Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/06/30 12:0 a.m.36 views

Robustel R1510 操作系统命令注入漏洞

The Robustel R1510 is an industrial VPN router from Robustel China.The Robustel R1510 is vulnerable to an operating system command injection vulnerability, which stems from the fact that specially crafted network packets can be subject to a command injection vulnerability in the...

9.8CVSS6AI score0.04251EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/06/24 12:0 a.m.36 views

CODESYS Gateway Server 安全漏洞

CODESYS Gateway Server is an extended CODESYS Gateway from CODESYS Corporation that connects a CODESYS Automation Server to a CODESYS PLC in a local network. A security vulnerability exists in versions prior to CODESYS Gateway Server V2 V2.3.9.38 that stems from comparing only a portion of a...

9.8CVSS8.6AI score0.01184EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/10 12:0 a.m.36 views

posix 安全漏洞

posix is a portable operating system interface. A security vulnerability exists in all versions of posix, which stems from a call to the toString method that falls back to the value 0x0 and can be exploited by an attacker to conduct a Dos attack...

7.5CVSS7.3AI score0.00966EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/05/05 12:0 a.m.36 views

SchedMD Slurm 安全漏洞

SchedMD Slurm is an open source and highly scalable cluster management and job scheduling system for large and small Linux clusters from SchedMD, Inc. SchedMD Slurm versions 21.08.x through 21.08.8 A security vulnerability exists in versions 20.11.x through 20.11.9, which stems from incorrect...

9CVSS8.3AI score0.02639EPSS
Exploits0References18
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.36 views

flask-session-captcha 代码问题漏洞

flask-session-captcha is a captcha implementation of flask by the individual developer Joakim Uddholm in Germany. A security vulnerability exists in versions of flask-session-captcha prior to 1.2.1, which stems from the fact that the captcha.validate function returns None if no value is passed, a...

5.3CVSS5.7AI score0.01126EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.36 views

WordPress plugin Web To Print Shop : uDraw 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Web To Print Shop: An arbitrary file reading vulnerability exists in versions of uDraw prior...

7.5CVSS5.9AI score0.07736EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.36 views

WordPress plugin WooCommerce SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. SQL injection vulnerability exists in versions of...

8.8CVSS6.1AI score0.01511EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/03/07 12:0 a.m.36 views

Calibre-Web 代码问题漏洞

Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database. Calibre-Web suffers from a server-side cross-site request forgery vulnerability, no detailed vulnerability details are available at this time...

9.8CVSS5.3AI score0.01284EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/08/27 12:0 a.m.36 views

Mezzanine 跨站脚本漏洞

Github Mezzanine, a content management platform, is vulnerable to a cross-site scripting vulnerability that originates from a cross-site scripting XSS vulnerability in Mezzanine v4.3.1. The vulnerability can be exploited to execute arbitrary code via the "Description" field of...

6.1CVSS5.7AI score0.01119EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/07/27 12:0 a.m.37 views

Geutebrück G-Cam E2 操作系统命令注入漏洞

Geutebrück G-Cam E2 is a camera from manualslib. The Geutebrück G-Cam E2 suffers from an operating system command injection vulnerability that stems from the susceptibility of affected products to command injection attacks. An attacker can exploit this vulnerability to remotely execute arbitrary...

7.2CVSS7.8AI score0.5705EPSS
Exploits4References8
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.35 views

OpenVPN ovpn-dco-win 安全漏洞

OpenVPN ovpn-dco-win is a virtual network adapter for Windows developed by OpenVPN. There are security vulnerabilities in versions 2.0.0 to 2.8.3 of OpenVPN ovpn-dco-win. These vulnerabilities stem from errors in buffer size calculations by the epoch key generator, which may allow remotely...

5.6CVSS5.8AI score0.00148EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.35 views

OpenMRS 代码注入漏洞

OpenMRS is an open-source electronic health record system developed by OpenMRS Inc. Versions of OpenMRS from 2.7.0 to 2.7.9 and before 2.8.6 have a code injection vulnerability. This vulnerability arises from the ConceptReferenceRangeUtility.evaluateCriteria method, which evaluates condition...

9.1CVSS5.9AI score0.00317EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.35 views

anything-llm 安全漏洞

anything-llm is an integrated desktop and Docker AI application developed by Mintplex. Versions of anything-llm prior to 1.9.1 contain security vulnerabilities. These vulnerabilities stem from the improper handling of user input by the AgentFlows component, which may lead to path traversal attack...

9.1CVSS7.3AI score0.00809EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.35 views

Microsoft HTTP.sys 访问控制错误漏洞

Microsoft HTTP.sys is an HTTP application protocol from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft HTTP.sys. An attacker could exploit the vulnerability to elevate privileges. The following products and versions are affected:Windows 10 Version 21H2 for...

7.5CVSS7.3AI score0.01139EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.35 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an MSR access error that could result in a register write failure...

6.3AI score0.00182EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/19 12:0 a.m.35 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check the validity of the tx-inuse pointer, which could result in a null pointer dereference...

7.8CVSS6.1AI score0.00151EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/18 12:0 a.m.35 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly handling the debugfslookup return value, which could lead to a memory leak...

5.5CVSS5.8AI score0.00135EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/16 12:0 a.m.35 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to reject a VHT mode of operation that does not support channel widths, which could result in a...

5.5CVSS6.4AI score0.00119EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/23 12:0 a.m.35 views

SAMSUNG MagicINFO 9 Server 安全漏洞

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. SAMSUNG MagicINFO 9 Server suffers from a path traversal vulnerability that stems from an improper restriction of restricted directory pathnames. An attacker cou...

9.8CVSS7.6AI score0.00611EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/15 12:0 a.m.35 views

Oracle Java SE 资源管理错误漏洞

Oracle Java SE is a U.S. Oracle Oracle company for the development and deployment of desktop, server and embedded devices and real-time environments in the Java application. A security vulnerability exists in Oracle Java SE for Oracle Java SE and Oracle GraalVM for JDK, which can be exploited by...

3.7CVSS6.7AI score0.0057EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/18 12:0 a.m.35 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a buffer overflow that could cause a system crash...

7.8CVSS6.7AI score0.00183EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/18 12:0 a.m.35 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from kprobes not properly updating kcb status flags, which could lead to a kernel panic...

5.5CVSS7.9AI score0.00202EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.35 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a null pointer dereference vulnerability that stems from not verifying the validity of a decoder, which could lead to a null pointer dereference. An...

5.5CVSS6.9AI score0.0014EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.35 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from lib/stringhelpers not adding strarray to the device's resource list...

5.5CVSS5.1AI score0.00243EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.35 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from post-release reuse in the ep93xxclkregistergate function...

7.8CVSS5.7AI score0.00234EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.36 views

Microsoft Directx 资源管理错误漏洞

Microsoft Directx is a tool from Microsoft that is designed to fix Windows anomalies. This software repair tool automatically updates C++ components and fixes the 0xc000007b problem exception. A security vulnerability exists in Microsoft Directx. The vulnerability can be exploited by an attacker ...

8.8CVSS6.8AI score0.01345EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.35 views

Ruby 安全漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the personal developer Yukihiro Matsumoto. A security vulnerability exists in Ruby that stems from vulnerability to the Marvin attack, which allows an attacker to decrypt previously encrypted messages or forge...

7.4CVSS7.2AI score0.00626EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/14 12:0 a.m.35 views

Elastic Kibana 代码问题漏洞

Elastic Kibana is an available data visualization dashboard software from Elastic. A code issue vulnerability exists in Elastic Kibana that stems from a deserialization issue that can be triggered by Kibana when it attempts to parse a YAML document that contains a carefully crafted payload. An...

9.1CVSS9.2AI score0.01257EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.35 views

Microsoft Windows Package Manager 安全漏洞

Microsoft Windows Package Manager is a comprehensive package manager solution from Microsoft Corporation USA. A system or set of tools used to automate the installation, upgrade, configuration, and use of software. Most package managers are designed to discover and install developer tools. A...

6.2CVSS6.2AI score0.00677EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/15 12:0 a.m.35 views

libheif 安全漏洞

libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder from struktur open source. A security vulnerability exists in libheif version 1.17.6, which stems from insufficient checks when decoding HEIF files containing forged offsets, which could lead to out-of-bounds reads and write...

8.1CVSS8.1AI score0.00825EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.35 views

WordPress plugin Taxi Booking Manager for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS6AI score0.00262EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.35 views

NVIDIA ChatRTX 安全漏洞

NVIDIA ChatRTX is a content personalization chatbot from NVIDIA, USA. A security vulnerability exists in NVIDIA ChatRTX. An attacker exploits the vulnerability to cause incorrect privilege management issues by leveraging inter-process communication between different processes...

7.5CVSS6.8AI score0.00161EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.35 views

WordPress plugin Ultimate Under Construction 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

5.9CVSS5.9AI score0.00338EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/29 12:0 a.m.35 views

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product from Secomea, Denmark. A security vulnerability exists in versions prior to Secomea GateManager 11.2.624095033, which stems from the presence of a buffer overflow vulnerability...

8.2CVSS7.2AI score0.00456EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/27 12:0 a.m.35 views

phpecc 安全漏洞

phpecc is a pure PHP elliptic curve cryptography library open-sourced by Paragon Initiative Enterprises. A security vulnerability exists in phpecc versions prior to 2.0.1, which stems from a branch-based timing leak in Point addition...

4.3CVSS6.7AI score0.00408EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.35 views

Microsoft OLE DB Provider for SQL Server 安全漏洞

Microsoft OLE DB Driver for SQL Server is a standalone data access application programming interface API for OLE DB. A remote code execution vulnerability exists in Microsoft OLE DB Driver for SQL Server, which can be exploited by an attacker to execute arbitrary code on the system...

8.8CVSS8.8AI score0.02351EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/22 12:0 a.m.35 views

SolidWorks 安全漏洞

SolidWorks is a 3D CAD software from SolidWorks that runs on the Microsoft Windows platform. A security vulnerability exists in SolidWorks version 2024 that originates from a vulnerability that allows an attacker to execute arbitrary code when opening a specially crafted CATPART, DWG, DXF, IPT, J...

7.8CVSS7.5AI score0.00269EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.35 views

PTC KEPServerEX Trust Management Issue Vulnerability

PTC KEPserverEX is a connectivity platform from PTC. Users can connect, manage, monitor and control a variety of automation devices and software applications through an intuitive user interface. A security vulnerability exists in PTC KEPServerEX version v6.14.263.0 and prior versions, which stems...

7.5CVSS6.7AI score0.00442EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/11/14 12:0 a.m.35 views

Microsoft Windows Defender Security Vulnerability

Microsoft Windows Defender is a suite of antivirus software that comes with Windows systems from Microsoft USA. A security vulnerability exists in Microsoft Windows Defender. An attacker can exploit the vulnerability to elevate privileges...

7.8CVSS6.7AI score0.00805EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/25 12:0 a.m.35 views

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper versions prior to 0.3.10 that stems from allowing ecrecover to return undefined data for invalid signatures...

5.3CVSS5.6AI score0.00487EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/05/27 12:0 a.m.35 views

Craft CMS 跨站脚本漏洞

Pixel & tonic Craft CMS is a content management system CMS from the US-based company Pixel & tonic. A security vulnerability exists in Craft CMS, which stems from an incorrectly formatted RSS feed that can deliver a payload with cross-site scripting...

6.1CVSS5.5AI score0.00651EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/05/23 12:0 a.m.35 views

Linksys E2000 命令注入漏洞

The Linksys E2000 is a wireless router from Linksys USA. The Linksys E2000 1.0.06 firmware version suffers from a command injection vulnerability that stems from the fact that if an attacker gains web administrative privileges, he/she can inject commands into the post request parameters wlssid,...

7.2CVSS7.9AI score0.02354EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/05/23 12:0 a.m.35 views

Piwigo SQL注入漏洞

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. A security vulnerability exists in Piwigo version 13.6.0, which stems from a problem with the configuration file functionality and can...

9.8CVSS8.5AI score0.09058EPSS
Exploits3References4
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.35 views

Microsoft PostScript Printer Driver安全漏洞

Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft.Microsoft PCL6 Class Printer Driver is a printer driver from Microsoft. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft. An information disclosure...

6.5CVSS8.6AI score0.01461EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.35 views

Earnings and Expense Tracker App 跨站脚本漏洞

Expense Tracker is an expense tracker organized by SourceCode and Projects. A security vulnerability exists in the SourceCodester Earnings and Expense Tracker App version 1.0, which stems from incorrect manipulation of the parameter name resulting in cross-site scripting...

6.1CVSS4.3AI score0.00363EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.35 views

answer 安全漏洞

answer is an open source knowledge-based community software. A security vulnerability exists in versions of answer prior to 1.0.6, which stems from an unlimited number of authentications...

5.3CVSS5.5AI score0.00614EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/02/17 12:0 a.m.35 views

WordPress Plugin Extensions For CF7 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS5.2AI score0.00231EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.35 views

WordPress plugin The Mongoose Page Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/12/30 12:0 a.m.35 views

Apache Kylin 安全漏洞

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. kylin has a command injection vulnerability, the vulnerability stems fr...

8.8CVSS8.1AI score0.56844EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/27 12:0 a.m.35 views

memos 跨站脚本漏洞

memos is an open source hosted memo center with knowledge management and social features. A cross-site scripting vulnerability exists in memos, which can be exploited by an attacker to be able to steal a user's cookie...

5.7CVSS5.5AI score0.00539EPSS
Exploits1References3
Total number of security vulnerabilities5000