Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/06/13 12:0 a.m.37 views

Electron 输入验证错误漏洞

Electron is a personal developer of a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium can use HTML, CSS to achieve cross-platform desktop application writing. An input validation error vulnerability exists in Electron versions...

7.2CVSS7AI score0.0085EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/08 12:0 a.m.37 views

Das U-Boot 缓冲区错误漏洞

Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A security vulnerability exists in Das U-Boot versions prior to 2022.01, which stems from U-Boot's...

5.5CVSS7.8AI score0.00439EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/06/08 12:0 a.m.37 views

Das U-Boot 缓冲区错误漏洞

Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A security vulnerability exists in Das U-Boot 2022.01 and earlier versions, which stems from the...

7.8CVSS7.5AI score0.00554EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/05/25 12:0 a.m.37 views

HashiCorp go-getter 输入验证错误漏洞

HashiCorp go-getter is a library for HashiCorp's Go golang for downloading files or directories from various sources using URLs as the primary form of input. An input validation error vulnerability exists in HashiCorp go-getter version 2.0.2 and prior versions, which stems from the inability to...

8.6CVSS6.9AI score0.01279EPSS
Exploits0References22
CNNVD
CNNVD
added 2022/03/23 12:0 a.m.37 views

Razer Synapse 3 代码问题漏洞

Razer Synapse 3 is an application from Razer USA, Inc. A cloud-based unified hardware configuration tool. A security vulnerability exists in Razer Synapse prior to version 3.7.0228.022817 that stems from the fact that Razer Synapse prior to version 3.7.0228.022817 allows privilege escalation...

7.3CVSS7.3AI score0.00889EPSS
Exploits5References12
CNNVD
CNNVD
added 2021/08/13 12:0 a.m.37 views

Hashicorp HashiCorp Vault 信息泄露漏洞

HashiCorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp, USA. An information disclosure vulnerability exists in HashiCorp Vault, which stems from a misconfiguration of the product's cache that causes the browser to incorrectly cache sensitive information about a...

5.3CVSS5.6AI score0.00911EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/06/21 12:0 a.m.37 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress Autoptimize plugin versions prior to 2.7.8, which allows an...

4.8CVSS5.7AI score0.00617EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.36 views

QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞

QNAP Systems QTS and QNAP Systems QuTS Hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability stems from command injection, which...

8.6CVSS6AI score0.00977EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.36 views

Open Cascade OCCT 缓冲区错误漏洞

Open Cascade OCCT is a 3D modeling and geometry computation kernel from the French company Open Cascade. A buffer error vulnerability exists in Open Cascade OCCT version V800rc5, which stems from multiple issues with the IGES and STEP file parsers, including an out-of-bounds read of...

5.5CVSS5.9AI score0.00098EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.36 views

pnpm security vulnerabilities

PNPM is a package manager developed by the open-source project Pnpm. Versions of Pnpm prior to 10.28.1 contained security vulnerabilities. These vulnerabilities were caused by path traversal in binary links, which could allow malicious npm packages to create executable files or symbolic links...

6.5CVSS5.8AI score0.00438EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.36 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Card Framework module, which can be exploited by an attacker to cause...

8CVSS5.8AI score0.00102EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.36 views

Adobe Animate 代码问题漏洞

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause a memory information disclosure...

5.5CVSS6.5AI score0.00203EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.36 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an uninitialized object removal operation that could result in a null pointer dereference...

5.5CVSS6.4AI score0.00146EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/07/23 12:0 a.m.36 views

SAMSUNG MagicINFO 9 Server 安全漏洞

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. SAMSUNG MagicINFO 9 Server suffers from a path traversal vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

9.8CVSS7.6AI score0.00638EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.36 views

Microsoft Office 资源管理错误漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

7.8CVSS8AI score0.00825EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.36 views

WordPress plugin SQL Chart Builder SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

6.5CVSS8.8AI score0.00531EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.36 views

Visteon Infotainment 数据伪造问题漏洞

Visteon Infotainment is an automotive infotainment system from Visteon Corporation. Visteon Infotainment suffers from a data forgery vulnerability that arises from insufficient authenticity verification of the firmware image provided during firmware updates to the VIP microcontroller, which could...

8.8CVSS8.8AI score0.0017EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/06 12:0 a.m.36 views

WordPress plugin mFolio Lite 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

9.9CVSS8.1AI score0.00944EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.36 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A competing conditional vulnerability exists in versions of Mozilla Firefox prior to 131.0.3, which can be exploited by attackers to cause unexpected behavior and cause the browser to crash...

6.5CVSS8.6AI score0.00258EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.36 views

Grafana 安全漏洞

Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana that stems from the fact that if a...

5.4CVSS6.4AI score0.00305EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/16 12:0 a.m.36 views

WordPress plugin JetSearch 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS5.8AI score0.00293EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/01 12:0 a.m.36 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from a failure to properly validate synchronized reactions when shared channels are enabled, which allows a malicious remote person to create...

4.3CVSS6.6AI score0.00276EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/01 12:0 a.m.36 views

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a series of chipsets from Qualcomm, an American company. A security vulnerability exists in Qualcomm Chipsets. An attacker exploiting the vulnerability could gain access to sensitive information...

7.5CVSS6.7AI score0.00213EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.36 views

Siemens Solid Edge 安全漏洞

Siemens Solid Edge is an enterprise-class computer-aided design software for complex 3D modeling. Siemens Solid Edge suffers from a stack buffer overflow vulnerability that stems from improper memory management when the software parses specially crafted PAR files. An attacker can exploit the...

7.8CVSS7.6AI score0.00279EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/29 12:0 a.m.36 views

WordPress plugin Auto Featured Image (Auto Post Thumbnail) 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

4.4CVSS7AI score0.00277EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/17 12:0 a.m.36 views

Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from allowing unauthenticated cross-domain messages, allowing an attacker to...

7.4CVSS7.4AI score0.00448EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/04/04 12:0 a.m.36 views

Quarkus 安全漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from the leakage of local configuration properties into Quarkus applications...

7CVSS6.7AI score0.00286EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/04 12:0 a.m.36 views

rust-openssl 安全漏洞

rust-openssl is a library from Rust for interacting with the OpenSSL library. A security vulnerability exists in rust-openssl that stems from the presence of a timing-based side channel flaw...

5.9CVSS5.8AI score0.00415EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/01/31 12:0 a.m.36 views

Label Studio 代码问题漏洞

Label Studio is an open source data labeling tool from Heartex Open Source. Allows you to use a simple and clear UI mark audio, text, images, video and time series and other data types , and exported to a variety of model formats . A code issue vulnerability exists in Label Studio versions prior ...

5.3CVSS6.1AI score0.00737EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/01/19 12:0 a.m.36 views

Vite Security Vulnerabilities

Vite is a new front-end build tool from Vite open source. Vite has a security vulnerability , the vulnerability stems from the file system is not case-sensitive...

7.5CVSS6.9AI score0.00791EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/01/03 12:0 a.m.36 views

Apktool Path Traversal Vulnerability

Apktool is a tool for reverse engineering Android APK files. A path traversal vulnerability exists in Apktool 2.9.1 and earlier versions, which stems from the fact that Apktool can infer the output path of a resource file based on the name of the resource, which can be exploited by an attacker to...

7.8CVSS6.7AI score0.0132EPSS
Exploits2References3
CNNVD
CNNVD
added 2023/12/20 12:0 a.m.36 views

WordPress Plugin Themify Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

9.9CVSS6.8AI score0.00584EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/19 12:0 a.m.36 views

Apache InLong 代码问题漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. Apache InLong has a deserialization vulnerability that originates from unsafe deserialization processing of serialized data receive...

7.5CVSS7.5AI score0.00969EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.36 views

WordPress plugin Stripe Payment Plugin for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

9.8CVSS8.3AI score0.00966EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/05/22 12:0 a.m.36 views

Apache InLong 安全漏洞

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. A security bypass vulnerability exists in Apache InLong versions 1.2.0 through 1.6.0, which can be exploited by an attacker to cancel an application...

7.5CVSS6.8AI score0.01247EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/12 12:0 a.m.36 views

多款BirdDog产品信任管理问题漏洞

BirdDog STUDIO R3 and others are products of BirdDog Inc.BirdDog STUDIO R3 is a camera.BirdDog 4K QUAD is a camera.BirdDog MINI is a video encoder. The BirdDog STUDIO R3, 4K QUAD, MINI, and A300 EYES are vulnerable to a trust management issue that stems from the use of hard-coded credentials. An...

9.8CVSS8.4AI score0.00462EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/05/02 12:0 a.m.36 views

FS-S3900-24T4S 安全漏洞

The FS-S3900-24T4S is a switch from FS. A security vulnerability exists in the FS-S3900-24T4S that stems from the presence of privilege escalation...

8.8CVSS7.9AI score0.05343EPSS
Exploits4References4
CNNVD
CNNVD
added 2023/03/22 12:0 a.m.36 views

VISAM VBASE Automation Base 代码问题漏洞

VISAM VBASE is a data acquisition and monitoring system from VISAM Germany. A security vulnerability exists in VISAM VBASE Automation Base versions prior to 11.7.5. An attacker who exploits this vulnerability could disclose sensitive information...

5.5CVSS5.7AI score0.03332EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.36 views

KubeVirt 安全漏洞

Kubevirt is a virtual machine manager. A security vulnerability exists in KubeVirt 0.59.0 and later, which stems from the ability to modify all node specifications using the virt-handler service account if a malicious user takes over a Kubernetes node running virt-handler...

8.2CVSS7.6AI score0.00611EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/12 12:0 a.m.36 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system. phpMyFAQ versions prior to 3.1.11 have a security vulnerability that stems from a weak password requirement. No detailed vulnerability details are currently available...

8.8CVSS6.9AI score0.00707EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/12/22 12:0 a.m.36 views

destiny.gg chat 跨站请求伪造漏洞

destiny.gg chat is destiny.gg open source a destin.gg chat backend. destiny.gg chat suffers from a cross-site request forgery vulnerability that stems from a problem with the function websocket.Upgrader in the file main.go, which could lead to cross-site request forgery...

8.8CVSS7.5AI score0.00343EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/15 12:0 a.m.36 views

Apache BookKeeper 信任管理问题漏洞

Apache BookKeeper is a scalable, fault-tolerant, and low-latency storage service optimized for real-time workloads from the Apache Foundation USA. A trust management issue vulnerability exists in the Apache Bookkeeper Java Client versions prior to 4.14.6 and prior to 4.15.0, which stems from a...

5.9CVSS5.9AI score0.01021EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/25 12:0 a.m.36 views

MPXJ 安全漏洞

MPXJ is an open source library for Jon Iles individual developers. It is used to read and write project plans from various file formats and databases. A security vulnerability exists in MPXJ versions prior to 10.14.1 that stems from the use of File.createTempFile... This causes a temporary file t...

3.3CVSS5AI score0.00208EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.36 views

Moodle 跨站脚本漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle versions 3.11.0 and later, 3.11.1 and earlier, 4.0.0 and later, and 4.0.5 and...

5.4CVSS6.4AI score0.00655EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/11/19 12:0 a.m.36 views

TestNG 路径遍历漏洞

TestNG is a Java language testing framework developed by Cedric Beust. A path traversal vulnerability exists in TestNG, which stems from an affected testngXmlExistsInJar function in the testng-core/src/main/java/org/testng/JarFileUtils.java file in the component XML File Parser, which could lead ...

7.8CVSS6.1AI score0.00876EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/11/18 12:0 a.m.36 views

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is an open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from the fact that entering 'densefeatures' or 'examplestatedata' that is not rank 2 will trigger a 'CHECK' failure in...

7.5CVSS6.6AI score0.0044EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.36 views

Microsoft Azure 操作系统命令注入漏洞

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from Microsoft Corporation USA. An operating system command injection vulnerability exists in Microsoft Azure CLI versions prior to 2.40.0, which originates from a host running Azure CLI commands where the parameter...

9.8CVSS8.5AI score0.03207EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/08/18 12:0 a.m.36 views

Teledyne FLIR AX8 操作系统命令注入漏洞

Teledyne FLIR AX8 is a series of thermal surveillance cameras from Teledyne FLIR USA. Teledyne FLIR AX8 1.46.16 and earlier versions suffer from an operating system command injection vulnerability that originates from an attacker being able to use root privileges to execute arbitrary commands on...

9.8CVSS8.2AI score0.99607EPSS
Exploits9References13
CNNVD
CNNVD
added 2022/08/12 12:0 a.m.36 views

ForkCMS 跨站脚本漏洞

ForkCMS is a software application. An easy-to-use open source CMS using Symfony components. A security vulnerability exists in ForkCMS version 5.9.3. A remote attacker can exploit this vulnerability to inject JavaScript via the "enddate" parameter...

4.8CVSS5.4AI score0.00631EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/03 12:0 a.m.36 views

DevExpress 代码问题漏洞

DevExpress is a software from DevExpress, Inc. for providing best-in-class UI controls, tools and frameworks for WinForms, ASP.NET, MVC, Blazor, ASP.NET Core, WPF, VCL, Xamarin and JavaScript. A code issue vulnerability exists in DevExpress SafeBinaryFormatter that stems from a lack of proper...

8.8CVSS8.2AI score0.02598EPSS
Exploits0References2
Total number of security vulnerabilities5000