 30] CVES TIME TITLE URL
844719cf0bb4843aff73d2f33cc6dd0b CVE-2022-30190, CVE-2022-30136 2022-06-15 05:48:12 微软2022年6月补丁日漏洞通告 详情
8b47000e1abfbacdadb7df6f09152d89 CVE-2022-26134 2022-06-03 05:48:38 Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134) 详情
eebe93468b36d2ca24cf4b82136a5635 CVE-2022-30190 2022-05-31 13:57:17 Microsoft Windows MSDT 远程代码执行漏洞(CVE-2022-30190) 详情
95525e3f5907a776dc7cd4f87f2e2154 2022-05-23 07:11:04 Fastjson 反序列化漏洞 详情
945fd6e612634d9721f861833f1ecb75 CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923 2022-05-11 03:45:48 微软2022年5月补丁日漏洞通告 详情
e2938ff82d0cc152508e0240697def4c CVE-2022-1388 2022-05-06 05:53:04 F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388) 详情
bcf7253d2ee580c618737de137d370c4 CVE-2022-29464 2022-04-22 02:21:17 WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464) 详情
07c09799b08afb04c63a9de750b70aca CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904 2022-04-13 07:51:00 微软2022年4月补丁日漏洞通告 详情
f5b543501ed5679d423411edac502e24 CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 2022-04-08 03:49:31 VMware 产品多个高危漏洞通告 详情
f421bcdb306e2bc1ffbf58fcb024a0dd 2022-03-29 17:11:30 Spring 框架远程代码执行漏洞 详情
0473358d95e58c7c3f2e7db0109f56f4 2022-03-29 17:11:30 Spring Framework 远程代码执行漏洞(CVE-2022-22965) 详情
a888c948ca1172f8a06a3879479f1de4 CVE-2022-22965 2022-03-29 17:11:30 Spring Framework 远程代码执行漏洞(CVE-2022-22965) 详情
71ed541bb737196268b75c7ba435e1a9 2022-03-28 04:57:30 Spring Cloud Function SpEL表达式注入漏洞 详情
f7a5dcd376be777c6593a29b8ebd411a CVE-2022-0778 2022-03-18 07:09:22 OpenSSL拒绝服务漏洞(CVE-2022-0778) 详情
6c4124fed44906a79843cd2dd383c695 CVE-2022-0847 2022-03-15 03:32:03 Linux Kernel本地提权漏洞(CVE-2022-0847) 详情
a2795e4829bff16f108cf191eba663c3 CVE-2022-21990, CVE-2022-24508, CVE-2022-23277 2022-03-11 02:14:56 微软2022年3月补丁日漏洞通告 详情
d09f0641bf65c64a16d802cd78e14097 CVE-2022-0847 2022-03-08 08:23:08 Linux 内核本地提权漏洞(CVE-2022-0847) 详情
69052e2a8c09416f5df674f92cba25a6 CVE-2022-22947 2022-03-02 11:42:55 Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947) 详情
5f42b6f584a9ace426787dc8dfd6e6e5 2022-02-16 10:44:18 向日葵远程命令执行漏洞(CNVD-2022-10270) 详情
79556071f6236ab4674f75b3beee4d79 CVE-2022-24112 2022-02-11 06:13:35 Apache APISIX 远程代码执行漏洞 (CVE-2022-24112) 详情
485f2c57713f4a39830e8c2d01e43cfe CVE-2021-4034 2022-01-26 06:19:16 Linux Polkit 权限提升漏洞(CVE-2021-4034) 详情
0aa6eab412c0318b74c6a470ee774df1 CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 2022-01-12 03:44:50 微软2022年1月补丁日漏洞通告 详情
88a8c676b52a739c0335d7c21ca810a9 2022-01-06 08:19:17 MeterSphere 远程代码执行漏洞 详情
76cad61d2d5a8750a6a714ab2c6dbc97 CVE-2021-45232 2021-12-28 10:31:16 Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) 详情
af4f5f63390eb00de8705b5029d8c376 CVE-2021-44228, CVE-2021-45046 2021-12-14 01:56:52 Apache Log4j 远程代码执行漏洞 详情
43456ae172e45c12087c40c03d925e0e CVE-2021-44228 2021-12-11 03:21:34 Apache Log4j 远程代码执行漏洞 详情
392b133d98d6f61aee36ce6c8784f4df 2021-12-09 15:20:54 Apache Log4j 远程代码执行漏洞 详情
1e193280a8f45427c06cb4945be4f126 2021-12-07 06:48:55 Grafana 任意文件读取漏洞 详情
1911c90c4cf886d9867ff81b4756eb3f 2021-12-02 06:37:58 VMware vCenter 服务端请求伪造漏洞 详情
45a46bc77eb26e67020f43cf08f1fcc6 CVE-2021-21980, CVE-2021-22049 2021-11-26 03:52:06 VMware vCenter Server多个高危漏洞通告 详情

红后 [TOP 30] CVES TIME TITLE URL
60022e4c5aec4efe4296a0545e1c473f CVE-2022-20126 2022-06-27 20:03:36 Google Android 权限许可和访问控制问题漏洞 详情
269f08d65144d43b5f942f230dd65a5c CVE-2022-20129 2022-06-27 20:03:21 Google Android 输入验证错误漏洞 详情
8c3d62988e50a00021eb45b546616e3f CVE-2022-20131 2022-06-27 20:03:16 Google Android 信息泄露漏洞 详情
f1522cee7130e634c9a34c3d95ba8753 CVE-2022-20125 2022-06-26 20:02:17 Google Android 安全漏洞 详情
0dc019a7358ebd67f5a9fc37f2a1648e CVE-2022-20130 2022-06-26 20:02:12 Google Android 缓冲区错误漏洞 详情
d6fc3a86a5c3b9425bb1aa7222814647 CVE-2022-20124 2022-06-26 20:02:07 Google Android 权限许可和访问控制问题漏洞 详情
8b208bebd6095c4ceb0708ba3a1be0d4 CVE-2022-20132 2022-06-26 20:02:01 Google Android 缓冲区错误漏洞 详情
a580272180a42c8ef6a57d415e6729b4 CVE-2022-20127 2022-06-26 20:01:56 Google Android 资源管理错误漏洞 详情
c07b86a4cc67b3b84c7b03d6c591fac2 CVE-2022-20142 2022-06-26 20:01:51 Google Android 权限许可和访问控制问题漏洞 详情
614c5fbe4a28a4e2121ae27954f49d82 CVE-2022-20134 2022-06-26 20:01:50 Google Android 输入验证错误漏洞 详情
f1b2a7822ca6ef5ff49c6be73da68dc9 CVE-2022-20149 2022-06-26 20:01:39 Google Android 信息泄露漏洞 详情
42f549fcf65e76c80880f30e47968891 CVE-2022-20135 2022-06-26 20:01:39 Google Android 权限许可和访问控制问题漏洞 详情
5f51dac1d438c01ede440da51f78a704 CVE-2022-20146 2022-06-26 20:01:31 Google Android 安全漏洞 详情
769b47f48a30a3e18989f858bb05f701 CVE-2021-30327 2022-06-25 19:59:27 多款Qualcomm产品资源管理错误漏洞 详情
2cc848f450b76c3127ccd60d512fb8eb CVE-2021-30346 2022-06-25 19:59:19 多款Qualcomm产品配置错误漏洞 详情
130c8915b86879618833cc89e0b66b85 CVE-2021-30345 2022-06-25 19:59:14 多款Qualcomm产品配置错误漏洞 详情
2d45ec6dd1a8b3a762a530e23c2bc25c CVE-2021-30349 2022-06-25 19:59:09 多款Qualcomm产品访问控制错误漏洞 详情
846fbea9d823c97c002c565d0a83fb3d CVE-2021-35070 2022-06-25 19:59:04 多款Qualcomm产品信息泄露漏洞 详情
105dacfdce4afd00a1d960cf09acfa4f CVE-2021-35071 2022-06-25 19:58:59 多款Qualcomm产品缓冲区错误漏洞 详情
2129f43bd79223bbc961b04ddc060ae4 CVE-2021-35073 2022-06-25 19:58:54 Qualcomm 安全漏洞 详情
ead3668a907b875094b63225a21acf60 CVE-2021-35076 2022-06-25 19:58:49 Qualcomm 代码问题漏洞 详情
7d5d306824d31c388561404f90954d9a CVE-2021-35078 2022-06-25 19:58:45 Qualcomm多款产品 安全漏洞 详情
8ff4fdc25ebff09e45fc6400906f3cbb CVE-2021-35083 2022-06-24 19:56:21 Qualcomm 缓冲区错误漏洞 详情
b46edf8dd1937d86b742c9ad34e62a13 CVE-2021-46816 2022-06-24 19:56:17 Adobe Premiere Pro 缓冲区错误漏洞 详情
83248bb507c9ee986d87a089e9b86636 CVE-2021-30281 2022-06-24 19:55:29 多款Qualcomm产品访问控制错误漏洞 详情
137afe6705c37ac523069ae1e05be05d CVE-2021-35082 2022-06-24 19:55:19 Qualcomm多款产品 安全漏洞 详情
ed4222d1c5bc9fb31b3454d82c4c1c40 CVE-2022-24077 2022-06-24 19:55:15 Naver Cloud Explorer 代码问题漏洞 详情
3f3cd02b95abd65396b5fd1baae7661c CVE-2021-46818 2022-06-24 19:55:12 Adobe Media Encoder 缓冲区错误漏洞 详情
38badc63cf1354aad693fa6e42e56f65 CVE-2021-46817 2022-06-24 19:55:07 Adobe Media Encoder 缓冲区错误漏洞 详情
c0b38645b0532abd39b68f626856da47 CVE-2021-46812 2022-06-23 19:56:43 HUAWEI HarmonyOS 安全漏洞 详情

绿盟 [TOP 30] CVES TIME TITLE URL
652be8805294ef6e4b2451e48d40e7b1 CVE-2022-0592 2022-06-27 11:25:31 WordPress MapSVG Plugin SQL注入漏洞 详情
70002801306e466ad2d6b91eb5ef8afa CVE-2022-0625 2022-06-27 11:25:31 WordPress Admin Menu Editor Plugin跨站脚本漏洞 详情
d30582a914031b651bb7f08fbd053a65 CVE-2022-28533 2022-06-27 11:25:31 Medical Hub Directory Site SQL注入漏洞 详情
9488cada867d4a31d23f9437e3847376 CVE-2022-26835 2022-06-27 11:25:31 F5 BIG-IP路径遍历漏洞 详情
31effadca28eefba1cdc0cc2e14ea9b9 CVE-2022-24899 2022-06-27 11:25:31 Contao跨站脚本漏洞 详情
bf4df1d55be74a8b886deda97929f36e CVE-2022-29535 2022-06-27 11:25:31 ZOHO ManageEngine OpManager SQL注入漏洞 详情
552b75ad92da6bc80bb5dab820635759 CVE-2022-27360 2022-06-27 11:25:31 SpringBlade SQL注入漏洞 详情
07730a8b58e29147a6dac62f883676c8 CVE-2022-27359 2022-06-27 11:25:31 Foxit PDF Reader空指针解引用漏洞 详情
ce28f2954463db352779fd71a95e63c1 CVE-2022-27337 2022-06-27 11:25:31 Freedesktop Poppler拒绝服务漏洞 详情
e45377a24c8696e49c4c179ae0cc3671 CVE-2021-25268 2022-06-27 11:25:31 Sophos Firewall跨站脚本漏洞 详情
24a71d752b27fb57ae1857bb9ab189ed CVE-2021-25267 2022-06-27 11:25:31 Sophos Firewall跨站脚本漏洞 详情
ce7af177d5291440abec4647a7e57020 CVE-2022-29592 2022-06-27 11:25:31 Tenda TX9 Pro操作系统命令注入漏洞 详情
60f77f63e6677bd5465fd86d9fe751c3 CVE-2022-28463 2022-06-27 11:25:31 Imagemagick Studio ImageMagick缓冲区溢出漏洞 详情
37f981d7e0aaffee3f0bb075847e1454 CVE-2022-28545 2022-06-27 11:25:31 FUDforum跨站脚本漏洞 详情
038ab179182794a2fcc134a3075c2802 CVE-2021-23592 2022-06-27 09:27:57 topthink/framework不受信数据反序列化漏洞 详情
4d26376d6bd28c5f1b4ce9a41be8a42f CVE-2022-23802 2022-06-27 09:27:57 Joomla Guru信息泄露漏洞 详情
6d7930957a661534ce9670e7e460353b CVE-2022-0424 2022-06-27 09:27:57 WordPress Popup by Supsystic Plugin身份验证错误漏洞 详情
a3e5ca379eaef3d6f28711ceb5aeb482 CVE-2022-23205 2022-06-27 09:27:57 Adobe Photoshop越界写入漏洞 详情
2bfe3786864e7e0401adecfa750d1d37 CVE-2022-30286 2022-06-27 09:27:57 PyScript信息泄露漏洞 详情
7fb89db3d4b58a2263f8731a3d59f394 CVE-2021-20479 2022-06-27 09:27:57 IBM Cloud Pak System弱加密漏洞 详情
57a9fc3f103cedec74a43b3d317de3b6 CVE-2021-39023 2022-06-27 09:27:57 IBM Guardium Data Encryption信息泄露漏洞 详情
c89ffb1c249b3c3f476cd80afa314817 CVE-2021-42743 2022-06-27 09:27:57 Splunk Enterprise配置错误漏洞 详情
8b889e5d671844f4a0e73d081fc018ce CVE-2022-2 2022-06-27 09:27:57 Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121跨站脚本漏洞(CVE-2022-2 详情
759b3c8d0521b910ad4d034ccffc38ca CVE-2021-27765 2022-06-27 09:27:57 HCL BigFix Platform权限管理错误漏洞 详情
cc47511d3add11c05a8dc701285ab7ee CVE-2021-27759 2022-06-27 09:27:57 HCL BigFix Inventory跨站请求伪造漏洞 详情
206f298ed0fcb1f11b876d0b306fe3a7 CVE-2021-27760 2022-06-27 09:27:57 HCL Notes输入验证错误漏洞 详情
ab474402589fa32bd76749e96fed96df CVE-2021-27761 2022-06-27 09:27:57 HCL BigFix Platform弱加密漏洞 详情
bce16e7b0b8d0498f0504f88542c7e56 CVE-2019-25060 2022-06-27 09:27:57 WordPress WPGraphQL Plugin访问控制错误漏洞 详情
452c4f231b06a56104e1b6cde1831a26 CVE-2022-29421 2022-06-27 09:27:57 WordPress Countdown & Clock Plugin跨站脚本漏洞 详情
0f360e836abb170b0c3b5d0dfff3b051 CVE-2022-33995 2022-06-24 09:27:25 Devolutions Remote Desktop Manager路径遍历漏洞 详情

美国国家漏洞数据库(NVD) [TOP 30] CVES TIME TITLE URL
2d8701399bdb77d39590a5c4ce5aab6a CVE-2022-33913 2022-06-20 16:15:08 In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check. 详情
b5474ad4a82d47241c66796f244df67a CVE-2022-31795 2022-06-20 15:15:13 An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username (user), password (pw), and file-name (file) parameters and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands. 详情
c938afb59b5051ad4938e3c70fa04cae CVE-2022-31794 2022-06-20 15:15:13 An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands. 详情
aac73dfcfe0703fa6bdcccc590e2b8ac CVE-2022-31357 2022-06-17 14:15:08 Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=. 详情
461fecf8d0555d2850382eda6a7ef4fb CVE-2022-33756 2022-06-16 22:15:08 CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data. 详情
910852c4fd6b4fd695ae5e52c2e4d87f CVE-2022-33755 2022-06-16 22:15:08 CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users. 详情
78d8af472c95a7c68287fafb62c529e3 CVE-2022-33754 2022-06-16 22:15:08 CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. 详情
977ae893866df49a6332fdc496fc6972 CVE-2022-33753 2022-06-16 22:15:08 CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges. 详情
788f0fb42b25ca9e306b42c5156d9295 CVE-2022-33752 2022-06-16 22:15:08 CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. 详情
3a183ec382d28ff7481c42c09b8ec82c CVE-2022-33751 2022-06-16 22:15:08 CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data. 详情
10db4526401b7c1a2acbf3041c3808ea CVE-2022-31384 2022-06-16 17:15:08 Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php. 详情
a2bca594e0dafa9ba7fffda056251a64 CVE-2022-31383 2022-06-16 17:15:08 Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php. 详情
0f28642793b03a817c9296b96b80779c CVE-2022-31382 2022-06-16 17:15:08 Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php. 详情
146f2ab2815752b6a4f926d62a6463f5 CVE-2022-31908 2022-06-16 15:15:09 Student Registration and Fee Payment System v1.0 is vulnerable to SQL Injection via /scms/student.php. 详情
fff8f7290f84ca60175cabb12535ae6a CVE-2022-31906 2022-06-16 15:15:09 Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ofrs/classes/Master.php. 详情
e47dcb8c2f32e62be26bca7d3d910df5 CVE-2022-31849 2022-06-16 15:15:09 MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code execution (RCE) vulnerability which is exploitable via a crafted POST request. 详情
f7f8435147fbfaeed89abb5ad5eba043 CVE-2022-32992 2022-06-15 17:15:09 Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the tname parameter at /admin/operations/tax.php. 详情
8332d235feb1cbfa30771e7f6ced0f04 CVE-2022-32991 2022-06-15 17:15:09 Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the eid parameter at welcome.php. 详情
9d325baf5fa1ff4bc2c591885ba61723 CVE-2022-33140 2022-06-15 15:15:08 The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments. 详情
6f62c45355df0d0bcccffc7377cb4feb CVE-2022-32243 2022-06-14 23:15:09 When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. 详情
7ef53f22cc67e70ec82b2937861995b1 CVE-2022-32242 2022-06-14 23:15:09 When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. 详情
56dbd21af3b5a9505c488b5da939a49e CVE-2022-32241 2022-06-14 23:15:09 When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. 详情
74b14f67a5464753fe90213ddc8dd298 CVE-2022-32240 2022-06-14 23:15:09 When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. 详情
cfff1b0de8aa8fff2e402423d0724c69 CVE-2022-32239 2022-06-14 20:15:08 When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. 详情
452fc7aee439a2e4c59b06e682a07093 CVE-2022-32238 2022-06-14 20:15:08 When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. 详情
52e98c6eede1844ee366b992ea346c14 CVE-2022-32237 2022-06-14 20:15:07 When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. 详情
e1de8a2ac91f468c37615d6fa4c74de9 CVE-2022-31590 2022-06-14 19:15:07 SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system. 详情
c5e32ce6f506da18607a218a1c4c2ac7 CVE-2022-31589 2022-06-14 19:15:07 Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted. 详情
cdfc4b6ff1a358b408f49a9ddf5050c2 CVE-2022-32367 2022-06-14 18:15:08 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiry&id=. 详情
d284fcc7e988b41ccf130d3cf7257285 CVE-2022-32366 2022-06-14 18:15:08 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/view_field.php?id=. 详情




赞助途径