Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/10/17 12:0 a.m.27 views

Secuever reverseWall-MDS 授权问题漏洞

Secuever reverseWall-MDS is a device that connects to the reverseWall-MDS flow product from Secuever Korea. It is used to relay packets between other non-secure areas and existing secure areas. A security vulnerability exists in Secuever reverseWall-MDS that stems from insufficient user privilege...

9.8CVSS9.1AI score0.0089EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/16 12:0 a.m.27 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel. An attacker exploiting this vulnerability could cause a memory leak...

7.5CVSS6.6AI score0.00914EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.27 views

Bytebase 安全漏洞

Bytebase is an open source web-based, zero-configuration, dependency-free database schema change and version control management tool for DevOps teams.Bytebase versions 0.1.0 through 1.0.4 are vulnerable to an access control error that stems from unrestricted low privilege user access, which can b...

4.3CVSS6.8AI score0.00542EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.27 views

WordPress plugin Max Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS6.2AI score0.00424EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.27 views

WordPress plugin Migration, Backup, Staging 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in th...

4.9CVSS5.4AI score0.18147EPSS
Exploits3References5
CNNVD
CNNVD
added 2022/08/28 12:0 a.m.27 views

Pagekit 跨站脚本漏洞

Pagekit is a modular, lightweight CMS Content Management System. A security vulnerability exists in Pagekit CMS v1.0.18. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the Markdown text box under /blog/post/edit...

6.1CVSS6.8AI score0.00496EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/08/25 12:0 a.m.27 views

VTK 代码问题漏洞

VTK is an open source software system for image processing, 3D graphics, body drawing and visualization. VTK suffers from a code issue vulnerability that stems from its IO/Infovis/vtkXMLTreeReader.cxx component not checking the return value of the libxml2 API "xmlDocGetRootElement" and attempting...

7.5CVSS5.7AI score0.01066EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/08/18 12:0 a.m.27 views

InventoryManagementSystem SQL注入漏洞

InventoryManagementSystem is an inventory management system by Sajan Rajbhandari, an individual developer. It provides an easy way to track products, suppliers, customers, and purchasing and sales information. A SQL injection vulnerability exists in InventoryManagementSystem version 1.0, which...

9.8CVSS9AI score0.00716EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.27 views

Automation Broker apb 安全漏洞

apb is an Automation Broker open source CLI tool for listing and deploying service packs. A security vulnerability exists in Automation Broker apb container version 2.0.4-1, which stems from the container granting sudoer privileges to all users, allowing unauthorized users with access to the...

7.8CVSS7.3AI score0.00209EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/03 12:0 a.m.27 views

F5 BIG-IP 代码问题漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial-of-service vulnerability exists in the F5 BIG-IP DNS TMUI, which can be exploited by an authenticated attacker with ...

6.5CVSS5.7AI score0.00626EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/01 12:0 a.m.27 views

Google Android 竞争条件问题漏洞

Google Android is a Linux-based open source operating system from the American company Google Google. A security vulnerability exists in Google Android 10, 11, 12, 12L. An attacker exploiting the vulnerability could result in local elevation of privilege...

7CVSS7.1AI score0.00089EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.27 views

Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader is China Foxit Foxit company a PDF reader. Foxit PDF Reader suffers from a resource management error vulnerability that stems from a specific flaw in the handling of Doc objects, which can be exploited by an attacker to execute code in the context of the current process...

7.8CVSS5.9AI score0.01816EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/07/08 12:0 a.m.27 views

Known 跨站脚本漏洞

Known is a social publishing platform open-sourced by Known in the United States. A security vulnerability exists in Known v1.3.1 and below, which stems from an issue with the isSVG function that allows an attacker to execute arbitrary code via a crafted SVG file...

6.1CVSS6.8AI score0.01271EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/07/05 12:0 a.m.27 views

UltraJSON 资源管理错误漏洞

UltraJSON is an open source, ultra-fast JSON encoder and decoder written in pure C and bundled with Python 3.7+. A resource management error vulnerability exists in versions of UltraJSON prior to 5.4.0, which stems from an error when reallocating a buffer for string decoding, which could cause th...

5.9CVSS6.7AI score0.01682EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/06/29 12:0 a.m.27 views

TrueConf Server 跨站脚本漏洞

TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server is vulnerable to a cross-site scripting vulnerability that originates from unknown code in the file /admin/conferences/get-all-status/, with the parameter...

5.4CVSS5.6AI score0.00577EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/06/08 12:0 a.m.27 views

SialWeb CMS SQL注入漏洞

SialWeb CMS is a content management system from SialWeb Pakistan. SQL injection vulnerability exists in SialWeb CMS, which can be exploited by attackers to manipulate the parameter Id to cause sql injection...

8.8CVSS5.9AI score0.00727EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.27 views

Hashicorp Vault 安全漏洞

Hashicorp HashiCorp Vault is a private key access management tool from Hashicorp USA. A security vulnerability exists in HashiCorp Vault and Vault Enterprise versions 1.10.0 through 1.10.2, which stems from a misconfiguration and a forced MFA login after a server reboot...

5.3CVSS5.6AI score0.01126EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/05/16 12:0 a.m.27 views

WordPress plugin Fusion Builder 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Fusion Builders plugin versions prior to 3.6.2 contain an access control error vulnerability that...

9.8CVSS8.4AI score0.71722EPSS
Exploits6References4
CNNVD
CNNVD
added 2022/05/05 12:0 a.m.27 views

Gogs 跨站脚本漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service from the GOGS team that supports creating and migrating public/private repositories, adding and removing repository collaborators, and more. A security vulnerability exists in Gogs versions prior to 0.12.7, which stems from the la...

7.3CVSS6.8AI score0.00687EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/05/03 12:0 a.m.27 views

Fortinet FortiOS 信息泄露漏洞

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, Inc. Fortinet FortiOS is vulnerable to an information leakage vulnerability that results from excessive data output in server-generated error messages, which can be exploited by...

4.3CVSS5.3AI score0.00767EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.27 views

WordPress plugin Tatsu 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A file upload vulnerability...

8.1CVSS6.1AI score0.83232EPSS
Exploits9References9
CNNVD
CNNVD
added 2022/03/30 12:0 a.m.27 views

PHPSHE 安全漏洞

PHPSHE is a set of online shopping mall system of Lingbao Jane Good Network Technology Co. The system supports express tracking, online chat, order evaluation and statistics and other functions. A denial-of-service vulnerability exists in PHPSHE version V1.8, which originates from mishandling a...

7.5CVSS5.7AI score0.01054EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/03/09 12:0 a.m.27 views

Kofax Printix Secure Cloud Print Management 竞争条件问题漏洞

Kofax Printix Secure Cloud Print Management is a cloud-based print management software from Kofax USA that is flexible, scalable and easy to use. Manage and maintain complex print environments anytime, anywhere with all the modern printing features users and organizations need. A security...

9.3CVSS7.7AI score0.11011EPSS
Exploits4References10
CNNVD
CNNVD
added 2022/02/28 12:0 a.m.27 views

GitLab Enterprise Edition和GitLab Community Edition 授权问题漏洞

GitLab Enterprise Edition is a content management system, and GitLab Community Edition is a community edition of GitLab from GitLab, Inc. GitLab Enterprise Edition and GitLab Community Edition have an authorization issue vulnerability that arises from an application exporting too much data in the...

5.3CVSS7.4AI score0.80004EPSS
Exploits4References6
CNNVD
CNNVD
added 2021/12/24 12:0 a.m.27 views

Elgg 跨站脚本漏洞

Elgg is a set of open source social networking engine. The product blogs, file sharing, groups and other features. elgg has a cross-site scripting vulnerability, there are no details of the vulnerability provided...

9CVSS5.1AI score0.00697EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/12/09 12:0 a.m.27 views

Wecon Technologies LeviStudioU 缓冲区错误漏洞

Wecon Technologies LeviStudioU is a set of human-machine interface programming software from Wecon Technologies China. A security vulnerability exists in Wecon Technologies LeviStudioU, which can be exploited by attackers to execute code...

7.8CVSS7.4AI score0.02743EPSS
Exploits0References20
CNNVD
CNNVD
added 2021/12/02 12:0 a.m.27 views

Distributed Data Systems WebHmi 代码问题漏洞

Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. A file upload vulnerability...

10CVSS6.5AI score0.35804EPSS
Exploits5References9
CNNVD
CNNVD
added 2021/10/19 12:0 a.m.27 views

Oracle MySQL Cluster 输入验证错误漏洞

MySQL Cluster is a write-scalable, real-time, ACID-compatible transactional database designed to guarantee 99.999% availability. A security vulnerability exists in the Cluster: General component of MySQL Cluster 7.4.33, 7.5.23, 7.6.19, 8.0.26 and earlier versions. An attacker could exploit this...

6.3CVSS5.4AI score0.46751EPSS
Exploits0References9
CNNVD
CNNVD
added 2021/10/12 12:0 a.m.27 views

Siemens Ruggedcom Rox Mx5000 资源管理错误漏洞

ROX-based VPN endpoints and firewall appliances are used to connect devices that operate in harsh environments, such as electric utility substations and transportation control cabinets. A denial of service vulnerability exists in the Siemens RUGGEDCOM ROX devices, which originates from a dump cra...

7.8CVSS5.7AI score0.00947EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/10/12 12:0 a.m.27 views

Microsoft Word 代码注入漏洞

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS8.7AI score0.05692EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/06/22 12:0 a.m.27 views

Autodesk Design Review 缓冲区错误漏洞

Autodesk Design Review ADR is a suite of AutoCAD drawing software assist software from Autodesk, Inc. The software supports viewing, marking, measuring, printing, and tracking changes to 2D and 3D design files.Autodesk Design Review is vulnerable to a buffer overflow vulnerability, which could be...

7.8CVSS6.5AI score0.02208EPSS
Exploits0References12
CNNVD
CNNVD
added 2021/05/12 12:0 a.m.27 views

Citrix Systems Workspace App 安全漏洞

Citrix Systems Workspace App formerly known as Receiver is an application from Citrix Systems, Inc. that is used to provide secure access to applications, desktops and data. A security vulnerability exists in Citrix Workspace. The vulnerability could cause a local user to escalate their privilege...

7.8CVSS7.3AI score0.00239EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/03/15 12:0 a.m.27 views

MyBB 跨站脚本漏洞

MyBB is a free open source forum software. A cross-site scripting vulnerability exists in the parsing of messages in Nested Auto URLs in versions of MyBB prior to 1.8.26. No details of the vulnerability are provided at this time...

6.1CVSS5.2AI score0.05072EPSS
Exploits9References6
CNNVD
CNNVD
added 2020/12/15 12:0 a.m.27 views

Google Asylo Buffer Error Vulnerability

Google Asylo is a framework for developing trusted applications from Google Inc. in the United States. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation. A buffer error vulnerability exists in Google Asylo version 0.6.0 and...

7.8CVSS7.4AI score0.00139EPSS
Exploits0References2
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.27 views

fastadmin SQL Injection Vulnerability

fastadmin is a set of website backend development framework based on ThinkPHP and Bootstrap. A SQL injection vulnerability exists in fastadmin V1.0.0.20191212 beta, which stems from a malicious parameter that can be passed in the URL admin ajax for SQL injection when a user with administrator...

7.2CVSS7.1AI score0.00948EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.26 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability caused by an improper implementation in the Headless component. This vulnerability could allow remote attackers to execute a sandbox escape by exploiting a...

9.6CVSS5.6AI score0.00224EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.26 views

VMware Spring for GraphQL 访问控制错误漏洞

VMware Spring for GraphQL is a GraphQL application development framework provided by the American company VMware. Versions of VMware Spring for GraphQL such as 2.0.0 and earlier, 1.4.0 and earlier, 1.3.0 and earlier, as well as 1.0.0 and earlier, contain an access control vulnerability. This...

8.1CVSS5.7AI score0.00182EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.26 views

IBM Langflow 安全漏洞

IBM Langflow is a visual process orchestration tool developed by the American multinational company International Business Machines IBM. Versions 1.0.0 to 1.9.1 of IBM Langflow contain security vulnerabilities. These vulnerabilities stem from insecure direct object references, which could allow...

8.1CVSS5.4AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.26 views

Pipecat 路径遍历漏洞

Pipecat is an open-source development framework developed by Pipecat that supports real-time audio and video stream processing as well as AI-powered dialogue interactions. Versions of Pipecat from 0.0.90 to 1.2.0 contained a path traversal vulnerability. This vulnerability stemmed from path...

7.5CVSS8.3AI score0.00423EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.26 views

End-to-End Encryption App 安全漏洞

End-to-End Encryption App is an open-source end-to-end encryption client implementation by Nextcloud. Vulnerabilities exist in versions of End-to-End Encryption App between 1.15.0 and 1.15.4, 1.16.0 and 1.16.3, 1.17.0 and 1.17.1, and 1.18.0 and 1.18.1. These vulnerabilities stem from improper...

3.5CVSS5.3AI score0.00203EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.26 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after they were released in the network, which could allow remote attackers to execute...

8.8CVSS6.2AI score0.00301EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.26 views

Netatalk 安全漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.1.0 to 4.4.2 of Netatalk contain security vulnerabilities. These vulnerabilities stem from the use of bitwise OR operations...

3.7CVSS5.8AI score0.00329EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.26 views

WordPress plugin Slider Revolution 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS6.3AI score0.00815EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.26 views

EDK2 安全漏洞

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from a memory corruption when loading invalid firmware in the bootloader...

7.8CVSS6.7AI score0.00076EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.26 views

Microsoft Exchange Server 安全漏洞

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A spoofing vulnerability exists in Microsoft Exchange Server, which can be exploited by an attack...

5.3CVSS5.8AI score0.00836EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.26 views

Microsoft Exchange Server 输入验证错误漏洞

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A security vulnerability exists in Microsoft Exchange Server. An attacker could exploit the...

7.5CVSS6.3AI score0.01021EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.26 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a remote device sending an invalid connection request during a BT connectable LE scan, which could result in a transient denial of service...

6.5CVSS6.7AI score0.00113EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/04 12:0 a.m.26 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unchecked codairamalloc return value that could lead to a null pointer dereference...

4.9AI score0.00149EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.26 views

WordPress plugin RestroPress 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...

9.8CVSS6.1AI score0.02196EPSS
Exploits6References2
CNNVD
CNNVD
added 2025/09/29 12:0 a.m.26 views

IBM InfoSphere Information Server 操作系统命令注入漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An operating system command injection vulnerability exists in IBM InfoSphere Information Server...

8.8CVSS7AI score0.00417EPSS
Exploits0References1
Total number of security vulnerabilities5000