Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/02/17 12:0 a.m.24 views

Containous Traefik 信任管理问题漏洞

Containous Traefik is a reverse proxy and load balancer from Containous, U.S. Containous Traefik is vulnerable to a trust management issue that stems from the fact that when a request is sent using an FQDN processed by a router configured with a dedicated TLS configuration, the TLS configuration...

7.5CVSS5.5AI score0.01714EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/02/11 12:0 a.m.24 views

Schneider Electric 多款产品信息泄露漏洞

Schneider Electric Modicon Quantum is a large programmable logic controller PLC for process applications, high availability and safety solutions. Schneider Electric Modicon M340 is a medium-range PLC programmable logic controller for industrial processes and infrastructure. An information...

7.5CVSS5.6AI score0.00954EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.24 views

Red Hat Undertow 资源管理错误漏洞

Red Hat Undertow is a Java-based embedded web server from Red Hat and is the default web server for Wildfly Java Application Server. A resource management error vulnerability exists in Red Hat Undertow that stems from the product triggering a client-side call timeout for certain calls made over...

7.5CVSS7.2AI score0.01287EPSS
Exploits0References14
CNNVD
CNNVD
added 2021/11/19 12:0 a.m.24 views

Dell Emc Secure Connect Gateway 日志信息泄露漏洞

Dell Emc Secure Connect Gateway Dell Emc Scg is a secure connectivity gateway from Dell, Inc. The vulnerability can be exploited to read sensitive information...

7.8CVSS5.5AI score0.00243EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/11/03 12:0 a.m.24 views

json-pointer 安全漏洞

Json-Pointer is an open source, Rfc 6901 described by Manuel Stofer, a Swiss individual developer of some utilities for Json pointers. json-pointer has a security vulnerability that stems from improper design or implementation during the code development of a web-based system or product. No...

9.8CVSS5.6AI score0.01813EPSS
Exploits1References6
CNNVD
CNNVD
added 2021/10/28 12:0 a.m.24 views

Netgear NETGEAR R6260 缓冲区错误漏洞

NETGEAR R6260 is a router from Netgear, Inc. NETGEAR R6260 routers is vulnerable because the setupwizard.cgi page fails to properly validate the length of data when parsing the SOAP LOGIN TOKEN environment variable. An attacker could exploit this vulnerability to execute arbitrary code on an...

8.8CVSS6.2AI score0.01372EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/10/11 12:0 a.m.24 views

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Frontend Uploader prior to version 1.3.2, which stems from the fact that the plugin does not prevent the uploading of HTML files, e.g., it allows unauthenticate...

6.1CVSS6AI score0.26379EPSS
Exploits6References5
CNNVD
CNNVD
added 2021/10/07 12:0 a.m.24 views

Django 跨站脚本漏洞

Django is the Django Foundation's set of open source web application framework based on the Python language. The framework includes an object-oriented mapper, view system, template system, etc. Django's Unicorn framework in version 0.35.3 and earlier has a cross-site scripting vulnerability that...

5.4CVSS5.7AI score0.02524EPSS
Exploits4References5
CNNVD
CNNVD
added 2021/09/13 12:0 a.m.24 views

Matrix 加密问题漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A cryptographic issue vulnerability exists in versions of Matrix Javascript SDK prior to 12.4.1, which stems from a logic error in a device's room key sharing functionality that results in insufficient...

5.9CVSS5.9AI score0.00662EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/07/14 12:0 a.m.24 views

Elements-IT HTTP Commander 跨站脚本漏洞

Elements-IT HTTP Commander is a server-hosted, web-based file management solution from Elements-IT Germany. It provides basic functionality for working with files creating, copying, deleting, etc. and many other additional features, such as integration with cloud services, online editing of Offic...

5.4CVSS5.6AI score0.00745EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/06/21 12:0 a.m.24 views

White Shark System 信息泄露漏洞

White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A website physical path disclosure vulnerability exis...

5.3CVSS5.4AI score0.00895EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/06/15 12:0 a.m.24 views

CLICK PLC CPU Modules 授权问题漏洞

CLICK PLC CPU Modules are Automation Direct's network devices A single CLICK CPU Module can be connected to up to 8 I/O modules to expand the amount of system I/O and meet the needs of a specific application. A security vulnerability exists in Automation Direct CLICK PLC CPU Modules that stems fr...

9.8CVSS8.1AI score0.0107EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/06/15 12:0 a.m.24 views

CLICK PLC CPU Modules 授权问题漏洞

CLICK PLC CPU Modules are Automation Direct's network devices A single CLICK CPU Module can be connected to up to 8 I/O modules to expand the amount of system I/O and meet the needs of a specific application. A security vulnerability exists in Automation Direct CLICK PLC CPU Modules that results ...

9.8CVSS8.2AI score0.0107EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/06/08 12:0 a.m.24 views

Zope 路径遍历漏洞

Zope is a set of object-oriented, open source web application servers written in the Python language from the Zope ZOPE community. Zope suffers from a path traversal vulnerability that stems from the fact that untrusted modules can be obtained indirectly through Python modules that can be used...

8.8CVSS7.8AI score0.01574EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/05/20 12:0 a.m.24 views

HP 多款产品缓冲区错误漏洞

The HP Color LaserJet Pro M280-M281 is a printer from Hewlett-Packard HP in the United States. A buffer error vulnerability exists in several HP products, which stems from a potential buffer overflow in a software driver that could result in privilege escalation. The following products and versio...

7.8CVSS7.8AI score0.02902EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/05/17 12:0 a.m.24 views

Travis Ralston matrix-react-sdk 代码问题漏洞

Travis Ralston matrix-react-sdk is an open source application by Travis Ralston. Used to insert the Matrix chat/voice client into a web page. A code issue vulnerability exists in Matrix-React-SDK that arises from an improperly designed or implemented code development process for a web system or...

7.8CVSS7.4AI score0.00373EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/05/05 12:0 a.m.24 views

Supsystic WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

6.1CVSS5.9AI score0.18165EPSS
Exploits5References5
CNNVD
CNNVD
added 2021/04/06 12:0 a.m.24 views

Aleksa Sarai umoci modifies Open Container images 输入验证错误漏洞

Aleksa Sarai umoci modifies Open Container images is an open source application from Aleksa Sarai, a reference implementation of the OCI image specification that provides users with the ability to create, manipulate, and interact with container images. A security vulnerability exists in Open...

5.5CVSS6.6AI score0.00344EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/03/30 12:0 a.m.24 views

Npm netmask 代码问题漏洞

nodejs is a JavaScript runtime environment based on the ChromeV8 engine through the Chromev8 engine for the packaging and the use of event-driven and non-blocking IO applications so that the development of high-performance Javascript background applications has become possible . Node.js netmask...

9.1CVSS5.5AI score0.16356EPSS
Exploits1References14
CNNVD
CNNVD
added 2021/02/18 12:0 a.m.24 views

Askey RTF8115VW Cross-Site Scripting Vulnerability

Askey RTF8115VW is an application from Askey China. Provides the most stable broadband connection source to bring super-fast speeds to all types of users. A cross-site scripting vulnerability exists in Askey RTF8115VW. The vulnerability stems from cgi-bin/teaccesorouter.cgi curWebPage missing...

6.1CVSS6.2AI score0.01229EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/02/18 12:0 a.m.24 views

Prismjs Security Vulnerability

Prism is an application from the US-based individual developers of Prism. It is a lightweight, extensible syntax highlighting tool. A security vulnerability exists in Prismjs. The vulnerability stems from the application's susceptibility to a denial of service ReDoS attack triggered by a regular...

7.5CVSS7.1AI score0.03167EPSS
Exploits1References9
CNNVD
CNNVD
added 2021/02/07 12:0 a.m.24 views

OpenWrt Security Vulnerabilities

OpenWrt is a Linux operating system for embedded devices. A security vulnerability exists in OpenWrt 19.07.x before 19.07.7, which stems from the fact that when IPv6 is used, a routing loop may be created that generates excessive network traffic between an affected device and the router of its...

6.5CVSS6.6AI score0.00524EPSS
Exploits0References2
CNNVD
CNNVD
added 2020/12/21 12:0 a.m.24 views

MediaWiki 安全漏洞

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.1 and prior version...

7.5CVSS7AI score0.01082EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.23 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation for untrusted inputs in the Network component. It could allow remote...

5.3CVSS5.4AI score0.00227EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.23 views

Google Chrome 竞争条件问题漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a vulnerability due to race conditions in the Safe Browsing component. This vulnerability could allow remote attackers to execute a sandbox escape through malicious files after...

8.3CVSS5.6AI score0.00166EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.23 views

MIT Kerberos 数字错误漏洞

MIT krb5 is a network authentication protocol developed by the Massachusetts Institute of Technology in the United States. It operates on a client/server architecture, and both the client and server can perform identity authentication i.e., double verification, which helps prevent eavesdropping a...

5CVSS5.9AI score0.00261EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.23 views

VMware Spring Web Services 安全漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are security vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from...

3.7CVSS5.4AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.23 views

Kong Gateway Enterprise 环境问题漏洞

Kong Gateway Enterprise is an enterprise-level API gateway platform developed by Kong Corporation. Versions 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 of Kong Gateway Enterprise contain environmental issues vulnerabilities. These vulnerabilities stem from defects in the HTTP request processing pipelin...

7CVSS5.5AI score0.00253EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.23 views

WordPress plugin WP Logo Showcase Responsive Slider and Carousel 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS8.3AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.23 views

VMware Spring Web Services 授权问题漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. Versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services contain authorization vulnerabilities. These vulnerabilities stem from the...

5.4CVSS5.3AI score0.00148EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.23 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google, offering fast and secure web browsing features. Google Chrome has a vulnerability related to input validation, which stems from improper implementations in the DevTools component. Attackers can exploit this vulnerability to achieve sandbox escap...

8.3CVSS5.9AI score0.00229EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-25 contained security vulnerabilities. These vulnerabilities stemmed from providing invalid options...

4CVSS5.3AI score0.0011EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

WordPress plugin Yoast Duplicate Post 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.2AI score0.00141EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

kafka-python 资源管理错误漏洞

Kafka-Python is a distributed stream processing engine client library written entirely in Python by Dana Powers. Versions of Kafka-Python prior to 2.3.2 contained a resource management vulnerability. This vulnerability stemmed from the lack of verification of the iteration count during SCRAM...

8.7CVSS5.3AI score0.00517EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

Palo Alto Networks Prisma Access Agent 安全漏洞

Palo Alto Networks Prisma Access Agent is a zero-trust network access client agent developed by Palo Alto Networks. There is a security vulnerability in the Palo Alto Networks Prisma Access Agent for Linux, which stems from an issue related to privilege escalation. This vulnerability may allow...

8.5CVSS5.5AI score0.00109EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

Palo Alto Networks GlobalProtect app 日志信息泄露漏洞

The Palo Alto Networks GlobalProtect app is a network protection software developed by Palo Alto Networks. The GlobalProtect app for macOS has a vulnerability related to log information leakage. This vulnerability allows local users to obtain the configuration passwords necessary to disable,...

6.9CVSS5.3AI score0.00104EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

ESP-IDF 缓冲区错误漏洞

ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0 of ESP-IDF contain buffer error vulnerabilities, which stem from out-of-bounds reads in the BlueDroid AVRCP vendor-command parser...

4.6CVSS5.5AI score0.00228EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.5.0 contained a security vulnerability. This vulnerability occurred when processing RequestBatchSet messages that contained the hash of the genesis block, causing Policy::macroblockbefore to cra...

5.3CVSS5.3AI score0.00291EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.23 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...

5.4CVSS5.1AI score0.00307EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.23 views

Microsoft Office Sharepoint Server 跨站脚本漏洞

Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by the American company Microsoft. Microsoft Office SharePoint has a cross-site scripting vulnerability, which stems from improper input during the web page generation process. This...

5.4CVSS6.9AI score0.00505EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.23 views

Microsoft Windows Push Notifications 资源管理错误漏洞

Microsoft Windows Push Notifications is a push notification service provided by Microsoft Corporation. It provides a reliable way to deliver new updates. There are security vulnerabilities associated with Microsoft Windows Push Notifications. The following products and versions are affected:...

5.5CVSS5.8AI score0.00388EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.23 views

FreeSWITCH 输入验证错误漏洞

FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and short message-based products and applications. Prior to FreeSWITCH version 1.11.1, there was a...

9.1CVSS5.3AI score0.0031EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.23 views

Adobe ColdFusion 输入验证错误漏洞

Adobe ColdFusion is a rapid application development platform provided by Adobe Inc. This platform includes an integrated development environment and a scripting language. Versions of Adobe ColdFusion such as 2023.19, 2025.8, and earlier have code vulnerabilities. These vulnerabilities stem from...

7.4CVSS6AI score0.00406EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.23 views

Nextcloud Server 安全漏洞

NextCloud Server is an open-source NextCloud server program developed by NextCloud. There were security vulnerabilities in versions 32.0.0 to 32.0.9 and 33.0.0 to 33.0.3 of NextCloud Server. These vulnerabilities stemmed from improper authorization control in the calendar backend, allowing...

8.1CVSS5.3AI score0.00284EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.23 views

HP Poly Voice 安全漏洞

HP Poly Voice is a voice communication software developed by the American company Hewlett-Packard HP. There is a security vulnerability in HP Poly Voice, which stems from a buffer overflow issue when administrators enable interactive connection establishment. This vulnerability may lead to remote...

9.2CVSS6.3AI score0.24469EPSS
Exploits3References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.23 views

vLLM 安全漏洞

vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Version vLLM 0.14.1 contains a security vulnerability caused by the hardcoding of the trustremotecode=True parameter, which may lead to remote code execution...

8.8CVSS7.6AI score0.00747EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.23 views

Oracle Internet Procurement Connector 安全漏洞

The Oracle Internet Procurement Connector is a corporate procurement system integration and data exchange component developed by Oracle, a company in the United States. Versions 12.2.3 to 12.2.15 of the Oracle Internet Procurement Connector contain security vulnerabilities. These vulnerabilities...

9.1CVSS5.8AI score0.0033EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.23 views

GnuTLS 信任管理问题漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS. GnuTLS has a trust management vulnerability, which stems from the certificate verification process. Customized certificates may cause incorrect backtracking during the verification of the common name field,...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.23 views

PuTTY 安全漏洞

PuTTY is a suite of free Telnet, Rlogin and SSH client software from the individual developer Simon Tatham. The software is primarily used for remote administration of Linux systems. A security vulnerability exists in PuTTY versions prior to 0.84, which stems from an assertion failure in ECDSA...

3.7CVSS5.8AI score0.00274EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.23 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from an unchecked string length overflow. This vulnerability may lead to the return of...

3.3CVSS5.9AI score0.00114EPSS
Exploits0References5
Total number of security vulnerabilities5000