Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/09/23 12:0 a.m.34 views

Apache Pulsar 信任管理问题漏洞

Apache Pulsar is an Apache Foundation distributed messaging platform for cloud environments that integrates messaging, storage, and lightweight functional computing. The software supports multi-tenancy, persistent storage, multi-room cross-regional data replication, with strong consistency, high...

5.9CVSS6.7AI score0.00597EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/15 12:0 a.m.34 views

Roxy-WI 命令注入漏洞

Roxy-WI is an open source web interface for managing Haproxy, Nginx and Keepalived servers. A command injection vulnerability exists in Roxy-WI versions prior to 6.1.1.0, which stems from the ability to remotely run system commands via the subprocessexecute function...

10CVSS8.3AI score0.20446EPSS
Exploits3References5
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.34 views

WordPress plugin Limit Login Attempts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. versions of the WordPress Limit Login Attempts plugin prior to 4.0.72 have a cross-site scripting...

4.8CVSS5.7AI score0.00848EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/06/24 12:0 a.m.34 views

Rails 跨站脚本漏洞

Rails is a set of Rails team based on the Ruby language open source web application framework. Rails suffers from a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker can exploit the vulnerability to...

6.1CVSS5.7AI score0.29316EPSS
Exploits1References11
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.34 views

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform, HANA Database from SAP startservice. An attacker exploited the vulnerability to escalate privileges, which...

5CVSS5.7AI score0.00439EPSS
Exploits2References8
CNNVD
CNNVD
added 2022/05/10 12:0 a.m.34 views

多款Siemens产品代码问题漏洞

Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...

9.1CVSS8.2AI score0.00918EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/05/09 12:0 a.m.34 views

Microweber 安全漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber versions prior to 1.2.15 that stems from a...

8.8CVSS7AI score0.08958EPSS
Exploits4References7
CNNVD
CNNVD
added 2022/04/22 12:0 a.m.34 views

git-interface 操作系统命令注入漏洞

git-interface is an interface for using git repositories in node.js by the Russian individual developer Yarkeev Denis. A security vulnerability exists in yarkeev git-interface versions prior to 2.1.1, which stems from a lack of filtering of the git clone and git --upload-pack command line...

10CVSS8.3AI score0.03928EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/04/13 12:0 a.m.34 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. An authorization issue vulnerability exists in Mattermost 6.4.1 and earlier versions, which stems from an API that fails to properly protect permissions and can be exploited by an authenticated attacker to bypass restrictio...

4.3CVSS5.2AI score0.00625EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/10/28 12:0 a.m.34 views

NETGEAR R6260 安全漏洞

NETGEAR R6260 is a router device. A security vulnerability exists in NETGEAR R6260 routers, which stems from the device's failure to properly validate the length of user-supplied data before copying it to a fixed-length buffer, which could be exploited by an attacker to execute code in the root...

8.8CVSS5.9AI score0.01374EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/07/12 12:0 a.m.34 views

Brave 安全漏洞

Brave is a fast, private and secure web browser from Brave USA. A security vulnerability exists in Brave Desktop versions 1.17 - 1.26.60 that could lead to information disclosure...

5.9CVSS6.4AI score0.01826EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/06/08 12:0 a.m.34 views

Microsoft Office SharePoint 代码问题漏洞

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...

8.1CVSS5.3AI score0.04563EPSS
Exploits4References8
CNNVD
CNNVD
added 2021/05/18 12:0 a.m.34 views

node-mpv 格式化字符串错误漏洞

node-mpv is a Node.js based MPV player module. A security vulnerability exists in mpv version 0.33.0 and earlier versions, which can be exploited by an attacker to achieve code execution via a crafted m3u playlist file...

7.8CVSS6.1AI score0.02409EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.33 views

Webmin 安全漏洞

Webmin is a set of web-based system management tools for Unix-like operating systems, developed by the Webmin community. Versions of Webmin prior to 2.640 contained a security vulnerability, which stemmed from the insecure construction of the attachment save file name in the mailboxes/detachall.c...

9.4CVSS5.8AI score0.00303EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.33 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a failure in the spisetup function during spi device registration, resulting in the controller...

5.8AI score0.00123EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.33 views

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from stack buffer overflows in several underlying...

7.2CVSS6.2AI score0.00352EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.33 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.2 contained security vulnerabilities. These vulnerabilities were caused by race conditions in ZIP extraction, which could allow local attackers to write files outside of the...

5.8CVSS5.8AI score0.00081EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.33 views

V-SOL GPON/EPON OLT Platform 输入验证错误漏洞

V-SOL GPON/EPON OLT Platform is an optical line terminal management platform from China Semiconductor V-SOL. An input validation error vulnerability exists in V-SOL GPON/EPON OLT Platform version v2.03, which stems from improper validation of the parent parameter input and could lead to an open...

9.8CVSS6.7AI score0.00373EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.33 views

SOCA Access Control System 安全漏洞

SOCA Access Control System is an access control system from China's Sunchem SOCA. A security vulnerability exists in SOCA Access Control System version 180612, which stems from a lack of request validation and could lead to cross-site request forgery attacks...

5.3CVSS6.6AI score0.00191EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/09/10 12:0 a.m.33 views

Hoverfly 授权问题漏洞

Hoverfly is a lightweight open source API emulation tool open-sourced by SpectoLabs. An authorization issue vulnerability exists in Hoverfly 1.11.3 and earlier versions that originates from an unprotected WebSocket endpoint and could lead to information disclosure...

8.8CVSS6AI score0.00663EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.33 views

Microsoft Windows Kernel 输入验证错误漏洞

Microsoft Windows Kernel is the kernel of the Windows operating system from Microsoft Corporation USA. An input validation error vulnerability exists in Microsoft Windows Kernel. An attacker can exploit the vulnerability to elevate privileges. The following products and versions are...

8.8CVSS6.3AI score0.0382EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/08/16 12:0 a.m.33 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from rxrpc calling localbhenable when IRQ is disabled, which may result in a warning...

5.5CVSS6.5AI score0.00128EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/01 12:0 a.m.33 views

Debian devscripts 安全漏洞

Debian devscripts is a Debian community package that contains a collection of packages for system maintenance and scripting. A security vulnerability exists in Debian devscripts that stems from the uscan tool skipping OpenPGP authentication when verifying upstream sources...

9.8CVSS6.7AI score0.00235EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.33 views

MediaWiki Security Breach

MediaWiki is a set of free and freely available web-based Wiki engines from the American Wikimedia Wikimedia Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki has a security vulnerability that stems from the fact that MediaWiki i...

5.8AI score0.00454EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/03 12:0 a.m.33 views

ABB RMC-100 安全漏洞

The ABB RMC-100 is a remote modular controller from ABB Switzerland. Capable of managing automation, liquid and gas measurements, asset data centralization for large production and transmission facilities. A security vulnerability exists in the ABB RMC-100 that stems from the use of hard-coded...

6.3CVSS6.5AI score0.00228EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/27 12:0 a.m.33 views

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS 0.9.0 and earlier versions, which stems from a lack of length checking in JSReadString, and may result in a heap buffer overflow...

5.6CVSS5.9AI score0.00247EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/12/22 12:0 a.m.33 views

REDCap 安全漏洞

REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap 15.0.0 and earlier versions, which stems from a lack of cross-site request forgery protection in the logout functionality, which allows an attacker to trigger a logout...

8.8CVSS6.6AI score0.0024EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.33 views

SAP Adobe Document Service 代码问题漏洞

Adobe Document Service is a service provided by Adobe for processing documents, supporting PDF creation, editing and other functions. A code issue exists in Adobe Document Service that originates from a vulnerability that allows an attacker with administrator privileges to send a specially crafte...

9.1CVSS9.1AI score0.00892EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/04 12:0 a.m.33 views

WordPress plugin WP Job Manager – Company Profiles 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exis...

6.1CVSS7.7AI score0.00285EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.33 views

Microsoft GroupMe 代码问题漏洞

Microsoft GroupMe is a confidential group messaging service from Microsoft. Users can conduct and manage SMS group chat via cell phone SMS or client. Microsoft GroupMe suffers from an Access Control Error vulnerability that stems from improper access control. An attacker could exploit the...

9.8CVSS6.7AI score0.00788EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/28 12:0 a.m.33 views

JupyterLab 安全漏洞

JupyterLab is a JupyterLab open source extensible environment for interactive and repeatable computation, based on the Jupyter Notebook and architecture. A security vulnerability exists in JupyterLab that originates from opening a malicious notebook or Markdown file with Markdown cells using the...

7.6CVSS6.5AI score0.00373EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/20 12:0 a.m.33 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unhandled soft interrupt causing a fix to hang...

5.5CVSS6.5AI score0.00213EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.33 views

HDF Group HDF5 安全漏洞

HDF Group HDF5 is a suite of tools for managing and storing different types of data from the American company HDF Group. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF5 version 1.13.3 and pri...

7.4CVSS8.1AI score0.00223EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.33 views

WordPress plugin Prime Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS6.2AI score0.0034EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.33 views

WordPress plugin iPanorama 360 WordPress Virtual Tour Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.5AI score0.00424EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/19 12:0 a.m.33 views

ArgoCD Security Vulnerabilities

ArgoCD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...

8.3CVSS6.7AI score0.00386EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/11/01 12:0 a.m.33 views

Cisco Firepower Threat Defense Security Vulnerability

Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services. A security vulnerability exists in the Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense that stems from a vulnerability in the Remote Access VPN featur...

8.6CVSS6.6AI score0.0064EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/17 12:0 a.m.33 views

Apache Airflow 输入验证错误漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An information disclosure vulnerability exists in Apache Airflow Spark Provider...

7.5CVSS6.1AI score0.01667EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.33 views

Carel Boss Mini 安全漏洞

Carel Boss Mini is a locally supervised solution for small, medium and large systems from Carel Italia. A security vulnerability exists in Carel Boss Mini version 1.4.0 Build 6221, which stems from the parameter path of the file boss/servlet/document can lead to file inclusion...

9.8CVSS7.5AI score0.75206EPSS
Exploits6References4
CNNVD
CNNVD
added 2023/06/23 12:0 a.m.33 views

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A cross-site scripting vulnerability exists in xwiki-platform-web versions 2.2.1 through 14.4.8, xwiki-platform-web-templates versions prior to 14.4.8, 14.5 through 14.10.5...

9CVSS5.3AI score0.00714EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/06/16 12:0 a.m.33 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from an inability to clean up temporary error messages, which can be exploited by an attacker to obtain the content of arbitrary messages via...

6.5CVSS6.8AI score0.00616EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.33 views

Joomla! 输入验证错误漏洞

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! versions 4.2.0 through 4.3.1, which stems from a lack of input validation and can lead to open redirects and cross-site scripting XSS...

6.1CVSS6.7AI score0.00406EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/19 12:0 a.m.33 views

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates from incorrect boundary checking of avdtscbhdlpktnofrag in the avdtscbact.cc component, which can be exploited by an attacker to elevate...

7.8CVSS7AI score0.00091EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/24 12:0 a.m.33 views

Microsoft Snipping Tool 安全漏洞

Microsoft Snipping Tool is a screenshot tool from Microsoft Corporation USA. A security vulnerability exists in Microsoft Snipping Tool, which stems from the presence of an information disclosure vulnerability...

3.3CVSS5.2AI score0.0202EPSS
Exploits2References3
CNNVD
CNNVD
added 2023/01/27 12:0 a.m.33 views

Razer Synapse 代码问题漏洞

Razer Synapse is an application from Razer, Inc. designed to configure and customize Razer's line of hardware. A security vulnerability exists in versions prior to Razer Synapse 3.7.0830.081906 that stems from its insecure installation path, improper privilege management, and improper certificate...

6.8CVSS6.8AI score0.00633EPSS
Exploits4References9
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.33 views

Jenkins Plugin TestQuality Updater 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

8.8CVSS7.7AI score0.00515EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/17 12:0 a.m.33 views

Deno 竞争条件问题漏洞

Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. Deno suffers from a Competing Conditions Issue vulnerability that arises when a multi-threaded program can spoof an interactive permission prompt by rewriting the...

7.5CVSS7.3AI score0.00601EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/01/09 12:0 a.m.33 views

Apache Sling 跨站脚本漏洞

Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. It is designed to create content-centric applications on JSR-170 compliant content repositories such as Apache Jackrabbit. A cross-site scripting vulnerability exists in Sling App CMS...

5.4CVSS5.5AI score0.01382EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/19 12:0 a.m.33 views

Concourse 安全漏洞

Concourse is an automated system written in Go by Concourse Open Source. A security vulnerability exists in Concourse versions prior to 7.x.y through 7.8.3 and versions prior to 6.x.y through 6.7.9, which stems from the ability of its users to send a request with a request body...

5.4CVSS5.7AI score0.00446EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.33 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc. in the United States. A security vulnerability exists in Google Chrome Mac and Linux versions prior to 108.0.5359.124, and Windows versions prior to 108.0.5359.125, which stems from a post-release reuse in Blink Frames...

8.8CVSS8.1AI score0.00651EPSS
Exploits0References9
Total number of security vulnerabilities5000