Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2023/04/24 12:0 a.m.32 views

Backdrop CMS 跨站脚本漏洞

Backdrop CMS is an open source content management system CMS. A security vulnerability exists in Backdrop CMS versions prior to 1.24.2. An attacker can exploit this vulnerability to inject arbitrary web script or html code via the name parameter...

4.8CVSS5.5AI score0.00536EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.32 views

Microsoft .NET Core 安全漏洞

Microsoft .NET Core is a free open source development platform from Microsoft USA. The platform features multi-language support and cross-platform. NET has a DLL hijacking remote code execution vulnerability that can be exploited by an attacker to remotely execute code...

7.8CVSS8.8AI score0.01531EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/03/30 12:0 a.m.32 views

HashiCorp Vault 安全漏洞

HashiCorp Vault is a private key access management tool from the US-based HashiCorp. HashiCorp Vault suffers from a security vulnerability that stems from vulnerability to a cache timing attack, where an attacker who is able to observe a large number of unblocking operations on a host through a...

5CVSS5.7AI score0.0021EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.32 views

answer 安全漏洞

answer is an open source knowledge-based community software. A security vulnerability exists in versions of answer prior to 1.0.6 that stems from bypassing authentication...

9.8CVSS6.3AI score0.00837EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/14 12:0 a.m.32 views

Microsoft PostScript Printer Driver 安全漏洞

Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft USA. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft Corporation. Microsoft PostScript and PCL6 Class Printer Driver contains an information disclosure...

6.5CVSS6.1AI score0.01532EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/27 12:0 a.m.33 views

OpenMage Magento Lts 代码问题漏洞

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A code issue vulnerability exists in OpenMage LTS versions 19.4.22 through 20.0.19, which originates from an administrator who has the right to upload files and create products via DataFlow, and can execute arbitrary code...

7.2CVSS7.4AI score0.01235EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.33 views

memos 授权问题漏洞

memos is an open source hosted meme center with knowledge management and social features. A vulnerability exists in memos prior to version 0.9.1 due to an authorization issue, which can be exploited by an attacker to archive any private memos, delete any shortcuts, and edit any shortcuts from oth...

7.3CVSS6.4AI score0.00507EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/11/02 12:0 a.m.32 views

Fortinet FortiMail 安全漏洞

Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides email security and data protection features. A security vulnerability exists in Fortinet FortiMail versions 7.2.0, 7.0.0 through 7.0.3, 6.4, 6.2, 6.0, and 6.0, which stems from improper...

6.5CVSS6.4AI score0.00349EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/31 12:0 a.m.32 views

WordPress plugin Easy WP SMTP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

7.2CVSS7.2AI score0.01126EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/10/03 12:0 a.m.32 views

php uploader 代码问题漏洞

CreativeDream php uploader is an easy-to-use, high-performance file upload script for CreativeDream personal developers. CreativeDream php uploader version 0.3 is vulnerable to arbitrary file uploads, which stem from a lack of valid validation of uploaded files by the application. An attacker cou...

9.8CVSS7.4AI score0.01087EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/09/29 12:0 a.m.32 views

Discourse 安全漏洞

Discourse is an open source community discussion platform. An access control error vulnerability exists in versions of Discourse prior to 2.8.9 and prior to 2.9.0.beta10. The vulnerability stems from improper access control of the API, which could be exploited to create new topics and edit existi...

7.2CVSS6.8AI score0.0072EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.32 views

lighttpd 安全漏洞

lighttpd is an open source web server developed by Jan Kneschke in Germany. A security vulnerability exists in lighttpd that originates from a denial-of-service attack that can be triggered via CLOSEWAIT / CONSTATEREADPOST...

7.5CVSS7.2AI score0.02714EPSS
Exploits4References9
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.32 views

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A security vulnerability exists in Google TensorFlow, which stems from an assertion failure in the GPU kernel when MaxPool receives a window-sized input array ksize with a...

7.5CVSS7.5AI score0.00396EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/02 12:0 a.m.32 views

NodeBB Forum Software 跨站请求伪造漏洞

NodeBB is a forum system from the Design Create Play team built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. A cross-site request forgery vulnerability exists in NodeBB Forum Software versions prior to 1.17.1, which stems from an unwanted condition in t...

8.8CVSS7.2AI score0.0046EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/08/24 12:0 a.m.32 views

Exment SQL注入漏洞

Exment is simple, easy, lightweight and free web database. A security vulnerability exists in Exment PHP8 v5.0.2 and earlier, laravel-admin v3.0.0 and earlier, and exment PHP7 v4.4.2 and earlier, which can be exploited by attackers to execute arbitrary SQL commands...

8.8CVSS6.2AI score0.0119EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/05 12:0 a.m.32 views

Supersmart 安全漏洞

Supersmart is an artificially intelligent automated checkout for brick-and-mortar retail from Israel's Supersmart. Supersmart Walk suffers from a security vulnerability that stems from the presence of unauthorized actions performed on other customers, which can be exploited by an attacker to rese...

7.5CVSS7.4AI score0.00431EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/28 12:0 a.m.32 views

SQUIRREL 缓冲区错误漏洞

SQUIRREL is a stable version of the programming language SQUIRREL 3.2. A buffer error vulnerability exists in SQUIRREL 2.2.5 and earlier and 3.1 and earlier 3.x. The vulnerability stems from sqclass.cpp allowing out-of-bounds reads in the kernel interpreter, which can lead to code execution that,...

10CVSS9.1AI score0.02177EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.32 views

hestiacp 操作系统命令注入漏洞

hestiacp is a lightweight and powerful control panel for the modern web. An operating system command injection vulnerability exists in hestiacp versions prior to 1.6.5, which stems from the ability to inject arbitrary commands when installing DokuWiki...

9.9CVSS8.5AI score0.4749EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/07/19 12:0 a.m.32 views

Moodle 跨站脚本漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. a cross-site scripting vulnerability exists in the LTI module of Moodle, which stems from a lack of data validation filtering of...

6.1CVSS5.2AI score0.03747EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.32 views

Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader is a PDF reader from Foxit China.A remote code execution vulnerability exists in Foxit PDF Reader Annotation, which can be exploited by attackers to execute code in the context of the current process...

7.8CVSS6.6AI score0.01065EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/01 12:0 a.m.33 views

git-clone 参数注入漏洞

git-clone is a repository for cloning git repositories developed by Jason Frame in the UK. A parameter injection vulnerability exists in git-clone, which stems from an unsafe use of git's --upload-pack feature, which makes all versions of the package git-clone vulnerable to command injection...

10CVSS8.3AI score0.03227EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/05/30 12:0 a.m.32 views

WordPress plugin Amazon Link 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Amazon Link plugin 3.2.10 and earlier versions have a cross-site scripting vulnerability th...

4.8CVSS5.3AI score0.00565EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/05/25 12:0 a.m.32 views

HashiCorp go-getter 命令注入漏洞

HashiCorp go-getter is a library for HashiCorp's Go golang for downloading files or directories from various sources using URLs as the primary form of input. A command injection vulnerability exists in HashiCorp go-getter version 2.0.2 and prior versions, which stems from the presence of a comman...

9.8CVSS7AI score0.01525EPSS
Exploits0References24
CNNVD
CNNVD
added 2022/05/18 12:0 a.m.32 views

ArgoCD 安全漏洞

ArgoCD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...

10CVSS8.3AI score0.01857EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/04/27 12:0 a.m.32 views

Hashicorp go-getter 日志信息泄露漏洞

Hashicorp go-getter is a library for Go golang that is used to download files or directories from various sources using URLs as the primary form of input. A log information disclosure vulnerability exists in Hashicorp go-getter version 1.5.11, which stems from the ability of the go-getter library...

5.5CVSS7AI score0.00403EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.32 views

WordPress plugin RRatingg SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...

9.8CVSS6AI score0.01743EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.32 views

PSR-7 Message Implementation 输入验证错误漏洞

PSR-7 Message Implementation is a complete PSR-7 message implementation. An input validation error vulnerability exists in PSR-7 Message Implementation version 1.8.3 and earlier and in psr7 from version 2.0.0 through 2.1.0. An attacker can add a new line of characters and pass untrusted values...

7.5CVSS7.2AI score0.02384EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/03/09 12:0 a.m.32 views

Shopware 代码问题漏洞

Shopware is a German Shopware company's open source e-commerce software. A code issue vulnerability exists in Shopware that stems from the fact that in the affected version, a user session is not logged off if the password is reset via password recovery. An attacker could exploit the vulnerabilit...

3.5CVSS6.1AI score0.00477EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/06/16 12:0 a.m.32 views

PHPMailer 代码问题漏洞

PHPMailer is a PHP class library for sending e-mail. A security vulnerability exists in PHPMailer that originates from untrusted data in a path with a UNC pathname, which can be exploited by an attacker to remotely execute code...

8.1CVSS7.7AI score0.02803EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.32 views

Ubuntu Apport 后置链接漏洞

Canonical Ubuntu is a GNU/Linux operating system from the British company Canonical that focuses on desktop applications. A security vulnerability exists in Ubuntu Apport that stems from the incorrect handling of certain information gathering operations, which can be exploited by an attacker who...

7.3CVSS6.6AI score0.00289EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.31 views

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained a security vulnerability. This vulnerability stemmed from the lack of cleanup for configuration file upload forms or the absence of restrictions on SVG/XML uploads, which coul...

8.5CVSS5.7AI score0.00276EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.31 views

Kilo Code 路径遍历漏洞

Kilo Code is an open-source AI coding assistant developed by Kilo Code. Versions of Kilo Code 7.0.47 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of parameters File in the Bun.file function within the File Diff API Endpoint component...

6.5CVSS5.8AI score0.0058EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.31 views

Traefik 访问控制错误漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.46, 3.6.17, and 3.7.1 contained a access control vulnerability. This vulnerability stemmed from the Kubernetes Gateway API provider, which allowed tenants with permission to create...

9.9CVSS5.8AI score0.00468EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.31 views

i18next-fs-backend 路径遍历漏洞

i18next-fs-backend is an open-source backend layer developed by i18next for Node.js and Deno environments. It is used to load translation resources from the file system. Versions of i18next-fs-backend prior to 2.6.4 contained a path traversal vulnerability. This vulnerability arises from directly...

8.2CVSS5.8AI score0.00292EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.31 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error in the doprocmapquery function, potentially leading to a double mmput operation due to an...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.31 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the release of resources after an initstream failure, which could lead to post-release reuse...

6.1AI score0.0018EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.31 views

SOCA Access Control System 安全漏洞

SOCA Access Control System is an access control system from China's Sunchem SOCA. A security vulnerability exists in SOCA Access Control System version 180612, which stems from an unvalidated POST parameter and could lead to a SQL injection attack...

9.3CVSS7.7AI score0.00354EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/10/06 12:0 a.m.31 views

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

5.4CVSS5.8AI score0.00217EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.31 views

WordPress plugin AP Background 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary file upload vulnerability exists in the WordPress AP Background plugin, which stems from a lack of authorization and insufficient file validation in the...

8.8CVSS8.1AI score0.00588EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.31 views

Microsoft SQL Server 竞争条件问题漏洞

Microsoft SQL Server is a large commercial database system from Microsoft Corporation that is used under Microsoft Windows. A competitive condition issue vulnerability exists in Microsoft SQL Server. An attacker exploiting this vulnerability could gain access to sensitive information. The followi...

6.5CVSS6.8AI score0.00765EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.31 views

Microsoft Office 安全漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

8.4CVSS7.8AI score0.00659EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.31 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a deadlock in the sa1100settermios function...

5.5CVSS5.5AI score0.00191EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/02/25 12:0 a.m.31 views

NVIDIA CUDA toolkit 安全漏洞

The NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. A security vulnerability exists in the NVIDIA CUDA toolkit, which stems from a crash in the cuobjdump binary that could lead to a partial denial...

2.8CVSS6AI score0.00226EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.31 views

Astro 跨站请求伪造漏洞

Astro is an Astro open source web framework for content-driven websites. A cross-site request forgery vulnerability exists in Astro version 4.16.16 and earlier, which stems from a flaw in the cross-site request forgery protection middleware that allows requests to bypass CSRF checks, leaving them...

6.5CVSS6.5AI score0.00213EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/11/04 12:0 a.m.31 views

ZOHO ManageEngine ADManager Plus 安全漏洞

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO, Inc. designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

8.8CVSS7.6AI score0.015EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/31 12:0 a.m.31 views

Beckhoff TwinCAT 操作系统命令注入漏洞

Beckhoff TwinCAT is a software system from Beckhoff, Germany, consisting of a real-time environment and a real-time system for executing control programs in a development environment. The system is mainly used for PLC Programmable Logic Controller programming, diagnostics and system configuration...

6.5CVSS7.3AI score0.00189EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/30 12:0 a.m.31 views

LevelOne WBR-6012 安全漏洞

The LevelOne WBR-6012 is a wireless router from LevelOne. A security vulnerability exists in the LevelOne WBR-6012 that stems from a reliance on client IP addresses for authentication, resulting in an authentication bypass vulnerability in the web application...

9CVSS6.8AI score0.00914EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/24 12:0 a.m.31 views

HTMLDOC 安全漏洞

HTMLDOC is an open source program by Michael R Sweet, an individual developer, that converts HTML and Markdown files into EPUB, Indexed HTML, PostScript and PDF format files. A security vulnerability exists in HTMLDOC version v1.9.18, which stems from the discovery of a buffer overflow...

9.8CVSS6.8AI score0.00682EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/10/05 12:0 a.m.31 views

WordPress plugin Author Avatars List/Block 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Author Avatars...

6.5CVSS6.1AI score0.00237EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.31 views

Devise-Two-Factor 安全漏洞

Devise-Two-Factor is a minimalist extension of Devise to the Devise-Two-Factor open source. It is used to provide support for two-factor authentication via TOTP schemes. A security vulnerability exists in Devise-Two-Factor versions 2.2.0 and earlier and 6.0.0 and earlier, which stems from an...

6CVSS6.5AI score0.00641EPSS
Exploits0References3
Total number of security vulnerabilities5000