Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2024/10/29 12:0 a.m.61 views

CyberPanel 安全漏洞

CyberPanel is a web hosting control panel with built-in DNS and email servers by Usman Nasir, an individual developer. CyberPanel has a security vulnerability that originates from upgrademysqlstatus in databases/views.py that allows remote attackers to bypass authentication and execute arbitrary...

10CVSS9.7AI score0.86725EPSS
Exploits7References7
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.61 views

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved Security Vulnerabilities

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, Inc.Juniper Networks Junos OS is a network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper...

8.7CVSS6.7AI score0.00466EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/18 12:0 a.m.61 views

WordPress Plugin JetElements Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site request forge...

8.8CVSS6.5AI score0.00237EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/15 12:0 a.m.61 views

Jenkins Plugin Associated Files 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site scripting...

5.4CVSS5.5AI score0.00589EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.61 views

Broadcom Brocade SANnav 安全漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A security vulnerability exists in Broadcom Brocade SANnav versions v2.2.0.2 and v2.1.1.8, which originates from logging the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.l...

6.5CVSS6.5AI score0.00619EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.60 views

BACnet Stack 缓冲区错误漏洞

BACnet Stack is an open-source protocol stack for BACnet, designed to work on embedded systems, Linux, MacOS, BSD, and Windows. Versions prior to BACnet Stack 1.4.3 contained a buffer error vulnerability. This vulnerability stems from a out-of-bounds read vulnerability in the ReadPropertyMultiple...

8.7CVSS6AI score0.00415EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.60 views

Mastodon 代码问题漏洞

Mastodon is an open-source social networking server based on ActivityPub, developed by Mastodon. There are code vulnerabilities in versions 4.4.0 to 4.4.13 and 4.5.0 to 4.5.6 of Mastodon. These vulnerabilities allow unverified attackers to register a FASP with a baseurl pointing to a local intern...

8.2CVSS5.9AI score0.0027EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.60 views

WordPress plugin WP Attachments 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.4CVSS6.6AI score0.0017EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.60 views

Rocketsoft Rocket LMS 跨站脚本漏洞

RocketSoft Rocket LMS is a full-featured Learning Management System from RocketSoft, Inc. A security vulnerability exists in Rocketsoft Rocket LMS version 1.9 that stems from the presence of a cross-site scripting XSS vulnerability that allows administrators to store JavaScript payloads using the...

4.8CVSS4.7AI score0.00762EPSS
Exploits4References4
CNNVD
CNNVD
added 2022/11/22 12:0 a.m.60 views

Quarkus 代码注入漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus versions prior to 2.13.5, 2.14.0 and later, and prior to 2.14.2. An attacker can exploit the vulnerability to remotely execute code...

9.8CVSS6.9AI score0.32516EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.60 views

ruby-arr-pm 操作系统命令注入漏洞

ruby-arr-fpm is an RPM read/write library written in Ruby by the individual developer Jordan Sissel. It is intended to provide a way for fpm to read and write RPMs. A security vulnerability exists in ruby-arr-pm version 0.0.11 and earlier. An attacker could use this vulnerability to execute shell...

7.8CVSS7.5AI score0.01628EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/05/27 12:0 a.m.60 views

Rocket.Chat 信息泄露漏洞

Rocket.Chat is an open source team chat software. Chat suffers from an information disclosure vulnerability that can lead to the disclosure of email addresses...

7.5CVSS7.3AI score0.01864EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.59 views

WordPress plugin Nutrie 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

9.9CVSS5.8AI score0.00434EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.59 views

valkey-bloom 输入验证错误漏洞

Valkey-Bloom is a Valkey open-source module. Valkey-Bloom has a vulnerability related to input validation errors. This vulnerability arises from the lack of a flag to handle RDB parsing errors, which may allow a specially crafted RESTORE command to trigger an assertion that causes the server to...

7.5CVSS5.8AI score0.00257EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/01 12:0 a.m.59 views

webfinger.js 代码问题漏洞

webfinger.js is a client-side library for querying WebFinger records by the individual developer Nick Jennings. A code issue vulnerability exists in webfinger.js version 2.8.0 and earlier, which stems from not blocking localhost access and could lead to a blind SSRF attack...

6.9CVSS6.6AI score0.006EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.59 views

Microsoft Windows Kernel 信息泄露漏洞

Microsoft Windows Kernel is the kernel of the Windows operating system from Microsoft Corporation USA. An information disclosure vulnerability exists in Microsoft Windows Kernel. An attacker could exploit this vulnerability to obtain sensitive information. The following products and versions are...

5.5CVSS5.5AI score0.00485EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/25 12:0 a.m.59 views

Progress Software MOVEit Transfer Security Vulnerability

Progress Software MOVEit Transfer is a suite of automated file transfer software from Progress Software, USA. The software supports file transfer and provides file transfer activity monitoring. A security vulnerability exists in Progress Software MOVEit Transfer that stems from an incorrect...

9.8CVSS6.8AI score0.75812EPSS
Exploits3References2
CNNVD
CNNVD
added 2024/04/06 12:0 a.m.59 views

WordPress Plugin Element Pack Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.4CVSS7.9AI score0.00344EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/07 12:0 a.m.59 views

rust-libp2p 资源管理错误漏洞

rust-libp2p is a Rust implementation of the libp2p network stack from the libp2p open source. A security vulnerability exists in versions prior to rust-libp2p v0.45.1 , which can be exploited by an attacker to cause a victim node to allocate a large number of small memory blocks , eventually...

7.5CVSS7.3AI score0.00689EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/25 12:0 a.m.59 views

CRI-O 安全漏洞

CRI-O is a lightweight container runtime environment for the Kubernetes system. CRI-O suffers from a security vulnerability that stems from the fact that if an attacker has direct access to an affected container where a supplemental group is used to set access permissions and is able to execute...

7.1CVSS5.8AI score0.0037EPSS
Exploits1References8
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.59 views

Canonical Apport 安全漏洞

Canonical Apport is a toolkit from Canonical UK for collecting and feeding back error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Canonical Apport that stems from a system where Apport does not disable the python cras...

5.5CVSS6.1AI score0.00199EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/05/05 12:0 a.m.59 views

Matrix matrix-appservice-irc 注入漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. An injection vulnerability exists in Matrix matrix-appservice-irc version 0.33.1 and...

8.8CVSS7.9AI score0.00938EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/07 12:0 a.m.59 views

WordPress和WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Loco Translate plugin version prior to 2.6.1 has a cross-site scripting vulnerability, which can be exploited by attackers t...

5.4CVSS5.3AI score0.03932EPSS
Exploits4References3
CNNVD
CNNVD
added 2021/01/20 12:0 a.m.59 views

Reolink devices information disclosure vulnerability

An information disclosure vulnerability exists in Reolink devices, which can be exploited by attackers to access sensitive information...

7.5CVSS7.1AI score0.00986EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/01/13 12:0 a.m.59 views

Multiple Cisco Products Security Vulnerabilities

The Cisco RV110W, among others, is a router from Cisco USA. A security vulnerability exists in a number of Cisco products and stems from a flaw in the detection algorithm. The vulnerability can be exploited by an attacker to bypass configured policies. The following products and versions are...

5.3CVSS5.8AI score0.02146EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.58 views

free5gc UDM 安全漏洞

free5gc UDM is a core network element of the open-source 5G mobile core network developed by free5GC. Versions of free5gc UDM prior to 1.4.1 contain security vulnerabilities. These vulnerabilities stem from the possibility for remote attackers to inject control characters into the ueId parameter,...

8.7CVSS5.8AI score0.00462EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.58 views

Snuffleupagus 安全漏洞

Snuffleupagus is a security module by Julien Voisin Personal Developer. A security vulnerability exists in Snuffleupagus versions prior to 0.13.0, which stems from a misconfiguration of the upload validation feature that could result in files in multipart POST requests being evaluated as PHP code...

9.8CVSS6.7AI score0.00657EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/06/20 12:0 a.m.58 views

Selea多款产品 安全漏洞

Selea Targa iZero and others are an optical character recognition camera for automatic license plate recognition from Selea, Italy. A security vulnerability exists in several Selea products, which stems from the /common/getfile.php script that does not validate the file parameter, potentially...

9.3CVSS9AI score0.00715EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.58 views

IBM i 代码问题漏洞

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A code issue vulnerability exists in IBM i that stems from an unqualified library call that could lead to elevation of privilege. The following versions are affected:...

7.5CVSS6.6AI score0.00352EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.58 views

Microsoft Windows 后置链接漏洞

Microsoft Windows is a suite of operating systems used by Microsoft Corporation USA for personal devices. A backlink vulnerability exists in Microsoft Windows Recovery Driver. An attacker could exploit the vulnerability to elevate privileges. The following products and editions are affected:Windo...

7.3CVSS6.3AI score0.00595EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/08 12:0 a.m.58 views

Vitess 安全漏洞

Vitess is a database clustering system for horizontally scaling MySQL from Vitess. A security vulnerability exists in Vitess versions prior to 19.0.4, prior to 18.0.5, and prior to 17.0.7, which stems from a simple query that causes unlimited memory consumption when executed...

4.9CVSS4.9AI score0.00751EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/12/22 12:0 a.m.58 views

Nextcloud Authorization Issues Vulnerability

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An authorization issue vulnerability exists in versions prior to Nextcloud 4.9.2, which stems from a 4-digit PIN that does not need to be provided to allow...

4.3CVSS6.7AI score0.00288EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/10 12:0 a.m.58 views

CIRCL 安全漏洞

CIRCL is an open source collection of cryptographic primitives written in Go by Cloudflare. CIRCL has a security vulnerability that stems from the fact that the tkn20 and blindrsa components do not check whether a user-supplied random source returns sufficient randomness...

8.2CVSS6.3AI score0.00386EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.58 views

Siemens SCALANCE 安全漏洞

SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs. An OSPF packet handling vulnerability exists in the SIEMENS SCALANCE XM-400 and XR-500, which stems from the implementation of the OSPF protocol in the devic...

7.5CVSS5.7AI score0.00588EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.58 views

Canonical Apport 安全特征问题漏洞

Canonical Apport is a toolkit from Canonical UK for collecting and feeding back error messages information that the operating system finds useful when an application crashes. A security signature issue vulnerability exists in Canonical Apport that stems from incorrectly handling connections to...

7.8CVSS7.3AI score0.00228EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.58 views

Canonical Apport 竞争条件问题漏洞

Canonical Apport is a toolkit from Canonical UK that collects and feeds error messages information that the operating system considers useful when an application crashes. Canonical Apport suffers from a Competing Conditions Issue vulnerability that arises from Apport incorrectly detecting whether...

7.8CVSS7.8AI score0.00384EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.58 views

Canonical Apport 安全漏洞

Canonical Apport is a toolkit from Canonical UK that is used to collect and provide feedback on error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Canonical Apport that stems from not limiting the number of log entries...

5.5CVSS5.7AI score0.00252EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/06/24 12:0 a.m.58 views

Autodesk AutoCAD 缓冲区错误漏洞

Autodesk AutoCAD is a suite of professional 3D drawing software from Autodesk, Inc. Autodesk AutoCAD suffers from a buffer error vulnerability that stems from an arbitrary address write issue in the Autodesk DWG application. The vulnerability could allow a malicious attacker to exploit the...

7.8CVSS7.7AI score0.00876EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/09/13 12:0 a.m.57 views

WordPress plugin Triton Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00257EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.57 views

WordPress plugin Login rebuilder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

4.8CVSS6.3AI score0.00552EPSS
Exploits3References3
CNNVD
CNNVD
added 2023/01/13 12:0 a.m.57 views

Siemens Teamcenter Visualization 和 JT2Go 缓冲区错误漏洞

Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. Siemens JT2GO is a JT file viewer. Siemens Teamcenter Visualization and JT2Go are vulnerable to a stack buffer overflow vulnerability that could be exploited by an attacker...

7.8CVSS7.6AI score0.00472EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/08 12:0 a.m.57 views

WordPress Plugin Discy 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

4.9CVSS5.5AI score0.00764EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.57 views

Distributed Data Systems WebHmi 跨站脚本漏洞

Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used to monitor and control any automation system on a local network and over the Internet from computers and mobile devices. A cross-site scripting vulnerability exists in...

6.2CVSS4.9AI score0.00459EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/20 12:0 a.m.57 views

Gentics Software Gentics CMS 代码问题漏洞

Gentics Software Gentics CMS is a digital publishing and content management system from the Austrian company Gentics Software. A code issue vulnerability exists in Gentics CMS version 5.36.29, which can be exploited by an attacker to gain access to the RCE chain...

8.8CVSS8AI score0.01132EPSS
Exploits2References4
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.57 views

Canonical Apport 安全特征问题漏洞

Canonical Apport is a toolkit from Canonical UK for collecting and feeding back error messages information that the operating system finds useful when an application crashes. Canonical Apport suffers from a security signature issue vulnerability that stems from a system where Apport does not...

7.8CVSS7.7AI score0.00228EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/10/28 12:0 a.m.57 views

Spacewalk 代码注入漏洞

spacewalk is an open source Linux system administration solution. Spacewalk 2.10 suffers from a code injection vulnerability, no information about this vulnerability is available at this time, please stay tuned to CNNVD or vendor announcements...

9.3CVSS7.9AI score0.01741EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/10/18 12:0 a.m.57 views

ZTE MF971R LTE router 授权问题漏洞

The ZTE MF971R is a Cat 6 LTE mobile Wi-Fi router with download speeds up to 300mbps and upload speeds up to 50mbps.The ZTE MF971R is vulnerable to a Referer authentication bypass. An attacker can exploit the vulnerability by sending a click request to the user to perform an illegal authorized...

4.3CVSS5.6AI score0.55709EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.56 views

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables the implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure has...

4.8CVSS5.3AI score0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.56 views

systemd 安全漏洞

Systemd is a Linux-based system and service manager developed by Lennart Poettering of Germany. This product is compatible with SysV and LSB startup scripts, and it provides a framework for representing dependencies between system services. Prior to version 260, there was a security vulnerability...

6.4CVSS5.8AI score0.00072EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.56 views

Suricata security vulnerabilities

Suricata is a network IDS, IPS, and NSM engine developed by the Open Information Security Foundation. Vulnerabilities exist in versions of Suricata prior to 8.0.3 and 7.0.14. These vulnerabilities stem from the use of a stack buffer for storing data sets; if the data size is too large, it may lea...

9.8CVSS6AI score0.00467EPSS
Exploits0References8
Total number of security vulnerabilities5000