Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2024/11/15 12:0 a.m.71 views

LibreNMS 跨站脚本漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. LibreNMS suffers from a cross-site scripting vulnerability that originates from a stored...

5.4CVSS5.8AI score0.00396EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/12/19 12:0 a.m.71 views

Linux kernel 信息泄露漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. An information disclosure vulnerability exists in the Linux kernel. An attacker exploits this vulnerability to read memory segments of the Linux kernel to obtain sensitive...

5.5CVSS6.7AI score0.00954EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/03/23 12:0 a.m.71 views

GitHub argo-cd 信息泄露漏洞

GitHub argo-cd is an open source application from Github. A declarative GitOps continuous delivery tool for Kubernetes. GitHub argo-cd suffers from an information disclosure vulnerability that stems from incorrect access control leading to administrator privilege escalation. All unpatched version...

9.9CVSS8.2AI score0.01201EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.70 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Oct-2025 Release 1, which originates from an out-of-bounds write in th...

7.8CVSS6.7AI score0.00118EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/12 12:0 a.m.70 views

GraphQL 安全漏洞

GraphQL is an open source, API-oriented data query manipulation language and corresponding runtime environment created by GraphQL Open Source. A security vulnerability exists in GraphQL that stems from loading a malicious schema definition that could lead to remote code execution...

9CVSS9AI score0.02865EPSS
Exploits2References10
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.70 views

New API 授权问题漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API starting from 0.10.0 have a vulnerability related to authorization. This vulnerability stems from logical flaws in the general security verification process, allowing authenticated users with registered...

4.9CVSS6.4AI score0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/04 12:0 a.m.69 views

TOTOLINK EX1200T 安全漏洞

The TOTOLINK EX1200T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The TOTOLINK EX1200T suffers from a buffer overflow vulnerability that originates from the parameter LangType in the file /cgi-bin/cstecgi.cgi that fails to correctly validate the length and size of the input...

10CVSS8AI score0.00995EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/07/26 12:0 a.m.69 views

Raisecom MSG1200、MSG2100E、MSG2200和MSG2300 操作系统命令注入漏洞

The Raisecom MSG1200 and others are a Gigabit converged gateway from Raisecom China. An OS command injection vulnerability exists in the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300, which stems from the fact that incorrect operation of the parameter template can lead to OS command injection...

9.8CVSS6.8AI score0.934EPSS
Exploits4References5
CNNVD
CNNVD
added 2022/10/31 12:0 a.m.69 views

node-red-dashboard 跨站脚本漏洞

node-red-dashboard is a package for quickly creating real-time data dashboards. A security vulnerability exists in node-red-dashboard that stems from some unknown processing in the components/ui-component/ui-component-ctrl.js file in the component uitext Format Handler being affected, which could...

6.1CVSS5.4AI score0.00598EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.68 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper initialization of arrays, which could lead to reuse after release...

5.8AI score0.00166EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/15 12:0 a.m.68 views

OpenStack Designate Security Vulnerability

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA in the U.S. Designate is one of the components used to provide DNSaaS DNS-as-a-Service services for OpenStack. A security vulnerability exists in OpenStack Designate that stems from an acces...

6.6CVSS6.6AI score0.00203EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.68 views

Elastic Kibana Log Information Disclosure Vulnerability

Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A log message disclosure vulnerability exists in Elastic Kibana versions 8.0.0 through 8.11.1, which...

8CVSS6.4AI score0.00656EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/15 12:0 a.m.68 views

Editor.js 跨站脚本漏洞

Editor.js is a CodeX open source block style editor with clean JSON output. A cross-site scripting vulnerability exists in Editor.js versions prior to 2.26.0, which stems from easy code injection via pasted input, where the processHTML method passes pasted input to the innerHTML of the wrapper...

6.1CVSS6AI score0.00533EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/06/13 12:0 a.m.68 views

Biscuit 数据伪造问题漏洞

Biscuit is delegated, decentralized, capability-based authorization tokens. A data forgery issue vulnerability exists in the v1 version of Biscuit that stems from allowing an attacker to create tokens with any access level...

9.8CVSS8.3AI score0.0096EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/11/21 12:0 a.m.67 views

Technitium DNS Server 安全漏洞

Technitium DNS Server is an open source authoritative and recursive DNS server from the Technitium team. It can be used to self-host DNS servers for privacy and security. A security vulnerability exists in Technitium DNS Server version 8.0.2, which stems from variant V2 that allows accidental...

9.8CVSS8.2AI score0.00671EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/10/20 12:0 a.m.67 views

coreos-installer 数据伪造问题漏洞

CoreOs-Installer is a program. It is used to assist in the installation of Fedora CoreOs Fcos and CoreOs for Red Hat Enterprise Linux Rhcos. A security vulnerability exists in coreos-installer that allows an attacker to spoof victims by Gzip-compressing images and using malicious data on...

7.8CVSS7.2AI score0.00515EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.66 views

Red Hat build of Keycloak 安全漏洞

Red Hat build of Keycloak is a web application for single sign-on from Red Hat, Inc. A security vulnerability exists in Red Hat build of Keycloak version 26.4 that stems from debug mode insecurely binding the JDWP port to all network interfaces, which could lead to remote code execution...

6.8CVSS7.5AI score0.00399EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/12 12:0 a.m.66 views

WordPress plugin Simple-File-List 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

9.8CVSS7.5AI score0.12633EPSS
Exploits5References3
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.66 views

WordPress plugin TI WooCommerce Wishlist 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

10CVSS9AI score0.05128EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/12/25 12:0 a.m.66 views

WordPress plugin WP Data Access SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

7.5CVSS8.6AI score0.0047EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/30 12:0 a.m.66 views

WordPress plugin Revive Old Posts 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

7.2CVSS7.2AI score0.01046EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/02/03 12:0 a.m.66 views

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google Tensorflow suffers from an input validation error vulnerability, which can be exploited by an attacker to cause a CHECK failure denial-of-service based assertion failure and result in a denial of...

6.5CVSS5.7AI score0.008EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/12/20 12:0 a.m.66 views

Apache Solr 路径遍历漏洞

Apache Solr is the United States Apache Apache Foundation of a search server based on Lucene a full-text search engine. The product supports level search , vertical search , highlighting search results and so on. Apache Solr has a security vulnerability that can be exploited by an attacker to gai...

9.8CVSS5.7AI score0.05087EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.65 views

D-Link DIR-823G 安全漏洞

The D-Link DIR-823G is a wireless router from China's AUO D-Link. The D-Link DIR-823G suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the device...

5.4CVSS8AI score0.01495EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.65 views

Argo Events 安全漏洞

Argo Events is an event-driven workflow automation framework for Kubernetes open-sourced by Argo Project. A security vulnerability exists in versions prior to Argo Events v1.9.6 that stems from a user with the permission to create or modify EventSource and Sensor can gain privileged access to the...

9.9CVSS4.2AI score0.00724EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.65 views

GeoServer Code Issues Vulnerabilities

GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer versions 2.22.x prior to 2.22.5 and 2.23.x prior to 2.23.2 that originates from allowing users to share and edit geospatial data...

8.6CVSS6.7AI score0.00514EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/27 12:0 a.m.65 views

Graphite-Web 跨站脚本漏洞

Graphite-Web is a highly scalable real-time drawing system open-sourced by Graphite Project. A security vulnerability exists in Graphite-Web, which stems from a problem with an unknown function of the component Absolute Time Range Handler that can lead to cross-site scripting...

5.4CVSS4.8AI score0.00765EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/06/17 12:0 a.m.65 views

npm libpq 后置链接漏洞

npm libpq is a node-native binding to the PostgreSQL libpq C client library from npm USA. A backlink vulnerability exists in versions of libpq prior to 1.7.1, which stems from the fact that Read calls to g GitArtifactReader.readFromRepository do not check for files containing trigger resource...

7.5CVSS7.3AI score0.01815EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/06/15 12:0 a.m.65 views

NestJS Proxy 信息泄露漏洞

NestJS Proxy is a Finastra open source NestJS module for decorating and proxying calls. An information disclosure vulnerability exists in NestJS Proxy versions prior to 0.7.0 that stems from the nestjs-proxy library's inability to prevent the forwarding of sensitive cookies e.g., session cookies ...

7.5CVSS7.2AI score0.00603EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/17 12:0 a.m.64 views

WordPress Plugin DethemeKit For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.5CVSS5.9AI score0.00317EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/10 12:0 a.m.64 views

Parse Server 安全漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 4.10.19 or 5.3.2, which stems from an attacker's ability to contaminate prototypes via cloud code web hooks or cloud code...

9.8CVSS8.3AI score0.00875EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/03 12:0 a.m.64 views

deep-object-diff 安全漏洞

deep-object-diff is a small library by Matt Phillips, a personal developer, that can deeply differentiate between two JavaScript objects, including arrays and nested structures of objects. A security vulnerability exists in deep-object-diff version 1.1.0 that stems from an application's inability...

5.3CVSS5.7AI score0.00643EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.63 views

Cisco IOS XE 安全漏洞

Cisco IOS XE is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE that stems from improper package...

6.7CVSS6.8AI score0.00146EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.63 views

Trix 安全漏洞

Trix is a Basecamp open source rich text editor for everyday writing. A security vulnerability exists in versions prior to Trix 2.1.1 that stems from improper cleanup of pasted content...

5.4CVSS5.2AI score0.00784EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/06/20 12:0 a.m.63 views

Gentics Software Gentics CMS 跨站脚本漏洞

Gentics Software Gentics CMS is a digital publishing and content management system from the Austrian company Gentics Software. A cross-site scripting vulnerability exists in Gentics CMS version 5.36.29. An attacker can exploit this vulnerability to store malicious JavaScript code in user names an...

5.4CVSS5.6AI score0.00475EPSS
Exploits3References4
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.62 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from iommufd not properly calculating pfn lists when processing batch operations, which could lead to page metada...

5.5CVSS6.1AI score0.00128EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/09 12:0 a.m.62 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from cxl ras CPER handler device obfuscation...

5.5CVSS6.2AI score0.0012EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/17 12:0 a.m.62 views

synchrony security vulnerability

synchrony is a javascript-obfuscator cleaner and anti-obfuscator by the relative personal developer. A security vulnerability exists in synchrony versions prior to v2.4.4, which stems from the presence of a prototype contamination vulnerability. The vulnerability can be exploited to execute...

8.1CVSS7.3AI score0.00415EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.62 views

Microsoft ODBC Driver Security Vulnerability

Microsoft ODBC Driver is a driver from Microsoft. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in Microsoft ODBC Driver. An attacker could exploit the vulnerability to remotely execute code...

7.8CVSS7.3AI score0.01056EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/08/14 12:0 a.m.62 views

WordPress plugin article-directory-redux cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS6AI score0.00369EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/27 12:0 a.m.62 views

GoUtils 安全特征问题漏洞

GoUtils is Masterminds open source a library . It provides users with utility functions that manipulate strings in various ways. A security vulnerability exists in Masterminds goutils that stems from the fact that randomly generated alphanumeric strings contain much less entropy than expected, an...

9.1CVSS7.2AI score0.01319EPSS
Exploits1References17
CNNVD
CNNVD
added 2022/11/13 12:0 a.m.62 views

NodeBB 跨站请求伪造漏洞

NodeBB is a forum system from the Design Create Play team built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability exists in NodeBB 2.5.7 and earlier versions, which stems from an unknown part of the file /register/abort being affecte...

4.3CVSS4.8AI score0.00341EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/08/08 12:0 a.m.62 views

Nortek Control Linear eMerge E3-Series 信任管理问题漏洞

The Nortek Control Linear eMerge E3-Series is an access control from Nortek Control USA. It allows you to specify which doors a person can use to enter and exit a specified location at a specified time. A security vulnerability exists in the Nortek Control Linear eMerge E3-Series, which stems fro...

8.2CVSS8.1AI score0.05055EPSS
Exploits3References6
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.62 views

ZEIT Next.js 代码问题漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. NextAuth.js is the authentication for Next.js. A code issue vulnerability exists in Next.js NextAuth.js versions prior to 3.29.5 and prior to 4.5.0 that stems from a lack of validati...

7.5CVSS7.4AI score0.01571EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/09/22 12:0 a.m.62 views

Leo-Editor 安全漏洞

Leo-Editor is an open source Ide, Outline, and Pim from Edward K. Ream, an individual developer in the U.S. It is used to speed up the workflow of programmers, authors, and web designers. A security vulnerability exists in Leo-Editor version 6.2.1 due to a regular expression denial of service...

7.5CVSS7.1AI score0.01193EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/06/14 12:0 a.m.62 views

elFinder 代码问题漏洞

elFinder is a set of open source AJAX file managers based on the Drupal platform. The product provides multiple file uploads, image scaling, and other features. elFinder has a security vulnerability that could be exploited by attackers to execute arbitrary code and commands on the server hosting...

9.8CVSS6.3AI score0.69934EPSS
Exploits5References5
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.61 views

ZOHO多款产品 安全漏洞

ZOHO ManageEngine ServiceDesk Plus and others are products of ZOHO, Inc. ZOHO ManageEngine ServiceDesk Plus is a suite of IT service management software based on the ITIL architecture.ZOHO ManageEngine ZOHO ManageEngine ServiceDesk Plus is a set of IT service management software based on ITIL...

8.1CVSS6.7AI score0.00239EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/29 12:0 a.m.61 views

Code-Projects Product Inventory System 注入漏洞

Code-Projects Product Inventory System is a Code-Projects open source product inventory system. Code-Projects Product Inventory System version 1.0 suffers from an injection vulnerability, which stems from an incorrect manipulation of the parameter Username in the file /index.php resulting in SQL...

9.8CVSS7.9AI score0.00399EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.61 views

WAVLINK AC3000 安全漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the login.cgi Gotochidx function failing to correctly validate the length of the input data, and can be exploited by a remo...

10CVSS8.1AI score0.01359EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.61 views

LLaMA-Factory 操作系统命令注入漏洞

LLaMA-Factory is a fine-tuned large-scale language model by a Chinese hoshi-hiyouga individual developer. A cross-site scripting vulnerability exists in LLaMA-Factory version 0.9.0 and earlier, which stems from improper handling of user input and allows malicious actors to execute arbitrary...

9.8CVSS7.1AI score0.02273EPSS
Exploits1References4
Total number of security vulnerabilities5000