Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2024/04/09 12:0 a.m.40 views

Microsoft SharePoint 安全漏洞

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...

6.8CVSS6.4AI score0.01395EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/16 12:0 a.m.40 views

Kubernetes 安全漏洞

Kubernetes K8s is an open source system from the Cloud Native Computing Foundation for automating the deployment, scaling, and management of containerized applications. A security vulnerability exists in Kubernetes Kubelet that stems from a setting that allows Pods to bypass seccomp configuration...

5.5CVSS6.4AI score0.00257EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/04/03 12:0 a.m.40 views

Hitachi Vantara Pentaho Business Analytics Server 代码注入漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that stems from not allowing system administrators to...

8.8CVSS6.8AI score0.00555EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/28 12:0 a.m.40 views

WordPress plugin Unlimited Elements For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

5.9CVSS4.9AI score0.00392EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/16 12:0 a.m.40 views

Pulsar Plus System Controller 安全特征问题漏洞

Pulsar Plus System Controller is a Pulsar Plus series controller. A security vulnerability exists in the ABB Pulsar Plus System Controller NE843S, ABB Infinity DC Power Plant, which stems from the presence of an Insufficient Use of Random Values vulnerability. The following products and versions...

6.3CVSS5.2AI score0.00427EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/09 12:0 a.m.40 views

crossplane 资源管理错误漏洞

crossplane is a framework for building cloud-native control planes without writing code. A resource management error vulnerability exists in crossplane-runtime that stems from user-supplied input that is not properly validated, which could use too much memory and lead to out of memory...

7.5CVSS7.2AI score0.00798EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/03 12:0 a.m.40 views

Pimcore 代码问题漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates applications for Web content management, e-commerce frameworks, and product information management. A code issue vulnerability exists in...

8.2CVSS6.7AI score0.00476EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.40 views

fhir-ig-publisher 路径遍历漏洞

HL7 fhir-ig-publisher is the source code for IG publisher from HL7. A security vulnerability exists in fhir-ig-publisher versions prior to 1.2.30, which originates from a vulnerability that allows attackers to extract files from ZIP or TGZ packages into arbitrary directories via directory travers...

8.1CVSS7.8AI score0.01166EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/12/18 12:0 a.m.40 views

ctrlo lenio 安全漏洞

lenio is an open source facility management system from ctrlo. A security vulnerability exists in ctrlo lenio, which stems from unknown code in the views/task.tt file of its Task Handler component that operates on the parameters site.org.name/check.name/task.tasktype allowing an attacker to...

6.1CVSS5.7AI score0.00385EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/18 12:0 a.m.40 views

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc...

7.5CVSS6.8AI score0.0044EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.40 views

Hoosk CMS 代码问题漏洞

Hoosk CMS is a lightweight content management system. Hoosk CMS v1.8.0 suffers from an arbitrary file upload vulnerability that stems from its /attachments component failing to validate uploaded files. An attacker can exploit the vulnerability to remotely execute code...

9.8CVSS7.2AI score0.00935EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/11/08 12:0 a.m.40 views

Netwrix Auditor 代码问题漏洞

Netwrix Auditor is a suite of IT auditing software from US-based Netwrix. The software features user behavior analysis, proactive detection of security threats, and alerts on threat types. A security vulnerability exists in Netwrix Auditor User Activity Video Recording. An attacker can exploit th...

9.8CVSS9AI score0.36009EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/10/21 12:0 a.m.40 views

Softmotions IOWOW 缓冲区错误漏洞

Softmotions IOWOW is a C11 persistent key/value store based on a jump table data structure from Softmotions. A security vulnerability exists in Softmotions IOWOW version 1.4.15 and prior versions, which stems from a contained stack buffer overflow vulnerability. An attacker could exploit this...

7.5CVSS7.6AI score0.00649EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.40 views

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. Google TensorFlow suffers from an input validation error vulnerability that stems from a segmentation error that can be used to trigger a denial-of-service attack if...

7.5CVSS7.4AI score0.00423EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.40 views

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in the Microsoft Windows Credential Roaming Service. The following products and versions are affected:Windows 10 Version 1809 for 32-b...

7.3CVSS7.7AI score0.0147EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/31 12:0 a.m.40 views

Flux2 路径遍历漏洞

Flux2 is a tool from the Cloud Native Computing Foundation that keeps Kubernetes clusters synchronized with their configuration sources. A path traversal vulnerability exists in Flux2 versions v0.21.0 through v0.31.0, which stems from mishandling of user-supplied input and can be exploited by an...

7.8CVSS6.7AI score0.00306EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.40 views

Red Hat Keycloak 跨站脚本漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from an application having incorrect input validation. An attacker could exploit...

3.8CVSS5.9AI score0.00572EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/06/10 12:0 a.m.40 views

Couchbase Sync Gateway 信任管理问题漏洞

Couchbase Sync Gateway is a secure web gateway for data access and data synchronization over the web from Couchbase, Inc. A security vulnerability exists in the Couchbase Sync Gateway version 3.x, prior to version 3.0.2, which stems from the fact that administrator credentials are not validated...

9.8CVSS8.2AI score0.00763EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/15 12:0 a.m.40 views

7-Zip 缓冲区错误漏洞

7-Zip is a compression software. A buffer error vulnerability exists in 7-Zip 21.07 that allows privilege escalation and command execution when a file with the extension .7z is dragged into the HelpContents area. This is caused by a 7z.dll configuration error and heap overflow. The command runs i...

7.8CVSS8.1AI score0.01523EPSS
Exploits8References10
CNNVD
CNNVD
added 2022/02/17 12:0 a.m.40 views

snapd 后置链接漏洞

Snapd is an open source, cross-platform package management tool. snapd suffers from a security vulnerability that can be exploited by local attackers to cause snapd to restrict the execution of other arbitrary binaries, thereby gaining privileged escalation...

8.8CVSS6AI score0.00351EPSS
Exploits0References14
CNNVD
CNNVD
added 2021/12/17 12:0 a.m.40 views

Mattermost 输入验证错误漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost 6.0 and earlier versions, which can be exploited by an authenticated attacker to cause a WEB application client to crash via a maliciously crafted post...

5.7CVSS5.7AI score0.00835EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/07/30 12:0 a.m.41 views

WordPress 访问控制错误漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress SendGrid plugin version 1.11.8 and earlier is vulnerable to an access control error, which stems fro...

4.3CVSS5.6AI score0.00698EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.39 views

WordPress plugin Form Notify 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.8CVSS5.8AI score0.0073EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.39 views

Open Cascade OCCT 缓冲区错误漏洞

Open Cascade OCCT is a 3D modeling and geometry computation kernel from the French company Open Cascade. A buffer error vulnerability exists in Open Cascade OCCT version V800rc5, which stems from an out-of-bounds read issue in the VrmlDataIndexedLineSet::TShape function in the VRML parser, as the...

5.5CVSS5.9AI score0.00099EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.39 views

PropertyGuru AgentNet Singapore App 安全漏洞

The PropertyGuru AgentNet Singapore App is a mobile application used by PropertyGuru in Singapore as an real estate agency. The PropertyGuru AgentNet Singapore App versions prior to 23.7.10 contained a security vulnerability, which was caused by the use of hardcoded encryption keys for parameters...

4.8CVSS5.8AI score0.00144EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.39 views

Authlib 安全漏洞

Authlib is the ultimate Python library for building OAuth and OpenID Connect servers open-sourced by Authlib. A security vulnerability exists in Authlib versions prior to 1.6.5 that stems from the JOSE implementation accepting unlimited JWS/JWT headers and signature segments, which could lead to ...

7.5CVSS7.2AI score0.00596EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.39 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from the fact that ledheartbeatfunction may cause a sleep operation to be executed in atomic...

5.5CVSS6.1AI score0.00138EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.39 views

HP LaserJet Pro 安全漏洞

HP LaserJet Pro is a line of laser printers and MFPs from Hewlett-Packard HP in the United States. A security vulnerability exists in the HP LaserJet Pro that stems from an information disclosure issue that could cause a non-authenticated user to query the device's local address book...

6.9CVSS5.7AI score0.00274EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/27 12:0 a.m.39 views

CampCodes Courier Management System 注入漏洞

CampCodes Courier Management System is a courier management system from CampCodes Philippines. An injection vulnerability exists in CampCodes Courier Management System version 1.0, which originates from a SQL injection due to a misbehavior of parameter s in file /parcellist.php...

8.8CVSS7AI score0.00487EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.39 views

SonicWALL SMA1000 代码问题漏洞

The SonicWALL SMA1000 is a series of secure mobile access solutions from SonicWALL, Inc. simplifies end-to-end secure remote access to enterprise resources hosted across local, cloud and hybrid data centers. The SonicWALL SMA1000 suffers from a cross-site request forgery vulnerability that stems...

7.2CVSS7AI score0.0031EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/03 12:0 a.m.39 views

Browser Use 安全漏洞

Browser Use is an open source application from Browser Use. Allows AI agents to access websites. A security vulnerability exists in versions of Browser Use prior to 0.1.45 that stems from improper URL parsing of alloweddomains, which could lead to user information being placed in the authorizatio...

4CVSS6.2AI score0.00445EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.39 views

LiteLLM 安全漏洞

LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. A security vulnerability exists in LiteLLM v1.52.1, which stems from an error in the parsing team settings that resulted in the disclosure of Langfuse API keys, potentially leading to the...

7.5CVSS7.4AI score0.00523EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/12 12:0 a.m.39 views

Cisco IOS XR 权限许可和访问控制问题漏洞

Cisco IOS XR is a set of operating systems developed by Cisco USA for its network devices. A Privilege Permission and Access Control Issues vulnerability exists in Cisco IOS XR Software that stems from incorrect handling of packets, which could lead to bypassing configured access control lists...

5.8CVSS6.5AI score0.00376EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/24 12:0 a.m.39 views

Pure-FTPd 安全漏洞

Pure-FTPd is an FTP File Transfer Protocol server from the individual developer Frank Denis. A security vulnerability exists in Pure-FTPd versions prior to 1.0.52, which stems from an out-of-bounds read problem in the domlsd of the ls.c file...

8.6CVSS8.7AI score0.01511EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.39 views

BYOB 安全漏洞

BYOB Build Your Own Botnet is an open source post-exploitation framework for students, researchers and developers by malwaredllc individual developers. BYOB has a security vulnerability that originates from unauthenticated remote code execution via arbitrary file writes and command injection...

9.9AI score0.03891EPSS
Exploits3References1
CNNVD
CNNVD
added 2024/06/19 12:0 a.m.39 views

WordPress plugin Themify Ultra security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6.8AI score0.00364EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/23 12:0 a.m.39 views

Gibbon 安全漏洞

Gibbon is a school platform that solves real-world problems that educators encounter every day. A security vulnerability exists in Gibbon version 26.0.00 and earlier that stems from a vulnerability that allows an attacker to conduct a PHP via columnOrder in a POST request to...

8.8CVSS8.5AI score0.5132EPSS
Exploits7References3
CNNVD
CNNVD
added 2024/01/21 12:0 a.m.39 views

Mbed TLS Security Vulnerability

Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library. A security vulnerability exists in Mbed TLS version 3.5.1. An attacker could exploit this vulnerability to cause a denial of service...

7.5CVSS6.6AI score0.00685EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/01/12 12:0 a.m.39 views

Wazuh Security Breach

Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh versions prior to 4.5.3 that stems from the presence of a stack overflow...

7.8CVSS6.8AI score0.00236EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.39 views

find-exec 操作系统命令注入漏洞

find-exec is a shime personal developer that takes a list of shell commands and returns the first available command. An operating system command injection vulnerability exists in find-exec versions prior to 1.0.3, which stems from the inability to properly escape user input and the ease with whic...

9.8CVSS8.5AI score0.01489EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/23 12:0 a.m.39 views

编号撤回

SQLite is a lightweight database that is an ACID-compliant relational database management system. This CVE number has been withdrawn...

6.1AI score
Exploits0References4
CNNVD
CNNVD
added 2023/05/12 12:0 a.m.39 views

H3C R160 安全漏洞

The H3C R160 is a wireless router from China's Xinhua San H3C. A security vulnerability exists in the H3C R160 V1004004 version that stems from a stack-based buffer overflow due to incorrect manipulation of the parameter go...

9.8CVSS6.9AI score0.00982EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.39 views

Zyxel ZyWALL USG 操作系统命令注入漏洞

The Zyxel ZyWALL USG is a network security firewall appliance from China's Heqin Zyxel. An operating system command injection vulnerability exists in Zyxel ZyWALL USG versions 4.60 through 5.35, which stems from improper error message handling. An attacker could exploit this vulnerability to...

9.8CVSS8.8AI score0.99284EPSS
Exploits8References4
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.39 views

sqlparse 安全漏洞

sqlparse is Python's non-validating SQL parser. It provides support for parsing, splitting and formatting SQL statements. A security vulnerability exists in sqlparse version 0.1.15 and later. An attacker could exploit this vulnerability to cause a denial of service...

7.5CVSS6.7AI score0.0098EPSS
Exploits0References12
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.39 views

AVEVA Plant SCADA Access Anywhere 授权问题漏洞

AVEVA Plant SCADA Access Anywhere is a reliable, flexible and high-performance Supervisory Control and Data Acquisition SCADA software solution for industrial process customers from AVEVA. The true value and power of Plant SCADA can be accessed in any compatible web browser. An authorization issu...

9.8CVSS8.4AI score0.00678EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.39 views

WordPress plugin ShiftNav 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/01/16 12:0 a.m.39 views

Froxlor 命令注入漏洞

Froxlor is a lightweight server management software from the Froxlor team. A command injection vulnerability exists in Froxlor versions prior to 2.0.8, which stems from the presence of command injection...

8.8CVSS7.2AI score0.97653EPSS
Exploits8References6
CNNVD
CNNVD
added 2023/01/12 12:0 a.m.39 views

Cisco Small Business RV340 和 RV345 操作系统命令注入漏洞

The Cisco Small Business RV340 and the Cisco Small Business RV345 are both products of Cisco, Inc.The Cisco Small Business RV340 is a router. The Cisco Small Business RV340 is a router, a hardware device that connects two or more networks and acts as a gateway between them.The Cisco Small Busines...

7.2CVSS7.5AI score0.00675EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/12 12:0 a.m.39 views

WordPress plugin GetYourGuide Ticketing 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

4.8CVSS5AI score0.00392EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.39 views

Digital Alert Systems DASDEC EAS 跨站脚本漏洞

Digital Alert Systems DASDEC EAS is a digital alert system from Digital Alert Systems in the United States. A cross-site scripting vulnerability exists in all current versions of Digital Alert Systems DASDEC, which stems from a lack of effective filtering and escaping of user-supplied data on an...

5.4CVSS5.9AI score0.00341EPSS
Exploits0References4
Total number of security vulnerabilities5000