Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/06/28 12:0 a.m.42 views

GLPI SQL注入漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, even toner cartridges a...

9.8CVSS6.1AI score0.0858EPSS
Exploits3References5
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.42 views

rulex 安全漏洞

rulex is a new, portable regular expression language open-sourced by rulex. A security vulnerability exists in rulex versions prior to 0.4.3, which stems from a possible stack overflow when parsing untrusted rulex expressions, potentially leading to a denial of service attack...

6.5CVSS6.5AI score0.00879EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/05/12 12:0 a.m.42 views

Cambium Networks cnMaestro 操作系统命令注入漏洞

Cambium Networks cnMaestro is a cloud-based or native software platform from Cambium Networks for secure end-to-end network control. Cambium Networks cnMaestro suffers from an operating system command injection vulnerability. An attacker could exploit this vulnerability to upload specially crafte...

9.3CVSS7.5AI score0.00762EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.42 views

WordPress plugin Admin Word Count Column路径遍历漏洞

WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. PHP is a scripting language that executes on the server side. WordPress plugin Admin An arbitrary file reading vulnerability exists in Word Count Column 2.2 and earlier versions, which...

9.8CVSS5.7AI score0.22133EPSS
Exploits2References4
CNNVD
CNNVD
added 2022/03/25 12:0 a.m.42 views

CheckMK Raw Edition 安全漏洞

tribe29 CheckMK Raw Edition is a comprehensive and flexible IT monitoring system from tribe29, Germany. A security vulnerability exists in CheckMK Raw Edition that originates from a successful exploit that requires the use of valid credentials or a user with the administrator role to hijack a...

8.8CVSS7.8AI score0.03459EPSS
Exploits2References4
CNNVD
CNNVD
added 2022/02/18 12:0 a.m.42 views

Sourcegraph 代码注入漏洞

Sourcegraph is an open source code search and navigation tool from Sourcegraph, Inc. Sourcegraph is vulnerable to a code injection vulnerability that could be exploited by attackers to cause remote code execution...

8.8CVSS6.2AI score0.7431EPSS
Exploits8References11
CNNVD
CNNVD
added 2021/10/27 12:0 a.m.42 views

Adobe Prelude 代码问题漏洞

Adobe Prelude is a video recording and capture tool designed for intuitive and efficient media organization and metadata entry to quickly tag and transcode video footage and quickly create rough cuts.Adobe Prelude 10.1 and earlier versions are vulnerable to a null pointer dereference. An attacker...

5.5CVSS5.7AI score0.01186EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/05/21 12:0 a.m.42 views

Zope 路径遍历漏洞

Zope is a set of object-oriented, open source web application servers written in the Python language by the Zope ZOPE community. A security vulnerability exists in Zope in versions prior to 4.6 and 5.2 that allows untrusted users to trigger the vulnerability by adding sites that edit Zope page...

8.8CVSS7.8AI score0.01843EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.41 views

Ollama security vulnerabilities

Ollama is an open-source tool developed by Ollama that can be run locally, used for managing and customizing large language models. Version 0.12.10 of Ollama contains a security vulnerability, which stems from issues with the GGUF decoder. This vulnerability could allow remote attackers to trigge...

7.5CVSS5.8AI score0.04549EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.41 views

N-able N-central 安全漏洞

N-able N-central is an RMM platform from N-able Canada Inc. provides large-scale management, automation and orchestration capabilities for sophisticated MSPs and IT professionals. A security vulnerability exists in N-able N-central versions prior to 2025.4 that stems from generating session IDs f...

6.9CVSS6.8AI score0.36287EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/09/13 12:0 a.m.41 views

RPi-Jukebox-RFID 代码注入漏洞

RPi-Jukebox-RFID is a contactless jukebox for the Raspberry Pi from the individual developer Micz Flor in Germany. It can play audio files, playlists, podcasts, web streams and spotify triggered by RFID cards. A code injection vulnerability exists in RPi-Jukebox-RFID version 2.8.0 and earlier,...

5.4CVSS4.7AI score0.00631EPSS
Exploits3References6
CNNVD
CNNVD
added 2025/09/05 12:0 a.m.41 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a NULL pointer dereference in the media/iris module...

5.5CVSS6.2AI score0.00119EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/18 12:0 a.m.41 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from powerpc rtas not handling the MSR HV bit correctly, which could lead to a crash...

5.5CVSS6AI score0.00179EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/18 12:0 a.m.41 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from dwpcieepinit not freeing EPC memory, which could lead to a memory leak...

5.5CVSS6.3AI score0.00159EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.41 views

Splunk Cloud Platform和Splunk Enterprise 安全漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk, Inc. of the U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. Splunk Cloud Platform and Splunk Enterprise ha...

8.8CVSS6.8AI score0.01084EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.41 views

Citrix Systems NetScaler Gateway和NetScaler ADC 安全漏洞

Citrix Systems NetScaler Gateway Citrix Systems Gateway and Citrix Systems NetScaler ADC are both products of Citrix Systems, Inc.Citrix Systems NetScaler Gateway is a secure remote access solution. The solution provides administrators with application-level and data-level controls to enable user...

8.1CVSS6.3AI score0.00422EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/11 12:0 a.m.41 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab versions 12.5 up to and including...

9.6CVSS9.3AI score0.00911EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/09/19 12:0 a.m.42 views

Chicheng JFLow 访问控制错误漏洞

Chicheng JFLow is a workflow engine form from China Chicheng Chicheng. An access control error vulnerability exists in Chicheng JFLow version 2.0.0, which stems from a parameter oid in file /WF/Ath/EntityMutliFileLoad.do that can lead to improper access control...

5.3CVSS4.9AI score0.00334EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/18 12:0 a.m.41 views

WordPress Plugin Salient Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

7.5CVSS6.6AI score0.00632EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.41 views

Rails Security Vulnerabilities

Rails is a Ruby-based open source web application framework from the Rails team. A security vulnerability exists in Rails versions prior to 7.1.0 through 7.1.3.1, which stems from a Regular Expression Denial of Service ReDoS vulnerability in the Accept header parsing routine of Action Dispatch...

7.5CVSS6.7AI score0.01498EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/03/23 12:0 a.m.41 views

notrinoserp SQL注入漏洞

notrinoserp is a web-based ERP by Phương Individual Developer, an accounting system written in PHP and MySql. A SQL injection vulnerability exists in notrinoserp version 0.7, which originates from the OrderNumber parameter in /NotrinosERP/sales/customerdelivery.php contains a SQL injection...

8.8CVSS8.2AI score0.03088EPSS
Exploits4References8
CNNVD
CNNVD
added 2023/01/14 12:0 a.m.41 views

Publify 输入验证错误漏洞

Publify is a simple but full-featured web publishing software. versions of Publify prior to 9.2.10 are vulnerable to an input validation error, which stems from the presence of an integer overflow issue. No detailed vulnerability details are currently available...

9.8CVSS7.8AI score0.30778EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/01/14 12:0 a.m.41 views

Publify 安全漏洞

Publify is a simple but full-featured web publishing software. A security vulnerability exists in Publify versions prior to 9.2.10 that stems from insecure storage of sensitive information...

6.5CVSS5.2AI score0.00562EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/16 12:0 a.m.41 views

Dromara HuTool 资源管理错误漏洞

Hutool is a small but comprehensive library of Java tools for the Chinese Dromara community. A resource management error vulnerability exists in Dromara HuTool version 5.8.10 and earlier. An attacker could exploit this vulnerability to cause resource consumption...

7.5CVSS7.3AI score0.00897EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.41 views

pgAdmin 代码注入漏洞

pgAdmin 4 is a reliable and comprehensive database design and management software for PostgreSQL. A remote code execution vulnerability exists in pgAdmin 4. The vulnerability is required in Windows environments where, due to lax privilege checks by the developer, an attacker can exploit the...

8.8CVSS8.6AI score0.79933EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/08 12:0 a.m.41 views

Yauaa 安全漏洞

Yauaa is a java library from the personal developer Niels Basjes. It is used for UserAgent analysis. A security vulnerability exists in Yauaa, which stems from its introduction of a client-side hint analysis feature that causes applications to crash when the Yauaa library throws an...

7.5CVSS7.2AI score0.00738EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.41 views

VMware open-vm-tools 后置链接漏洞

VMware open-vm-tools is a set of services and modules from VMware, Inc. It includes kernel modules to enhance the performance of virtual machines running Linux or other VMware-supported Unix-like guest operating systems. A security vulnerability exists in VMware open-vm-tools version...

7CVSS6.9AI score0.00247EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.41 views

WordPress plugin Form Maker by 10Web SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

7.2CVSS7.2AI score0.01015EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/10/06 12:0 a.m.41 views

FlyteAdmin 信任管理问题漏洞

FlyteAdmin is a control plane for Flyte open source. Responsible for managing entities tasks, workflows, startup plans and managing workflow execution. An information disclosure vulnerability exists in Flyte FlyteAdmin versions prior to 1.1.44, which stems from the fact that users who enable the...

7.5CVSS6.2AI score0.0067EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.41 views

NextAuth.js 授权问题漏洞

NextAuth.js is an authentication for Next.js. NextAuth.js version v3.0.2 is vulnerable to authorization issues, which can be exploited by attackers to perform unauthorized actions...

8.1CVSS7AI score0.006EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.41 views

Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader is a PDF reader from Foxit China.A remote code execution vulnerability exists in Foxit PDF Reader Annotation, which can be exploited by attackers to execute code in the context of the current process...

7.8CVSS6.6AI score0.01065EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.41 views

Red Hat search-api 资源管理错误漏洞

Red Hat search-api is a software component from Red Hat that allows developers to seamlessly introduce search functionality into websites and applications. It provides back-end tools for indexing documents, querying various types of data, managing cluster configurations, viewing search analytics,...

6.5CVSS6.5AI score0.00822EPSS
Exploits0References11
CNNVD
CNNVD
added 2022/05/10 12:0 a.m.41 views

Microsoft Windows Network File System 输入验证错误漏洞

Microsoft Windows Network File System is a file sharing solution from Microsoft that allows you to transfer files between computers running Windows Server and UNIX operating systems using the NFS protocol. An input validation error vulnerability exists in Microsoft Windows Network File System. Th...

9.8CVSS8.4AI score0.76766EPSS
Exploits3References5
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.41 views

mitmproxy 环境问题漏洞

mitmproxy is an interactive, SSL/TLS-enabled interceptor proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. A security vulnerability exists in mitmproxy version 7.0.4 and prior versions, which can be exploited by malicious clients or servers to perform request smuggling attacks vi...

9.8CVSS8.2AI score0.01582EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/10/25 12:0 a.m.41 views

Solarwinds Kiwi Syslog Server 代码问题漏洞

Solarwinds Kiwi Syslog Server is an affordable Syslog management tool for network and system engineers from Solarwinds USA. It is used to receive syslog messages and Snmp traps from network devices routers, switches, firewalls, etc. and Linux®/Unix® hosts. A code issue vulnerability exists in the...

6.7CVSS7.3AI score0.00265EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/10/04 12:0 a.m.41 views

Cobbler 安全漏洞

Cobbler is a Linux installation server that allows for quick setup of network installation environments.Cobbler is vulnerable to authorization issues in versions prior to 3.3.0.The vulnerability stems from a lack of authentication measures or insufficient authentication strength in the network...

7.5CVSS5.7AI score0.01307EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/04/23 12:0 a.m.41 views

jquery-plugin-query-object 安全漏洞

jquery-plugin-query-object is an application. It is used for query string modification and creation in jQuery. A security vulnerability exists in jquery-plugin-query-object 2.2.3, which stems from an improperly controlled modification of the object prototype property that allows a malicious user ...

8.8CVSS7.8AI score0.04186EPSS
Exploits2References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.40 views

Nextcloud Server 访问控制错误漏洞

NextCloud Server is an open-source NextCloud server program. Versions of NextCloud Server from 32.0.0 to 32.0.9 and from 33.0.0 to 33.0.3 had a access control vulnerability due to improper sharing token access controls. This vulnerability could allow malicious users to access temporarily uploaded...

6.3CVSS5.3AI score0.00231EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.40 views

SGH SQL injection vulnerability

SGH is a loan fund management PHP script developed by Geraked. Version 0.1.0 of SGH contains an SQL injection vulnerability, which arises from improper handling of the id parameter in the management interface. This vulnerability may lead to SQL injection attacks...

8.8CVSS5.9AI score0.00297EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.40 views

Beetel 777VR1 Access Control Vulnerability

Beetel 777VR1 is a router produced by the Beetel company. Versions of Beetel 777VR1 starting from 01.00.09/01.00.0955 and earlier have a vulnerability related to access control. This vulnerability stems from the lack of authentication in the UART interface, which may allow physical device attacks...

6.4CVSS6.6AI score0.00293EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.40 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a missing memory copy in the RISC-V architecture kasaninit, which could lead to page faults...

6AI score0.00197EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.40 views

Akinsoft TaskPano 安全漏洞

Akinsoft TaskPano is a team task and project management platform from Akinsoft Turkey. A security vulnerability exists in Akinsoft TaskPano versions prior to s1.06.06, which stems from an improperly restricted authentication attempt that could lead to authentication bypass...

8.6CVSS6.8AI score0.00411EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.40 views

Microsoft SQL Server SQL注入漏洞

Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is applied under the Microsoft Windows system. A SQL injection vulnerability exists in Microsoft SQL Server. An attacker can exploit the vulnerability to elevate privileges. The following products and...

8.8CVSS7.5AI score0.01029EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.40 views

WordPress plugin UltraAddons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS8.3AI score0.00484EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/24 12:0 a.m.40 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 跨站脚本漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab Enterprise Edition EE and GitLab...

8.7CVSS5.4AI score0.00472EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.40 views

Microchip TimeProvider 4100 操作系统命令注入漏洞

Microchip TimeProvider 4100 is a gateway clock from Microchip, Inc. A security vulnerability exists in the Microchip TimeProvider 4100 prior to version 2.4.7 that stems from improper neutralization of special elements of operating system commands, resulting in OS command injection...

8.8CVSS7AI score0.1501EPSS
Exploits3References5
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.40 views

Microsoft Visual Studio and Microsoft .NET Security Vulnerabilities

Microsoft Visual Studio and Microsoft .NET are both products of Microsoft Corporation, USA. Microsoft Visual Studio is a family of development tool suites and a fundamentally complete set of development tools that includes most of the tools needed throughout the software lifecycle. Microsoft .NET...

7.3CVSS6.8AI score0.01292EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/21 12:0 a.m.40 views

GNOME Remote desktop 安全漏洞

GNOME Remote desktop is a remote desktop software from GNOME open source. A security vulnerability exists in GNOME Remote desktop that stems from insufficient authentication of the session agent, resulting in the system RDP TLS certificates and keys being potentially exposed to unauthorized users...

7.5CVSS7.5AI score0.00569EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/17 12:0 a.m.40 views

Honeywell Experion Server 安全漏洞

Honeywell Experion Server is a high-performance industrial control system server from Honeywell, primarily used in the Experion Process Knowledge System PKS platform. A security vulnerability exists in Honeywell Experion Server, which stems from the fact that the server's receipt of a malformed...

8.1CVSS7.7AI score0.00746EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.40 views

Microsoft SharePoint 安全漏洞

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...

6.8CVSS6.4AI score0.01395EPSS
Exploits0References2
Total number of security vulnerabilities5000