Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2025/12/24 12:0 a.m.30 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an attempt to leave despite not joining the OCB state, which could lead to driver obfuscation...

6.1AI score0.00167EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.30 views

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity...

6.5CVSS6.8AI score0.00177EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/14 12:0 a.m.30 views

Microsoft Exchange Server 输入验证错误漏洞

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A spoofing vulnerability exists in Microsoft Exchange Server, which can be exploited by attackers...

7.5CVSS6.6AI score0.00943EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/29 12:0 a.m.30 views

SafeDep 安全漏洞

SafeDep is an open source package from SafeDep that prevents malicious open source. A security vulnerability exists in SafeDep version 1.12.4 and earlier, which stems from a lack of HTTP Host and Origin header validation and could lead to a DNS rebinding attack...

2.1CVSS8.9AI score0.0038EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.30 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly releasing the kobject reference count when device registration fails, which could lead to a memory...

5.5CVSS6.3AI score0.00143EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.30 views

mcp-kubernetes-server 安全漏洞

mcp-kubernetes-server is a Model Context Protocol server for Pengfei Ni Personal Developer. A security vulnerability exists in mcp-kubernetes-server version 0.1.11 and earlier, which stems from the use of the shell=True parameter and could lead to an OS command injection attack...

9.8CVSS7AI score0.01224EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/01 12:0 a.m.30 views

CampCodes Courier Management System 安全漏洞

CampCodes Courier Management System is a courier management system from CampCodes Philippines. A security vulnerability exists in CampCodes Courier Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter lastname in file/ajax.php...

9.8CVSS7.7AI score0.00383EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/05/04 12:0 a.m.30 views

PCMan FTP Server 安全漏洞

PCMan FTP Server is PCMan open source set of FTP server software. PCMan FTP Server suffers from a buffer overflow vulnerability that originates from the RMDIR command handler failing to properly validate the length of input data, which can be exploited by an attacker to cause a denial of service...

9.8CVSS7.2AI score0.00612EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/04/09 12:0 a.m.30 views

WordPress plugin Buddypress Humanity 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site request...

9.8CVSS8.6AI score0.00376EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.30 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect WARNONONCE check in j1939sessiondeactivate...

5.5CVSS5.3AI score0.00226EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.30 views

AutomationDirect C-More EA9 Programming Software 安全漏洞

AutomationDirect C-More EA9 Programming Software is a programming software from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect C-More EA9 Programming Software that stems from a lack of proper validation of the length of user-supplied data when parsing an EAP9 file,...

7.8CVSS8AI score0.00307EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/08 12:0 a.m.30 views

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE, which stems from the ability of...

4.3CVSS6.4AI score0.00422EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.30 views

Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A resource management error vulnerability exists in Foxit PDF Reader, which stems from the Annotation feature that contains a reuse-after-release, leading to an information disclosure vulnerability...

7.8CVSS5.5AI score0.00448EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.30 views

Intel DSA 访问控制错误漏洞

Intel DSA is a driver update tool from Intel Intel. It can detect user drivers, update the installed drivers to the latest version, support intel series of graphics cards, audio, network cards and chipset drivers, i-card users must have. An Access Control Error vulnerability exists in Intel DSA...

7.8CVSS6.5AI score0.00163EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/31 12:0 a.m.30 views

ARM Compiler 安全漏洞

ARM Compiler is a tool from ARM UK for compiling and generating applications for the ARM architecture. A security vulnerability exists in ARM Compiler versions 6.6 through 6.22, which arises from the fact that if a secure-to-non-secure function call is executed and returns a floating-point value,...

3.7CVSS4.6AI score0.00478EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/09/27 12:0 a.m.30 views

Dozzle 安全漏洞

Dozzle is a small, lightweight application by the individual developer Amir Raminfar. A security vulnerability exists in Dozzle versions prior to 8.5.3 that stems from the use of sha-256 as a password hash, which makes it vulnerable to rainbow table attacks...

7.5CVSS7.8AI score0.00208EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/09/26 12:0 a.m.30 views

WordPress plugin Bulk NoIndex & NoFollow Toolkit 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Bulk...

6.1CVSS6AI score0.0037EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/09/26 12:0 a.m.30 views

Agnaistic 安全漏洞

Agnaistic is a chatbot from Agnaistic Open Source. A security vulnerability exists in Agnaistic version 1.0.330 and earlier versions. An attacker could exploit the vulnerability to upload an image file anywhere on the server...

4.3CVSS6.6AI score0.00495EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.30 views

WordPress plugin Contact Form to Any API 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

7.2CVSS5.8AI score0.00585EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/09/18 12:0 a.m.30 views

CamaleonCMS 信息泄露漏洞

CamaleonCMS is an advanced RubyonRails-based dynamic content management system CMS from the CamaleonCMS team. An information disclosure vulnerability exists in CamaleonCMS version 2.8.0, which stems from the presence of a path traversal vulnerability that allows an authenticated user to download...

7.7CVSS5.8AI score0.1456EPSS
Exploits11References6
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.30 views

Siemens Solid Edge 安全漏洞

Siemens Solid Edge is a 3D CAD software from Siemens Germany. The software can be used for part design, assembly design, sheet metal design, welding design and other industries. Siemens Solid Edge suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute co...

7.8CVSS7.6AI score0.00299EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/13 12:0 a.m.30 views

Mitsubishi Electric MELSEC iQ-R series 安全漏洞

The Mitsubishi Electric MELSEC iQ-R series is a programmable logic controller from Mitsubishi Electric Japan. The Mitsubishi Electric MELSEC iQ-R series suffers from an information disclosure vulnerability that can be exploited by an authenticated, remote attacker to log in to the product and...

6.5CVSS6.2AI score0.00697EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/01/17 12:0 a.m.30 views

WordPress Plugin Track The Click Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

8.8CVSS7.6AI score0.00882EPSS
Exploits2References3
CNNVD
CNNVD
added 2024/01/08 12:0 a.m.30 views

WordPress Plugin ProfileGrid Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

8.8CVSS6.5AI score0.00391EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/03 12:0 a.m.30 views

CouchAuth Security Breach

CouchAuth is an authentication API. A security vulnerability exists in CouchAuth version 0.20.0 and prior versions, which stems from a password reset link that can be sent to a user by sending a specially crafted host header in a forgotten password request, which, if clicked, could allow an...

9.6CVSS7AI score0.00521EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/19 12:0 a.m.30 views

Hewlett Packard Enterprise Integrated Lights-Out Security Vulnerability

Hewlett Packard Enterprise Integrated Lights-Out is a remote control solution from Hewlett Packard Enterprise. The solution enables remote monitoring and operation of IT assets such as servers. Hewlett Packard Enterprise Integrated Lights-Out suffers from a security vulnerability that originates...

9.8CVSS6.9AI score0.00613EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.30 views

Zoom Client Security Vulnerability

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A security vulnerability exists in Zoom Client versions prior to 5.16.5 that stems from incorrect authentication. An attacker could exploit this vulnerability to conduct a denial of service via...

6.5CVSS6.6AI score0.00403EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.30 views

WordPress plugin User Activity Tracking and Log 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

4.3CVSS6.2AI score0.00218EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.30 views

GitPython 路径遍历漏洞

GitPython is a Python library open-sourced by gitpython-developers for interacting with Git repositories. A path traversal vulnerability exists in GitPython 3.1.32 and earlier versions, which stems from the fact that in order to resolve some git references, GitPython reads the file .git from a...

6.5CVSS6.2AI score0.01012EPSS
Exploits1References12
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.30 views

Siemens 多款产品 资源管理错误漏洞

JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML with available JT, VFZ, CGM, and TIF data.Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing, and design management.Teamcente...

7.8CVSS7.2AI score0.0029EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/27 12:0 a.m.30 views

WordPress plugin Gravity Forms Google Sheet Connector 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

6.5CVSS7AI score0.00307EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/05/27 12:0 a.m.30 views

Nextcloud 代码问题漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Mail that originates from an SSRF attack that could allow GET requests to be sent to services running in the...

5.3CVSS5.6AI score0.00529EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/23 12:0 a.m.30 views

Square Pig FusionInvoice 跨站脚本漏洞

Square Pig FusionInvoice is a self-service online invoicing application for freelancers and small businesses from Square Pig. A security vulnerability exists in Square Pig FusionInvoice version 2023-1.0 that stems from the presence of a stored cross-site scripting XSS vulnerability...

6.1CVSS5.9AI score0.02246EPSS
Exploits4References3
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.30 views

File Tracker Manager System SQL注入漏洞

File Tracker Manager System is a file tracker manager system. File Tracker Manager System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the parameter newpassword in the file register/updatepassword.php against externally entered SQL statements. A...

9.8CVSS8.1AI score0.00726EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/04/21 12:0 a.m.30 views

tss-lib 安全漏洞

tss-lib is an open source IO FinNet implementation of the multi-party t,n- threshold ECDSA Elliptic Curve Digital Signature Algorithm based on Gennaro and Goldfeder 20201 and EdDSA Edwards Curve Digital Signature Algorithm. A security vulnerability exists in IO FinNet tss-lib versions prior to...

7.5CVSS7.2AI score0.00864EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/04/19 12:0 a.m.30 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates in the toUriInner obfuscation agent of the Intent.java component, which can be exploited by an attacker to elevate privileges...

7.8CVSS7.1AI score0.00199EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/15 12:0 a.m.30 views

XWiki Commons 代码注入漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from the fact that any user with view permissions to normally accessible documents, including legacy notification activity macros, can execute arbitrary...

9.9CVSS8.2AI score0.01144EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/03/30 12:0 a.m.30 views

HashiCorp Vault SQL注入漏洞

HashiCorp Vault is a private key access management tool from HashiCorp Inc. in the United States. A SQL injection vulnerability exists in HashiCorp Vault versions 0.8.0 through 1.13.1, which stems from the fact that when configuring the MSSQL plugin locally, certain parameters are not cleaned up...

6.7CVSS6.6AI score0.00378EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.30 views

WordPress Plugin Usersnap 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS6.2AI score0.00407EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/14 12:0 a.m.30 views

Microsoft PostScript Printer Driver 安全漏洞

Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft USA. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft Corporation. Microsoft PostScript and PCL6 Class Printer Driver contains a remote code execution...

8.8CVSS8AI score0.01289EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/21 12:0 a.m.30 views

WordPress Plugin Japanized For WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS6.6AI score0.01213EPSS
Exploits3References4
CNNVD
CNNVD
added 2023/02/17 12:0 a.m.30 views

ARRIS TG2482A 安全漏洞

The ARRIS TG2482A is a high performance, high quality home gateway from ARRIS, Inc. for delivering high-speed broadband, VoIP telephony, and whole-home Wi-Fi. A security vulnerability exists in the ARRIS TG2482A version 9.1.103GEM9. An attacker could exploit this vulnerability to conduct Remote...

8.8CVSS8.2AI score0.42326EPSS
Exploits6References4
CNNVD
CNNVD
added 2023/02/09 12:0 a.m.30 views

Checkmk 代码问题漏洞

Checkmk is an editor. Checkmk Agent has a security vulnerability. An attacker can elevate privileges by manipulating unixcat...

8.8CVSS7.4AI score0.0023EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.30 views

Jenkins Plugin TestQuality Updater 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.5CVSS5.7AI score0.00203EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.30 views

Jenkins Plugin TestComplete support 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

9.8CVSS8.4AI score0.01215EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/18 12:0 a.m.30 views

kapetan DNS 安全漏洞

kapetan DNS is a DNS library. A security vulnerability exists in kapetan DNS 6.1.0 and earlier, which stems from some unknown functionality in its DNS/Protocol/Request.cs file that results in insufficient entropy in prng...

9.8CVSS8.2AI score0.0075EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/10/18 12:0 a.m.30 views

Apache Dubbo 代码问题漏洞

Apache Dubbo is a microservice development framework that provides two key capabilities for RPC communication and microservice governance.Apache Dubbo Hession is vulnerable to deserialization, which can be exploited by attackers to execute arbitrary code on the target server...

9.8CVSS7.8AI score0.02351EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/06 12:0 a.m.30 views

MyBB 注入漏洞

MyBB MyBulletinBoard is a free and web-based forum software developed by MYBB team using PHP and MySQL. The software is easy to use, supports multiple languages, and is extensible.MyBB is vulnerable to a command injection vulnerability that originates from the additional parameter Mail Settings ?...

7.2CVSS8.4AI score0.02155EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.30 views

Sensio Labs Twig 路径遍历漏洞

Sensio Labs Twig is a PHP templating engine from Sensio Labs, France, which supports custom tags and filters and creates DSLs. A path traversal vulnerability exists in Sensio Labs Twig 1.0.0 and later, versions prior to 1.44.7, 2.0.0 and later, versions prior to 2.15.3, and 3.0.0 and later,...

7.5CVSS6.7AI score0.01557EPSS
Exploits0References17
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.30 views

Rocket.Chat SQL注入漏洞

Rocket.Chat, an open source team chat software, is vulnerable to SQL injection, which stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit the vulnerability to retrieve a reset password token via 2fa secret or 2fa secret...

8.8CVSS7.5AI score0.01088EPSS
Exploits1References2
Total number of security vulnerabilities5000