Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/11/09 12:0 a.m.39 views

pymatgen 安全漏洞

pymatgen is an open source Python library for material analysis. A security vulnerability exists in pymatgen that can be exploited to trigger an exponential ReDoS when an attacker provides arbitrary input to the GaussianInput.fromstring method...

7.5CVSS7.4AI score0.00816EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/10/18 12:0 a.m.39 views

Oracle E-Business Suite 访问控制错误漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Web...

9.8CVSS8.6AI score0.98342EPSS
Exploits7References5
CNNVD
CNNVD
added 2022/10/10 12:0 a.m.39 views

WordPress plugin Taskbuilder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Taskbuilder plugin versions prior to 1.0.8 have a cross-site scripting vulnerability that stems fro...

5.4CVSS5.9AI score0.00468EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.39 views

Google TensorFlow 安全漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that when CollectiveGather receives a scalar input input, it gives an assertion of failure, which can be exploite...

7.5CVSS6.5AI score0.00396EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/30 12:0 a.m.39 views

GNU Inetutils 代码问题漏洞

GNU Inetutils is a common set of networking programs in the GNU community. A security vulnerability exists in GNU Inetutils version 2.3 and earlier, MIT krb5-appl version 1.0.3 and earlier, which stems from dereferencing the NULL pointer and causes the telnetd application to crash...

7.5CVSS6.7AI score0.01657EPSS
Exploits1References9
CNNVD
CNNVD
added 2022/08/10 12:0 a.m.39 views

Intel Ethernet Controllers 安全漏洞

Intel Ethernet Controllers is an Ethernet controller from Intel Corporation USA. A security vulnerability exists in IntelR E810 Ethernet Controllers versions prior to 1.6.2.9, which stems from incorrect access control. An attacker could exploit this vulnerability to perform a denial of service...

4.4CVSS5.2AI score0.00191EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/12 12:0 a.m.39 views

Adobe RoboHelp 跨站脚本漏洞

Adobe RoboHelp is a help authoring tool developed and released for Windows by the American company Audobee Adobe. A cross-site scripting vulnerability exists in Adobe RoboHelp version 2020.0.7 and earlier, which stems from the program's lack of checksum filtering of user-supplied data and output...

6.1CVSS5.6AI score0.00592EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/08 12:0 a.m.39 views

Roxy-WI 操作系统命令注入漏洞

Roxy-WI is an open source web interface for managing Haproxy, Nginx and Keepalived servers. A security vulnerability exists in Roxy-WI versions prior to 6.1.1.0, which can be exploited by a remote attacker to execute remote code via a system command that can be run remotely via the...

10CVSS9AI score0.90387EPSS
Exploits15References9
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.39 views

Microsoft Excel 安全漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite of Microsoft Corporation USA. A security vulnerability exists in Microsoft Office Excel. The following products and editions are affected: Microsoft Excel 2016 32-bit edition,Microsoft Excel 2016 64-bit edition,Microsoft Exc...

7.8CVSS7.7AI score0.02162EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/31 12:0 a.m.39 views

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from XWiki France. A security vulnerability exists in the XWiki Platform Filter UI, which stems from the discovery of a cross-site scripting issue...

7.4CVSS5.8AI score0.00921EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/15 12:0 a.m.39 views

django-mfa3 授权问题漏洞

django-mfa3 is a stubborn Django application that handles multi-factor authentication MFA via FIDO2, TOTP and recovery code. A security vulnerability exists in django-mfa3. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor announcement...

8.8CVSS7.8AI score0.011EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/03/31 12:0 a.m.39 views

IdeaRe SpA IdeaRE RefTree 路径遍历漏洞

IdeaRe SpA IdeaRE RefTree is a web application for managing complex real estate situations from IdeaRe SpA, Italy. path traversal vulnerability exists in versions of IdeaRe SpA IdeaRE RefTree prior to 2021.09.17. The vulnerability stems from the failure of a web system or product to properly filt...

6.5CVSS5.6AI score0.02823EPSS
Exploits2References6
CNNVD
CNNVD
added 2022/03/17 12:0 a.m.39 views

Veeam Backup&Replication 访问控制错误漏洞

Veeam Backup & Replication is a suite of data protection software from the Swiss company Veeam. The software provides backup, replication and recovery for VMware and Hyper-V VMs, physical and cloud environments. Veeam Backup&Replication is vulnerable to an Access Control Error vulnerability, no...

10CVSS5.5AI score0.04279EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/12/27 12:0 a.m.39 views

Avast Antivirus 安全漏洞

Avast antivirus is a suite of antivirus software from the Czech company Avast.Avast Antivirus has an access control error vulnerability in versions prior to 20.4, which can be exploited by attackers to abuse the privilege to control the scan results and thus escape detection or delete arbitrary...

8.8CVSS5.8AI score0.00378EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/10/12 12:0 a.m.39 views

Microsoft System Center Operations Manager 信息泄露漏洞

Microsoft System Center Operations Manager is a large-scale monitoring and management software for corporate environments from Microsoft. Formerly known as MOM Microsoft Operations Manager, the software is primarily used to monitor IT systems and provide monitoring support for distributed...

7.5CVSS7.2AI score0.02786EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/10/12 12:0 a.m.39 views

SonicOS 输入验证错误漏洞

Sonicwall SonicOS is an operating system designed for SonicWall firewall appliances from SonicWall USA. SonicOS suffers from an input validation error vulnerability that stems from the system's lack of effective validation and escaping of host headers. The host header redirection vulnerability...

6.1CVSS6AI score0.13041EPSS
Exploits4References6
CNNVD
CNNVD
added 2021/09/17 12:0 a.m.39 views

WordPress 插件 信息泄露漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin BulletProof Security suffers from an information disclosure vulnerability that stems from the fact that the BulletProof Security plugin for WordPress can easily disclose sensitive information due to a file...

5.3CVSS6.7AI score0.7233EPSS
Exploits7References9
CNNVD
CNNVD
added 2021/08/11 12:0 a.m.39 views

ZEIT Next.js 输入验证错误漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack, and Babel.js. ZEIT Next.js is vulnerable to an input validation error in versions prior to 11.1.0, which stems from a web system or product that does not properly validate input data. An attacker...

6.9CVSS5.6AI score0.01198EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/06/11 12:0 a.m.39 views

Restund 安全漏洞

Restund is an open source network traversal server. A security vulnerability exists in Restund that stems from Restund is an open source NAT traversal server that can be instructed to return a TURN server to open a relay to a range of loopback addresses, which allows you to access any other servi...

9.6CVSS7.1AI score0.01469EPSS
Exploits4References7
CNNVD
CNNVD
added 2021/05/24 12:0 a.m.39 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Membership & Learning Management System...

5.4CVSS5.4AI score0.03249EPSS
Exploits5References6
CNNVD
CNNVD
added 2021/05/18 12:0 a.m.39 views

Epic Games Rocket League 缓冲区错误漏洞

Epic Games Rocket League is an application software from Epic Games, Inc. a game software. A buffer error vulnerability exists in Epic Games/Psyonix Rocket League version 1.95 and earlier, which stems from a stack-based buffer overflow that occurs when Rocket League processes UPK object files,...

9.3CVSS8.2AI score0.02076EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/04/11 12:0 a.m.38 views

GIMP 安全漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability that stems from insufficient length validation during the parsing of PSP files, which may lead to remote code execution...

7.8CVSS7.4AI score0.00651EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.38 views

Qdrant 安全漏洞

Qdrant is an open-source vector similarity search engine and vector database developed by Qdrant. Versions of Qdrant from 1.9.3 to 1.16.0 contained security vulnerabilities. These vulnerabilities stemmed from the /logger endpoint, which allowed arbitrary content to be appended to any file through...

8.8CVSS5.9AI score0.0049EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.38 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from an attempt to dereference a null pointer, which could result in the null pointer being dereferenced...

6.1AI score0.00203EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.38 views

PrivateBin 安全漏洞

PrivateBin is a minimalist open source online pastebin from the PrivateBin project. A security vulnerability exists in PrivateBin version 1.7.7 up to and including version 2.0.3, which stems from the presence of a local file inclusion in the template switching feature that could lead to the readi...

5.8CVSS7.3AI score0.00482EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/11 12:0 a.m.38 views

Microsoft M365 Copilot 命令注入漏洞

Microsoft M365 Copilot is an AI-powered productivity tool from Microsoft Corporation USA. Microsoft M365 Copilot suffers from a command injection vulnerability that stems from command injection and could lead to information disclosure over the network...

9.3CVSS6.9AI score0.05776EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.38 views

Microsoft Windows Netlogon 安全漏洞

Microsoft Windows Netlogon is an important component of Windows from Microsoft Corporation USA, whose main functions are authentication of users and machines on intra-domain networks and replication of databases for domain-controlled backups, as well as maintenance of domain member-to-domain,...

8.1CVSS9.1AI score0.06116EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.38 views

Autodesk Navisworks 缓冲区错误漏洞

Autodesk Navisworks is a 3D model review software for architecture, engineering, and construction by Autodesk, Inc. A security vulnerability exists in Autodesk Navisworks that originates from parsing a specially crafted DWFX file resulting in an out-of-bounds read, which could trigger a crash or...

7.8CVSS7AI score0.00212EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.38 views

Rails 安全漏洞

Rails is a set of open source web application frameworks based on the Ruby language by the US-based Rails team. A security vulnerability exists in Rails that stems from the presence of a DOM-based cross-site scripting vulnerability that allows an attacker to inject malicious script into a victim'...

6.3CVSS5.3AI score0.00632EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.38 views

Mastodon 安全漏洞

Mastodon is an open source social networking server based on ActivityPub by Mastodon Open Source. A security vulnerability exists in Mastodon versions 4.1.x prior to 4.1.17 and 4.2.x prior to 4.2.9, which stems from a vulnerability that allows rate limiting to be bypassed via a crafted HTTP reque...

7.5CVSS6.3AI score0.00458EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.38 views

Brocade Fabric OS 安全漏洞

Brocade Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Brocade USA. A security vulnerability exists in Brocade Fabric OS versions prior to 9.2.2, which stems from a vulnerability that could allow a man-in-the-middle attack for remote service...

7.1CVSS9.1AI score0.00243EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/11/04 12:0 a.m.38 views

Refit 注入漏洞

Refit is a library in the ReactiveUI open source. Refit suffers from an injection vulnerability that stems from failing to check for CRLF characters in the header value, making it vulnerable to server-side request forgery attacks...

10CVSS7AI score0.00535EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/12 12:0 a.m.38 views

OSIsoft PI Web API Code Issue Vulnerability

The Osisoft OSIsoft PI Web API is a RESTful interface to a set of PI systems from the US company Osisoft. The product supports client applications with read and write access to their AF and PI data over HTTPS. A code issue vulnerability exists in the OSIsoft PI Web API, which stems from a...

8.4CVSS7.1AI score0.00417EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.38 views

WordPress plugin ShopBuilder 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information...

5.3CVSS6AI score0.00585EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/16 12:0 a.m.38 views

WordPress Plugin LiteSpeed Cache 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

8.3CVSS8.6AI score0.54872EPSS
Exploits5References3
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.38 views

WordPress Plugin WP-Members Membership Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

7.2CVSS7.2AI score0.00675EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/03/26 12:0 a.m.38 views

Zscaler Client Connector 安全漏洞

Zscaler Client Connector is an application from zscaler. An application installed on a device that ensures that Internet traffic and access to an organization's internal applications are secure and in compliance with the organization's policies, even when not on the corporate network. A security...

7.8CVSS6.6AI score0.00313EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/18 12:0 a.m.38 views

RaspberryMatic Security Vulnerabilities

RaspberryMatic is a free and non-commercial open source operating system alternative from the individual developer Jens Maus in Germany. It is used to run cloud-free smart home IoT centers. A security vulnerability exists in RaspberryMatic versions prior to 3.75.6.20240316, which stems from...

10CVSS7.9AI score0.08739EPSS
Exploits4References2
CNNVD
CNNVD
added 2024/01/28 12:0 a.m.38 views

Sichuan Yougou Technology KuERP License Issue Vulnerability

Sichuan Yougou Technology KuERP is an e-commerce platform from Sichuan Yougou Technology, a Chinese company. An authorization issue vulnerability exists in Sichuan Yougou Technology KuERP 1.0.4 and earlier versions, which stems from a security issue in the checklogin function of...

9.8CVSS6.9AI score0.00976EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/04 12:0 a.m.38 views

WordPress plugin WP Fastest Cache SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

7.5CVSS9.3AI score0.73708EPSS
Exploits11References4
CNNVD
CNNVD
added 2023/11/15 12:0 a.m.38 views

WordPress plugin Shareaholic security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS5.8AI score0.00434EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/05/31 12:0 a.m.38 views

mx-chain-go 安全漏洞

mx-chain-go is a go implementation of the MultiversX protocol open sourced by MultiversX. A security vulnerability exists in mx-chain-go versions prior to 1.4.16, which arises from an invalid transaction caused by using the wrong username that is not properly processed by the Metachain transactio...

8.6CVSS7.6AI score0.00565EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/05/22 12:0 a.m.38 views

WordPress Plugin Side Cart Woocommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS7.8AI score0.00273EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.38 views

WordPress plugin Uji Popup 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.5CVSS6.5AI score0.00361EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.38 views

WordPress plugin WP Plugin Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

4.3CVSS6.2AI score0.00252EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.38 views

WordPress plugin menu shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS6.5AI score0.00462EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/02/24 12:0 a.m.38 views

Pulsar Plus System Controller 跨站请求伪造漏洞

The Pulsar Plus System Controller is the Pulsar Plus family of controllers. A security vulnerability exists in ABB Pulsar Plus System Controller version NE843S, which originates from ABB Infinity DC Power Plant allowing cross-site request forgery, affecting the following products and versions:...

8.8CVSS7.9AI score0.00215EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/21 12:0 a.m.38 views

WordPress plugin Watu Quiz 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

4.8CVSS5AI score0.0047EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/01/17 12:0 a.m.38 views

OpenStack 安全漏洞

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA in the U.S. Swift is one of the storage projects used to store permanent static data. A security vulnerability exists in OpenStack that stems from the fact that by providing a specially...

6.5CVSS6.7AI score0.01001EPSS
Exploits1References11
CNNVD
CNNVD
added 2022/12/08 12:0 a.m.38 views

Containous Traefik 信任管理问题漏洞

Containous Traefik is a reverse proxy and load balancer from US-based Containous. A trust management issue vulnerability exists in Containous Traefik versions prior to 2.9.6, which stems from a potential issue when managing TLS connections, where routers configured with an incorrectly formatted...

8.1CVSS6.8AI score0.00488EPSS
Exploits0References6
Total number of security vulnerabilities5000