Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2025/12/17 12:0 a.m.15 views

Mattermost Desktop App 安全漏洞

Mattermost Desktop App is a messaging desktop application from Mattermost USA. A security vulnerability exists in Mattermost Desktop App versions prior to 6.0.0, which stems from the failure to enable the hardened runtime when packaging for the Mac App Store, and could result in inheriting TCC...

3.9CVSS6.6AI score0.00093EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.15 views

WordPress plugin Fancy Product Designer 信息泄露漏洞

WordPress Fancy Product Designer plugin is an e-commerce plugin designed for the WordPress platform, mainly used to implement the product online customization function. WordPress Fancy Product Designer plugin has an information disclosure vulnerability, the vulnerability stems from the url...

5.9CVSS6.2AI score0.0026EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.15 views

Line Corporation Line Client For Ios 安全漏洞

Line Corporation Line Client For Ios is a communication application from Line Corporation, Japan. A security vulnerability exists in Line Corporation Line Client For Ios prior to version 14.14, which originates from in-app browser address bar spoofing and may lead to phishing attacks...

4.3CVSS6.6AI score0.00177EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.15 views

WordPress plugin WP Directory Kit SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...

7.5CVSS7.5AI score0.00312EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.15 views

CampCodes Retro Basketball Shoes Online Store 安全漏洞

CampCodes Retro Basketball Shoes Online Store is an online store for retro basketball shoes from CampCodes, Inc. A security vulnerability exists in Campcodes Retro Basketball Shoes Online Store version 1.0, which stems from incorrect manipulation of the parameter productimage in the file...

7.2CVSS5AI score0.00297EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/01 12:0 a.m.15 views

Kerlink KerOS 安全漏洞

Kerlink KerOS is an operating system from the French company Kerlink. A security vulnerability exists in Kerlink KerOS versions prior to 5.12 that stems from the wmp-agent service not properly validating magic URLs, which could allow an unauthenticated remote attacker to execute arbitrary OS...

8.1CVSS7.6AI score0.00452EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/27 12:0 a.m.15 views

Apache SkyWalking 安全漏洞

Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A cross-site scripting vulnerability exists in Apache SkyWalking version 10.2.0 and earlier, which stems from not...

6.1CVSS5.7AI score0.00625EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.15 views

Cesanta Mongoose 安全漏洞

Cesanta Mongoose is a suite of embedded server libraries from the Irish company Cesanta, which includes functionality for TCP, HTTP client and server, and WenSocket client and server. A security vulnerability exists in Cesanta Mongoose versions prior to 7.2, which stems from a null pointer...

4.3CVSS6.4AI score0.00241EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.15 views

DB Electronica Mozart FM Transmitter 安全漏洞

DB Electronica Mozart FM Transmitter is a line of professional-grade FM radio transmitters from DB Electronica, Italy. A security vulnerability exists in the DB Electronica Mozart FM Transmitter WEBMOZZI-00287 version, which originates from the presence of reflective cross-site scripting in the...

5.4CVSS6.9AI score0.00242EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.15 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not disabling the lite DTB service, which could lead to memory access conflicts...

6.1AI score0.00182EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.15 views

WordPress plugin TNC Toolbox Web Performance 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin TNC Toolbox Web Performance, which stem...

10CVSS6AI score0.01041EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/10/31 12:0 a.m.15 views

WordPress plugin Polylang 安全漏洞

WordPress Polylang plugin is a multilingual WordPress plugin for creating and managing multilingual websites, supports switching from 1 to 10 or more languages, the core functionality is fully integrated with WordPress built-in features e.g. taxonomies without additional dependency on external...

8.8CVSS7.4AI score0.00332EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.15 views

LiteLLM 信息泄露漏洞

LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. LiteLLM suffers from an information disclosure vulnerability that stems from exposing sensitive information when handling the health endpoint APIKEY parameter, which could lead to credential...

3.5CVSS4.3AI score0.00418EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.15 views

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject arbitrary JavaScript code...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.15 views

WordPress plugin JetSearch SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...

9.3CVSS7.8AI score0.00388EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.15 views

Fuji Electric V-SFT 缓冲区错误漏洞

Fuji Electric V-SFT is a screen configuration software from Fuji Electric Japan. A buffer error vulnerability exists in Fuji Electric V-SFT v6.2.7.0 and earlier versions, which stems from an out-of-bounds read in VS6MemInIF!settemptypedefault, which could lead to information disclosure, abnormal...

8.4CVSS7.6AI score0.00168EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/07 12:0 a.m.15 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not freeing the pll-ratetable memory when clkregister fails, which could lead to a memory leak...

4.9AI score0.0015EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.16 views

Mastra 安全漏洞

Mastra is an AI agent framework open-sourced by mastra-ai. A security vulnerability exists in Mastra versions 0.13.8 through 0.13.20-alpha.0, which stems from a security check being bypassed and could lead to a directory traversal attack...

6.5CVSS6.4AI score0.00541EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.15 views

KEYENCE KV STUDIO 安全漏洞

KEYENCE KV STUDIO is a PLC programming and debugging software from KEYENCE Japan. A security vulnerability exists in KEYENCE KV STUDIO that originates from a stack buffer overflow and could lead to the execution of arbitrary code...

8.4CVSS7.9AI score0.0017EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/30 12:0 a.m.15 views

WordPress plugin Nexa Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

6.4CVSS5.8AI score0.00224EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/29 12:0 a.m.15 views

Go implementation of Fast Finality in Filecoin 安全漏洞

Go implementation of Fast Finality in Filecoin is a Golang library for a fast validation mechanism open-sourced by Filecoin. A security vulnerability exists in Go implementation of Fast Finality in Filecoin version 0.8.8 and earlier, which stems from the validation result caching mechanism not...

6.5CVSS8.9AI score0.00223EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/28 12:0 a.m.15 views

Tenda CH22 安全漏洞

Tenda CH22 is an enterprise-grade wireless router from Tenda. The Tenda CH22 suffers from a buffer overflow vulnerability that originates from improper handling of the dips parameter in the formWrlExtraGet function in the /goform/GstDhcpSetSer file. An attacker can exploit this vulnerability to...

9CVSS8.2AI score0.00736EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/09/27 12:0 a.m.15 views

Flag Forge 访问控制错误漏洞

Flag Forge is an easy-to-use CTF platform open-sourced by FlagForge. An access control error vulnerability exists in Flag Forge versions 2.0.0 through prior to 2.3.1, which stems from a lack of proper authentication and authorization in the /api/resources endpoint, which could result in an...

8.6CVSS6.7AI score0.00346EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.15 views

WordPress plugin Core 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

5.9CVSS5.7AI score0.00203EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/21 12:0 a.m.15 views

UTT 1200GW 安全漏洞

The UTT 1200GW is an enterprise-grade wireless router from Atech Technology UTT designed to meet the networking needs of small to medium-sized businesses or large space office environments. The UTT 1200GW suffers from a buffer overflow vulnerability that originates from the failure of the paramet...

9CVSS7.9AI score0.0099EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/09/18 12:0 a.m.15 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect handling of memory copy operations in the i.MX DSP kernel, which could lead to a kernel crash...

5.5CVSS6AI score0.00134EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.15 views

SourceCodester Online Exam Form Submission SQL注入漏洞

SourceCodester Online Exam Form Submission is a SourceCodester open source online exam submission system. A SQL injection vulnerability exists in SourceCodester Online Exam Form Submission version 1.0, which stems from incorrect manipulation of the parameter phone in the file /user/dashboard.php,...

8.8CVSS6.9AI score0.00308EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.15 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly handling the debugfslookup return value, which could lead to a memory leak...

5.5CVSS4.9AI score0.00185EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.15 views

dstack 安全漏洞

dstack is a TEE deployment tool from the Dstack TEE open source. A security vulnerability exists in versions prior to dstack 0.5.4, which stems from the possibility that a malicious host could provide specially crafted LUKS2 data volumes, leading to the disclosure of Wireguard keys and other secr...

8.5CVSS9.2AI score0.00159EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.15 views

OpsMill Infrahub 安全漏洞

OpsMill Infrahub is an infrastructure resource management platform from the French company OpsMill. A security vulnerability exists in OpsMill Infrahub versions prior to 1.3.9 and prior to 1.4.5, which stems from an error in the authentication logic that could cause deleted or expired API tokens ...

5.5CVSS6.5AI score0.00177EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.15 views

Envoy 资源管理错误漏洞

Envoy is an Enphase open source gateway program for connecting smart home devices. A resource management error vulnerability exists in Envoy versions 1.34.0 through 1.34.4 and 1.35.0, which stems from the presence of post-release reuse in the DNS cache and could result in an abnormal process...

7.5CVSS6.5AI score0.0044EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/31 12:0 a.m.15 views

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA version 10.0-410 and earlier, which stems from a cross-site scripting attack due to incorrect manipulation of the parameter description/queryName in the file...

5.4CVSS4.3AI score0.00302EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/08/29 12:0 a.m.15 views

Payload 代码问题漏洞

Payload is a Headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Payload has a code issue vulnerability that stems from JWT not being invalidated after logout, which could lead to token reuse...

6.3CVSS6.7AI score0.00484EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.15 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by a lack of permission checking in handleBondStateChanged of AdapterService.java. An attacker can exploit this vulnerability to obtain sensitive...

7.5CVSS6AI score0.00297EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.15 views

Microsoft Windows File Explorer 信息泄露漏洞

Microsoft Windows File Explorer is a file manager application from Microsoft USA. A spoofing vulnerability exists in Microsoft Windows File Explorer that is caused by the exposure of sensitive information to unauthorized participants in File Explorer. An attacker could exploit the vulnerability t...

6.5CVSS6.3AI score0.25671EPSS
Exploits4References2
CNNVD
CNNVD
added 2025/08/05 12:0 a.m.15 views

LibreChat 授权问题漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. An authorization issue vulnerability exists in LibreChat versions 0.0.6 through 0.7.7-rc1, which stems from a test endpoint exposure that could lead to the disclosure of arbitrary user chat logs...

7.5CVSS6.4AI score0.00446EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/07/09 12:0 a.m.15 views

WordPress plugin Events Manager SQL注入漏洞

WordPress Events Manager plugin is a full-featured event management tool that supports event registration, ticket sales, booking management and recurring event settings. The WordPress Events Manager plugin suffers from a SQL injection vulnerability that stems from the plugin's failure to adequate...

7.5CVSS7.5AI score0.55683EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/06/27 12:0 a.m.15 views

WordPress plugin PlatiOnline Payments 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.5AI score0.00222EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/19 12:0 a.m.15 views

HDF5 安全漏洞

HDF5 is a library of HDF open source . HDF5 there is a buffer overflow vulnerability , the vulnerability stems from the file H5FSsection.c function H5FSsectfindnode failed to correctly validate the length of the input data size , an attacker can exploit the vulnerability to cause a denial of...

5.3CVSS7AI score0.00209EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.15 views

WordPress plugin Maia 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.1CVSS7.8AI score0.00496EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.15 views

WordPress plugin eForm - WordPress Form Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS6.5AI score0.00222EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/11 12:0 a.m.15 views

WordPress plugin WP-DownloadManager 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information...

4.9CVSS4.9AI score0.00355EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.15 views

SAP GRC 安全漏洞

SAP GRC is a suite of solutions and products from SAP, Germany. can help you manage enterprise resources in a way that minimizes risk, builds trust, and reduces compliance costs. A security vulnerability exists in SAP GRC that stems from improper authorization and could result in modification or...

8.8CVSS6.6AI score0.00344EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.15 views

Schneider Electric EVLink WallBox 操作系统命令注入漏洞

The Schneider Electric EVLink WallBox is a home charging station from the French company Schneider Electric. The Schneider Electric EVLink WallBox suffers from an operating system command injection vulnerability that originates from improper neutralization of special elements in OS commands, whic...

7CVSS7.4AI score0.00929EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.15 views

GeoServer 安全漏洞

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer that stems from a REST API security bypass that could lead to information disclosure...

5.3CVSS6.1AI score0.01022EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/05/30 12:0 a.m.15 views

Next.js 安全漏洞

Next.js is a React framework open-sourced by Vercel. A security vulnerability exists in versions of Next.js prior to 13.0 through 15.2.2, which stems from a possible source code leak when the App Router is enabled on the development server...

4.3CVSS8.9AI score0.00166EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/30 12:0 a.m.15 views

FreeScout 跨站脚本漏洞

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that stems from not filtering the payload when creating translated phrases, no details of the vulnerability are...

6CVSS6.3AI score0.00222EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/05/28 12:0 a.m.15 views

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from exposing a heap dump endpoint when configuring Spring Boot Actuator...

5.3CVSS8.3AI score0.08489EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/18 12:0 a.m.15 views

FreeFloat FTP Server 安全漏洞

FreeFloat FTP Server is an FTP service from Freefloat. A buffer overflow vulnerability exists in FreeFloat FTP Server, which stems from the component TRACE Command Handler failing to properly validate the length size of input data, no details of the vulnerability are provided at this time...

9.8CVSS7.3AI score0.00588EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.15 views

FreeFloat FTP Server 安全漏洞

FreeFloat FTP Server is an FTP service from Freefloat. A buffer overflow vulnerability exists in FreeFloat FTP Server, which stems from the MDELETE Command Handler component failing to properly validate the length size of input data, no details of the vulnerability are provided at this time...

9.8CVSS7.3AI score0.00596EPSS
Exploits1References6
Total number of security vulnerabilities5000