Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/05/21 12:0 a.m.23 views

Webmin 跨站脚本漏洞

Webmin is a set of web-based system management tools for Unix-like operating systems, developed by the Webmin community. Versions of Webmin prior to 2.641 contained a cross-site scripting vulnerability. This vulnerability stemmed from the email template description field in the System and Server...

5.4CVSS5.9AI score0.00168EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.23 views

MLflow 安全漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of mlflow prior to 3.11.0 contained a security vulnerability. This vulnerability stemmed...

7CVSS7.3AI score0.00193EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.23 views

protobuf.js 代码注入漏洞

protobuf.js is an open-source implementation of the Protocol Buffers protocol, written entirely in JavaScript. It supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions prior to 7.5.6 and 8.0.2 of protobuf.js h...

8.1CVSS5.8AI score0.00499EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.23 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.5CVSS5.8AI score0.00411EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.23 views

D-Link DNS-320 命令注入漏洞

The D-Link DNS-320 is a NAS Network Attached Storage device produced by D-Link Corporation. The D-Link DNS-320 version 2.06B01 has a command injection vulnerability. This vulnerability arises from functions such as delete, rename, copy, move, chmod, and chown in the file/cgi-bin/webfilemgr.cgi,...

7.2CVSS5.8AI score0.05587EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.23 views

OpenEXR 缓冲区错误漏洞

OpenEXR is an open standard for high dynamic range image HDR file format, open-sourced by the Academy Software Foundation. Versions of OpenEXR from 3.0.0 to 3.2.9, 3.3.0 to 3.3.11, and 3.4.0 to 3.4.11 contain a buffer error vulnerability. This vulnerability arises from the IDManifest::init...

9.1CVSS6AI score0.00354EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.23 views

EFM ipTIME C200 注入漏洞

EFM ipTIME C200 is a network camera device produced by the South Korean company EFM. The EFM ipTIME C200 models starting from version 1.092 and earlier have a vulnerability that stems from the sub408F90 function’s ApplyRestore endpoint, which processes the RestoreFile parameter. This vulnerabilit...

8.6CVSS7.1AI score0.02336EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.23 views

CodeCanyon Perfex CRM 注入漏洞

CodeCanyon Perfex CRM is a self-hosted customer relationship management software developed by CodeCanyon. Versions of CodeCanyon Perfex CRM 3.4.1 and earlier had a SQL injection vulnerability. This vulnerability stemmed from the operation of the Admin Kanban endpoint in the...

6.5CVSS6.7AI score0.00241EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.23 views

Assimp 资源管理错误漏洞

Assimp is an open-source library developed by Assimp. It is used for importing and exporting various 3D model formats. Version 6.0.2 of Assimp contains a resource management vulnerability. This vulnerability originates from the ParseVectorDataArray method in FBXParser.cpp, and it could allow a...

5.9CVSS5.8AI score0.00523EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.23 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the absence of a CAPNETADMIN capability check for the peer network namespace in the rtnlnewlink...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.23 views

wolfSSL(CyaSSL) 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. wolfSSL CyaSSL has security vulnerabilities; one of these vulnerabilities stems from heap out-of-bound reading during PKCS7 parsing,...

5.4CVSS5.8AI score0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.23 views

Emissary 跨站脚本漏洞

Emissary is a distributed P2P data-driven workflow framework developed by the National Security Agency. Versions of Emissary prior to 8.39.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Mustache navigation template directly inserting configured link values...

4.8CVSS5.7AI score0.00176EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.23 views

Claude Code CLI和Claude Agent SDK 操作系统命令注入漏洞

Claude Code CLI and Claude Agent SDK are both open-source products developed by Anthropic. Claude Code CLI is a command-line AI coding assistant tool. Claude Agent SDK is a developer toolkit for AI coding assistants. Both Claude Code CLI and Claude Agent SDK have operating system command injectio...

6.2AI score0.00596EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.23 views

RAGFlow 安全漏洞

RAGFlow is an open-source RAG engine based on deep document understanding, developed by InfiniFlow. Versions of RAGFlow prior to 0.24.0 contain security vulnerabilities. These vulnerabilities stem from the Agent’s Text Processing and Message components using the non-sandboxed jinja2.Template for...

8.8CVSS6.1AI score0.00386EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.23 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability arises from verified users with the UMA protection role being able to bypass UMA policy verification. This could allow attackers to include...

8.1CVSS5.8AI score0.00346EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.23 views

Netcore Power 15AX 操作系统命令注入漏洞

Netcore Power 15AX is a wireless router device produced by Netcore Corporation. Versions of Netcore Power 15AX starting with 3.0.0.6938 and earlier have a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter IpAddr in the...

9CVSS7.3AI score0.08263EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.23 views

Seafile Server 安全漏洞

Seafile Server is an open-source cloud storage server software developed by Seafile, offering features for file synchronization, sharing, and collaboration management. Versions of Seafile Server such as 13.0.15, 13.0.16-pro, 12.0.14, and earlier have security vulnerabilities. These vulnerabilitie...

8.7CVSS5.8AI score0.00278EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.23 views

WWBN AVideo 跨站请求伪造漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF token validation on the setPermission.json.php endpoint, which could...

8.8CVSS5.7AI score0.00172EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.23 views

VeryPDF PCL Converter 缓冲区错误漏洞

VeryPDF PCL Converter is a PDF encryption tool developed by VeryPDF Corporation. Version 2.7 of VeryPDF PCL Converter has a buffer overflow vulnerability. This vulnerability arises from entering excessively long strings into the password field. It is possible for local attackers to trigger a buff...

6.9CVSS6AI score0.00119EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.23 views

Node.js Adapter for Hono 安全漏洞

The Node.js Adapter for Hono is an open-source tool developed by Hono, designed to run Hono applications on Node.js. Versions of the Node.js Adapter for Hono prior to 1.19.10 contained a security vulnerability. This vulnerability stemmed from inconsistent URL decoding, which could allow access to...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.23 views

free5GC 代码问题漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC SMF 1.4.1 and earlier contain code vulnerabilities. These vulnerabilities arise from kernel crashes when processing malformed PFCP SessionReportRequest messages, which may lead to process...

8.7CVSS5.9AI score0.00302EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.23 views

Mersenne Research Prime95 安全漏洞

Mersenne Research Prime95 is an open-source software developed by Mersenne Research, running on Windows operating systems. Version 29.8 build 6 of Mersenne Research Prime95 contains a security vulnerability. This vulnerability stems from a buffer overflow in the user ID input field, which could...

9.8CVSS6.3AI score0.00453EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.23 views

OctoPrint security vulnerabilities

OctoPrint is an open-source application developed by OctoPrint. It provides a quick web interface for controlling consumer-grade 3D printers. Versions of OctoPrint prior to 1.11.5 have security vulnerabilities. These vulnerabilities stem from the use of character-based comparisons in API key...

6CVSS5.8AI score0.00475EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.23 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uninstall interrupt that may cause a null pointer dereference when the DPU controller is not used or was...

6.2AI score0.00175EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.23 views

WordPress plugin Request a Quote 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...

4.3CVSS6.5AI score0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.23 views

Windu CMS 跨站请求伪造漏洞

Windu CMS Windu CMS is a lightweight web content management system CMS from Windu. A cross-site request forgery vulnerability exists in Windu CMS version 4.1, which stems from insufficient cross-site request forgery protection and could lead to malicious file uploads...

6.8CVSS6.4AI score0.00154EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.23 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a mismatch in the return type of the netiucvtx function, which could lead to a kernel panic or thread...

6.1AI score0.00227EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.23 views

happy-dom 代码注入漏洞

happy-dom is a JavaScript implementation of a web browser without a graphical user interface by the individual developer David Ortner. A code injection vulnerability exists in happy-dom version 19 and earlier, which stems from insufficient isolation of the Node.js VM Context environment and could...

7.2CVSS7.8AI score0.00613EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.23 views

Newforma Project Center Server 安全漏洞

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An information disclosure vulnerability exists in Newforma Proje...

6CVSS5.9AI score0.00305EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/07 12:0 a.m.23 views

Nozomi Networks Guardian/CMC SQL注入漏洞

Nozomi Networks Guardian/CMC is a centralized management console from Nozomi Networks, Inc. in the United States. A SQL injection vulnerability exists in Nozomi Networks Guardian/CMC that stems from improper validation of input parameters in the Alert function, which could lead to an SQL injectio...

8.8CVSS7.7AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/18 12:0 a.m.23 views

WordPress plugin Chained Quiz 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.4AI score0.00855EPSS
Exploits2References7
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.23 views

Microsoft Windows SMB Server 授权问题漏洞

Microsoft Windows SMB Server is a network file sharing protocol from Microsoft USA. It allows applications on a computer to read and write files and request services from server programs on a computer network. An authorization issue vulnerability exists in Microsoft Windows SMB Server. An attacke...

9.8CVSS6.6AI score0.18834EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/09/06 12:0 a.m.23 views

itsourcecode POS Point of Sale System 代码注入漏洞

POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of the...

6.1CVSS4.4AI score0.00264EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.23 views

BoyunCMS 安全漏洞

BoyunCMS is an enterprise content management system from China Boyun Boyun Company. A security vulnerability exists in BoyunCMS 1.4.20 and earlier versions, which originates from improper handling of the parameter phone in the file application/update/controller/Server.php, which may lead to SQL...

9.8CVSS6.8AI score0.00302EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/25 12:0 a.m.23 views

Brother Industries Multiple driver installers for Windows 安全漏洞

Brother Industries Multiple driver installers for Windows is a driver software from Brother Industries, Japan. A security vulnerability exists in Brother Industries Multiple driver installers for Windows, which can be exploited by an unauthenticated attacker to generate a default administrator...

9.8CVSS8.3AI score0.23635EPSS
Exploits0References13
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.23 views

Kashipara Online Service Management Portal 安全漏洞

Kashipara Online Service Management Portal is an online service management portal from Kashipara. A security vulnerability exists in Kashipara Online Service Management Portal version V1.0, which stems from improper handling of the rPassword parameter in the /osms/Requester/Requesterchangepass.ph...

8.8CVSS7.6AI score0.00381EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.23 views

Fortinet多款产品 安全漏洞

Fortinet FortiOS and others are products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiWeb is a Web application layer firewall.Fortinet Fortinet FortiManager is a centralized network security management platfor...

7.5CVSS6.3AI score0.00481EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/03 12:0 a.m.23 views

WinRAR 安全漏洞

WinRAR is a file compressor from WinRAR. The product supports compression and decompression of files in RAR, ZIP, and other formats, among others. A security vulnerability exists in WinRAR versions prior to 7.11 that stems from a symbolic link bypassing the security warning feature, which could...

6.8CVSS7AI score0.01233EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/03 12:0 a.m.23 views

WordPress plugin Shopify to WooCommerce Migration 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS7AI score0.00361EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/12 12:0 a.m.23 views

SoftEther VPN 安全漏洞

SoftEther VPN is a free and open source, cross-platform, multi-protocol VPN software from SoftEther Open Source. It is used to provide secure, flexible and efficient network connectivity that bypasses geographic restrictions. A security vulnerability exists in SoftEther VPN version 5.02.5187, whi...

9.8CVSS6.7AI score0.00543EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.23 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a race condition in the reference counting handling of SRBs in the qla2xxx driver, which could result in a...

5.5CVSS5.8AI score0.00252EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/21 12:0 a.m.23 views

Loggrove 安全漏洞

Loggrove is a web platform service by olajowon individual developer. A security vulnerability exists in Loggrove version v.1.0, which originates from sensitive information that can be accessed via the read.py component...

8.2CVSS6.5AI score0.00386EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.23 views

Lenovo Vantage 安全漏洞

Lenovo Vantage is a computer management application from the Chinese company Lenovo Lenovo. The program supports features such as driver updates, device status diagnostics, and computer configuration. A security vulnerability exists in Lenovo Vantage, which stems from improper BIOS customization...

8.5CVSS6.4AI score0.00177EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/15 12:0 a.m.23 views

Amazon多款产品 信任管理问题漏洞

Amazon WorkSpaces and others are products of Amazon.com, Inc.Amazon WorkSpaces is a fully hosted, persistent desktop virtualization service that gives your users access to the data, applications, and resources they need, anytime, anywhere, from any supported device.Amazon AppStream is an...

7.7CVSS6.4AI score0.00494EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/19 12:0 a.m.23 views

Xen 安全漏洞

Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. A security vulnerability exists in Xen that stems from th...

5.5CVSS5.9AI score0.00294EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/11 12:0 a.m.23 views

WordPress plugin Notibar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.3CVSS8.4AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/08 12:0 a.m.23 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a potential error problem caused by misuse of the smpprocessorid function...

5.5CVSS6.5AI score0.00189EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/15 12:0 a.m.23 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in versions prior to Google Chrome 130.0.6723.58, which can be exploited by remote attackers to execute arbitrary code via a crafted HTML page...

8.8CVSS7.5AI score0.00413EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.23 views

SAP NetWeaver Enterprise Portal 跨站脚本漏洞

Backoffice for SAP Commerce Cloud is a user-centered, scalable back-end interface that allows business users to easily manage any type of data in SAP Commerce Cloud. A cross-site scripting vulnerability exists in SAP NetWeaver Enterprise Portal, which can be exploited by remote attackers to injec...

5.4CVSS6.2AI score0.00239EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.23 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab versions 17.1 through 17.1.7, 17.2...

3.5CVSS6.7AI score0.00383EPSS
Exploits0References3
Total number of security vulnerabilities5000