Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/05/01 12:0 a.m.117 views

Open Cascade OCCT 代码问题漏洞

Open Cascade OCCT is a 3D modeling and geometry computation kernel from the French company Open Cascade. A code issue vulnerability exists in Open Cascade OCCT version V800rc5, which stems from a flaw in the VrmlDataIndexedFaceSet::TShape function in the VRML V2.0 parser, as malformed VRML inputs...

7.5CVSS5.9AI score0.00219EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.108 views

commonmark 跨站脚本漏洞

commonmark is a highly extensible PHP Markdown parser open-sourced by The League of Extraordinary Packages, with full support for the CommonMark and GFM specifications. A cross-site scripting vulnerability exists in commonmark versions 1.5.0 through 2.6.x. The vulnerability stems from the...

6.4CVSS6.1AI score0.00287EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.102 views

SimpleXLSX 跨站脚本漏洞

SimpleXLSX is a tool by the individual developer Sergey Shuchkin. It is used to parse and retrieve data from Excel XLSx files. A cross-site scripting vulnerability exists in SimpleXLSX version 1.0.12 up to and including version 1.1.12, which stems from the execution of arbitrary JavaScript code...

6.8CVSS6.2AI score0.00452EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.101 views

LogicalDOC Enterprise 安全漏洞

LogicalDOC Enterprise is a document management system from LogicalDOC Italy. A security vulnerability exists in LogicalDOC Enterprise version 7.7.4, which originates from insufficient validation of binary paths when modifying system settings, and may result in the execution of operating system...

8.7CVSS6.9AI score0.0035EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.97 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.30 contained a security vulnerability, which was caused by a problem with the sanitizeenvlines function in the hermescli/config.py file. This vulnerability...

6.3CVSS5.8AI score0.00266EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.97 views

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O. An attacker exploiting this vulnerability could bypass certain features. The following products and...

8.2CVSS7.8AI score0.00347EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.96 views

biopython 代码问题漏洞

biopython is a Python library open-sourced by the Biopython Project. A code issue vulnerability exists in biopython version 186 and earlier, which stems from Bio.Entrez allowing doctype XXE...

4.9CVSS6.8AI score0.00293EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.95 views

RAGFlow path traversal vulnerability

RAGFlow is an open-source RAG engine based on deep document understanding, developed by InfiniFlow. Versions of RAGFlow prior to 0.23.1 contained a path traversal vulnerability. This vulnerability stemmed from an arbitrary file overwrite vulnerability in the MinerU parser, which could lead to...

9.8CVSS6.3AI score0.00913EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/12/21 12:0 a.m.93 views

WordPress plugin CURCY cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.2AI score0.00517EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/01/10 12:0 a.m.93 views

MediaWiki 跨站脚本漏洞

MediaWiki is a free and free-to-use web-based wiki engine from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.A cross-site scripting vulnerability exists in MediaWiki, which stems from the product's Special:CheckUserLog...

4.8CVSS5.6AI score0.00647EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.92 views

LibOSDP 安全漏洞

LibOSDP is a goToMain open source cross-platform open source implementation of the IEC 60839-11-5 Open Surveillance Device Protocol. Designed to improve interoperability between access control and security products. A security vulnerability exists in versions prior to LibOSDP 3.0.0 that stems fro...

5.1CVSS6.4AI score0.00126EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.91 views

WordPress plugin Flex QR Code Generator 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

9.8CVSS7.4AI score0.00865EPSS
Exploits3References4
CNNVD
CNNVD
added 2025/08/29 12:0 a.m.91 views

WordPress plugin Booster for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file upload vulnerability exists in the WordPress Booster for WooCommerce Plugin that stems from a lack of file type validation in the addfilestoorder function, which can be...

9.8CVSS8.1AI score0.00686EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.91 views

WordPress Plugin CityLogic 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress Plugin CityLogic has a cross-site...

4.3CVSS6.5AI score0.00368EPSS
Exploits0References16
CNNVD
CNNVD
added 2022/08/31 12:0 a.m.91 views

ZEIT Next.js 代码问题漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. A security vulnerability exists in ZEIT Next.js that stems from the fact that when a specific request is sent to the Next.js server, it may cause an unhandledRejection in the server,...

5.3CVSS8.5AI score0.00999EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.90 views

WordPress plugin Booked 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.7CVSS5.8AI score0.00354EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.89 views

Radare2 安全漏洞

Radare2 is an open-source reverse framework for Unix geeks developed by Radare. Previous versions of Radare2, up to bc5a890, contained security vulnerabilities. These vulnerabilities stemmed from command injection in the afsv/afsvj command path. A specially crafted ELF binary could embed maliciou...

8.5CVSS6AI score0.00915EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/07/17 12:0 a.m.89 views

Livewire 代码注入漏洞

Livewire is Livewire open source a full stack framework for Laravel that allows you to build dynamic UI components without leaving PHP. A code injection vulnerability exists in Livewire 3.6.3 and earlier versions, which stems from mishandling of component property updates and could lead to remote...

9.8CVSS7.6AI score0.95376EPSS
Exploits5References4
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.89 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a type obfuscation vulnerability that stems from the presence of type obfuscation in V8. No detailed vulnerability details are provided at this time...

8.8CVSS8.8AI score0.00833EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.84 views

NVIDIA CUDA toolkit 代码问题漏洞

NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. A security vulnerability exists in NVIDIA CUDA Toolkit, which can be exploited by an attacker to cause arbitrary code to be executed with the same...

7.3CVSS6AI score0.00159EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/14 12:0 a.m.84 views

HDF5 安全漏洞

HDF5 is a library of HDF open source . HDF5 has a buffer overflow vulnerability , the vulnerability stems from the H5Z scaleoffsetdecompressonebyte function fails to correctly validate the length of the input data size , an attacker can use this vulnerability to cause a denial of service...

7.8CVSS7.2AI score0.00364EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/05/17 12:0 a.m.84 views

WordPress 路径遍历漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A path traversal vulnerability exists in WordPress Core version 6.2 and earlier versions. An attacker exploits...

6.1CVSS6.1AI score0.79527EPSS
Exploits7References7
CNNVD
CNNVD
added 2024/11/25 12:0 a.m.83 views

Cindori Sensei Mac Cleaner 安全漏洞

Cindori Sensei Mac Cleaner is a Mac cleaner, monitor, and optimizer application from Cindori, Inc. A security vulnerability exists in Cindori Sensei Mac Cleaner that stems from the presence of a local elevation of privilege issue, which allows an attacker to perform a variety of actions as root,...

7.8CVSS6.9AI score0.00151EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/19 12:0 a.m.82 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue with ptpocpwatchdog, which could lead to memory corruption...

7.8CVSS6AI score0.00136EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/26 12:0 a.m.82 views

NuProcess 安全漏洞

NuProcess is a low-overhead, non-blocking I/O, external process implementation of Java from Brett Wooldridge's personal developer. NuProcess 1.2.0 and later, and versions prior to 2.0.5, are vulnerable to command injection, which stems from the failure of a network system or product to properly...

9.8CVSS9.3AI score0.01177EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.81 views

html5_snmp SQL注入漏洞

html5snmp is an HTML project developed by Pongtud Bualerd. Version 1.11 of html5snmp contains a SQL injection vulnerability. This vulnerability stems from the RouterID and RouterIP parameters, which may allow attackers to extract or modify database information...

9.1CVSS5.9AI score0.0037EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/08/19 12:0 a.m.81 views

gomatrixserverlib 安全漏洞

gomatrixserverlib is a Go library open-sourced by matrix.org. Used for common functions required by the matrix server. A security vulnerability exists in gomatrixserverlib, which stems from the inability of its power level parsing program to parse the "eventsdefault" keyword of the...

8.8CVSS7.7AI score0.0065EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.80 views

Kubernetes 安全漏洞

Kubernetes K8s is an open source system of Kubernetes open source for automating the deployment, scaling, and management of containerized applications. Kubernetes suffers from a trust management issue vulnerability that stems from the certificate validation logic not properly validating the chain...

6.8CVSS6.7AI score0.00288EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/20 12:0 a.m.80 views

vLLM 代码问题漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A code issue vulnerability exists in vLLM versions 0.6.5 through 0.8.4, which stems from PyNcclPipe KV cache transfers not properly limiting the scope of TCPStore interface access...

9.8CVSS7.8AI score0.00959EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.80 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ versions prior to 3.2.10, which stems from the ability of an attacker to trigger a file download on a victim's machine by embedding the file in an...

7.2CVSS6.3AI score0.02163EPSS
Exploits3References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.79 views

Jenkins Active Directory Plugin 安全漏洞

The Jenkins Active Directory Plugin is an identity integration plugin developed under open source by Jenkins. Versions of the Jenkins Active Directory Plugin 2.41 and earlier contained a security vulnerability, which was caused by unvalidated deserialization of LDAP reference data...

6.6CVSS5.8AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/08/15 12:0 a.m.79 views

WordPress plugin VR Calendar 操作系统命令注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An operating system command injection...

9.8CVSS8.8AI score0.12442EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.77 views

EnGenius EnShare Cloud Service 操作系统命令注入漏洞

EnGenius EnShare Cloud Service is a cloud-based network management platform from EnGenius Corporation. An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier, which stems from an OS command injection attack due to an uncleared path parameter in t...

10CVSS7.2AI score0.12334EPSS
Exploits2References6
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.77 views

Google Chrome 安全漏洞

V8 is the JavaScript engine in Google Chrome, which is used to parse and execute JavaScript code in web pages. A type confusion vulnerability exists in Google Chrome V8, which can be exploited by an attacker to cause a heap memory corruption and potentially execute arbitrary code...

8.8CVSS9.1AI score0.02578EPSS
Exploits2References8
CNNVD
CNNVD
added 2022/11/01 12:0 a.m.77 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server 3.6 and earlier versions, which...

5.7CVSS5.9AI score0.00634EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.77 views

WordPress SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. Modern Events Calendar Lite Plugin is a WordPress open source application plugin. WordPress Modern Events Calendar Lite...

9.8CVSS6.2AI score0.728EPSS
Exploits7References6
CNNVD
CNNVD
added 2024/04/29 12:0 a.m.76 views

WordPress plugin XStore Core SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

9.3CVSS7.9AI score0.03553EPSS
Exploits3References5
CNNVD
CNNVD
added 2021/09/17 12:0 a.m.76 views

Wasmtime 缓冲区错误漏洞

Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. Wasmtime suffers from a buffer error vulnerability that stems from an invalid free and out-of-bounds read/write error when running Wasm due to a memory unsoundness vulnerability in...

6.3CVSS6.6AI score0.003EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/11/22 12:0 a.m.74 views

Super Xray 安全漏洞

Super Xray is an excellent vulnerability scanning tool by 4ra1n individual developers. A security vulnerability exists in Super Xray version 0.2-beta Linux and Mac OS systems, which can be exploited by attackers to elevate privileges...

7.8CVSS6.8AI score0.00381EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/12/20 12:0 a.m.74 views

Blackmagic Design DaVinci Resolve 安全漏洞

Blackmagic Design DaVinci Resolve is an all-in-one software tool for editing, color correction, visual effects, motion graphics and audio post-production.A code execution vulnerability exists in Blackmagic Design DaVinci Resolve, which could be exploited by attackers to execute arbitrary code in...

9.8CVSS6.5AI score0.17945EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/08/16 12:0 a.m.73 views

WordPress plugin StoryChief 代码问题漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin StoryChief file upload vulnerability , the vulnerability stems from the...

9.8CVSS6.9AI score0.37349EPSS
Exploits8References5
CNNVD
CNNVD
added 2025/04/26 12:0 a.m.73 views

WordPress plugin Aeropage Sync for Airtable 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A file upload vulnerability...

8.8CVSS7AI score0.11399EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.73 views

WordPress Plugin Avada 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS8.4AI score0.27997EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.72 views

Microsoft SQL Server 命令注入漏洞

Microsoft SQL Server is a large commercial database system from Microsoft that is used under Microsoft Windows. A command injection vulnerability exists in Microsoft SQL Server. An attacker can exploit the vulnerability to elevate privileges. The following products and versions are...

8.8CVSS7.6AI score0.01249EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/23 12:0 a.m.72 views

Apache Hive和Apache Spark 安全漏洞

Apache Hive and Apache Spark are both products of the Apache Foundation, USA.Apache Hive is a suite of data warehouse software based on Hadoop Distributed Systems Infrastructure. The software provides a data integration approach and a high-level query language to support large-scale data analysis...

5.9CVSS6.5AI score0.01468EPSS
Exploits1References9
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.72 views

HP PC 代码问题漏洞

HP PC is a computer product from Hewlett-Packard HP in the United States. A security vulnerability exists in HP PC that stems from a potential hole in the audio package, which could allow privileged escalation...

8.8CVSS6.7AI score0.00167EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/27 12:0 a.m.72 views

nsupdate.info 安全漏洞

nsupdate.info is a free dynamic DNS service in the nsupdate.info development open source. A security vulnerability exists in nsupdate.info, which stems from a mishandling of the parameter CSRFCOOKIEHTTPONLY that results in a cookie without the "httponly" flag...

5.3CVSS5.1AI score0.00612EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/10 12:0 a.m.71 views

Hoverfly 安全漏洞

Hoverfly is a lightweight open source API emulation tool open-sourced by SpectoLabs. A security vulnerability exists in Hoverfly 1.11.3 and earlier versions that stems from command injection and could lead to remote code execution...

9.8CVSS7.9AI score0.10543EPSS
Exploits7References6
CNNVD
CNNVD
added 2025/08/18 12:0 a.m.71 views

NamelessMC 信息泄露漏洞

NamelessMC is a free, easy to use and powerful website software from the NamelessMC team. For your Minecraft server, which contains tons of features. An information disclosure vulnerability exists in NamelessMC versions prior to 2.2.4, which stems from the disclosure of sensitive information and...

5.3CVSS6.1AI score0.00399EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.71 views

LibreNMS 跨站脚本漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. LibreNMS suffers from a cross-site scripting vulnerability that originates from a stored...

5.4CVSS5.8AI score0.00396EPSS
Exploits1References2
Total number of security vulnerabilities5000