Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2025/10/21 12:0 a.m.56 views

MediaWiki - Wikistories 安全漏洞

MediaWiki - Wikistories is a MediaWiki open source extension for creating visual stories. A security vulnerability exists in Mediawiki - Wikistories versions prior to 1.44 that stems from improper input neutralization and could lead to a stored cross-site scripting attack...

6.9CVSS5.7AI score0.00311EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/15 12:0 a.m.56 views

Mechrevo Control Center GX V2 安全漏洞

Mechrevo Control Center GX V2 is a system level control software from China-based Mechrevo. A security vulnerability exists in Mechrevo Control Center GX V2 version 5.56.51.48, which originates from an uncontrolled search path in the component reg File Handler...

7.3CVSS6.8AI score0.00151EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.56 views

WordPress plugin Computer Repair Shop 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in t...

10CVSS8.3AI score0.01794EPSS
Exploits4References1
CNNVD
CNNVD
added 2024/10/22 12:0 a.m.56 views

Mitsubishi Electric MC Works64和Mitsubishi Electric GENESIS64 安全漏洞

Mitsubishi Electric MC Works64 and Mitsubishi Electric GENESIS64 are both products of Mitsubishi Electric Corporation Mitsubishi Electric, Japan.Mitsubishi Electric MC Works64 is a data acquisition and monitoring system Mitsubishi Electric GENESIS64 is a SCADA kit. A security vulnerability exists...

7.8CVSS6.9AI score0.00193EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.56 views

WordPress plugin CodeBard s Patron Button and Widgets for Patreon 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress plugin CodeBard ...

7.1CVSS6AI score0.0033EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.56 views

Pydantic 安全漏洞

Pydantic is a library in the Pydantic open source. Data validation can be performed using Python type hints. A security vulnerability exists in Pydantic versions prior to 2.4.0, 1.10.13, which stems from a vulnerability that allows remote attackers to cause a denial of service via a crafted email...

7.5CVSS5.7AI score0.00949EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.56 views

GeoServer 代码问题漏洞

GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. GeoServer suffers from a server-side request forgery vulnerability that stems from the fact that the OGC Web Processing Service WPS specification is designed to process information from an...

9.8CVSS6.6AI score0.67715EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/31 12:0 a.m.56 views

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ versions prior to 3.1.14, which stems from the presence of a stored cross-site scripting XSS vulnerability...

6.1CVSS5.9AI score0.00521EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/09 12:0 a.m.56 views

Red Hat Keycloak 代码问题漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak offlineaccess, which stems from a lack of root session authentication and reuse of session...

6.8CVSS6.4AI score0.00952EPSS
Exploits0References16
CNNVD
CNNVD
added 2022/08/23 12:0 a.m.56 views

Teleport 操作系统命令注入漏洞

Teleport is an identity-aware, multi-protocol access agent from Teleport, Inc. for engineers and security professionals to unify access to SSH servers, Kubernetes clusters, web applications and databases across all environments. Teleport version 9.3.6 suffers from an operating system command...

8.8CVSS6.3AI score0.49476EPSS
Exploits6References9
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.56 views

parse-url 跨站脚本漏洞

parse-url is an advanced url parser with git url support. A cross-site scripting vulnerability exists in parse-url versions prior to 7.0.0, which stems from a last fix can be bypassed and can be exploited by an attacker to place any malicious JS code on a web page...

9.1CVSS5.6AI score0.00857EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/05/31 12:0 a.m.56 views

Vapor 输入验证错误漏洞

Vapor is vapor individual developers of a Swift web development framework. It can be used to develop high-performance web applications and supports iOS, OS X and Ubuntu systems. An input validation error vulnerability exists in Vapor versions prior to 4.60.3, which stems from an integer overflow...

7.5CVSS7.3AI score0.0189EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.56 views

Django SQL注入漏洞

Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2.28 before version 2.2, version 3.2.13 before version 3.2, and version 4.0.4 before...

9.8CVSS8.5AI score0.18516EPSS
Exploits3References24
CNNVD
CNNVD
added 2021/12/27 12:0 a.m.56 views

Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer error vulnerability exists in Rust nix crate versions prior to 0.20.2,0.21.2 prior to 0.21.x, and 0.22.2 prior to 0.22.x, which stems from an out-of-bounds write to Unistd::getgrouplist...

9.8CVSS8.4AI score0.0165EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.55 views

Captcha Protect 跨站脚本漏洞

Captcha Protect is an open-source middleware for CAPTCHA protection developed by libops, based on traffic detection. Versions of Captcha Protect prior to 1.12.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the challenge page accepting target values provided by...

6.1CVSS5.8AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/27 12:0 a.m.55 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from insufficient validation of code exchange tokens, which could lead to account takeover. The following versions are affected: version 11.0.2...

9.9CVSS6.6AI score0.0031EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.55 views

Intel Neural Compressor 安全漏洞

Intel Neural Compressor is an open source project from Intel Corporation USA designed to help developers easily optimize AI models. A security vulnerability exists in Intel Neural Compressor versions prior to v3.0 that stems from an improper neutralization of special elements used in SQL commands...

7.3CVSS7.1AI score0.00227EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.55 views

Simple Customer Relationship Management 安全漏洞

Simple Customer Relationship Management Simple CRM is a simple customer relationship management system by the individual developer Carlo Montero. A security vulnerability exists in Simple Customer Relationship Management System v1.0, which stems from a cross-site scripting vulnerability that allo...

5.4CVSS6.3AI score0.00639EPSS
Exploits3References5
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.55 views

WordPress plugin The All-In-One Security 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

5.3CVSS5.7AI score0.00658EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/01/17 12:0 a.m.55 views

L-Soft LISTSERV 跨站脚本漏洞

L-Soft LISTSERV is a suite of e-mail list management software from L-Soft. A cross-site scripting vulnerability exists in LISTSERV version 17, which stems from a cross-site scripting XSS vulnerability in the web interface. An attacker can exploit this vulnerability to inject arbitrary JavaScript ...

6.1CVSS6.2AI score0.06314EPSS
Exploits4References6
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.55 views

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from a segmentation error that occurs if QuantizedAdd is given a tensor of non-zero rank mininput or maxinput. An attacke...

7.5CVSS6.6AI score0.00409EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.55 views

Jenkins Plugin Request Rename Or Delete 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site request forgery vulnerability...

4.3CVSS5.5AI score0.00454EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.55 views

SAP Knowledge Warehouse 跨站脚本漏洞

SAP Business Information Warehouse SAP BW is a data warehouse for collecting and tabulating information in an enterprise environment from SAP Germany. The software is an enterprise-wide information center for data analysis from R / 3 and other business applications, including databases and extern...

6.1CVSS7.2AI score0.22318EPSS
Exploits3References8
CNNVD
CNNVD
added 2020/12/09 12:0 a.m.55 views

Matrix Synapse 资源管理错误漏洞

Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. Matrix Synapse suffers from a security vulnerability that stems from the fact that a malicious or poorly implemented host server can inject malformed events by specifying different room ids in the pa...

6.5CVSS6.9AI score0.02363EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.54 views

algernon 路径遍历漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.6 contained a path traversal vulnerability. This vulnerability stemmed from the uploadedFileSaveIn function in lua/upload/upload.go, which used filepath.Join to concatenate the directory provided by the...

8.7CVSS5.8AI score0.00344EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.54 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an asynchronous request that can bypass antiviolate protections, potentially leading to a dictionary attack...

3.7CVSS4.5AI score0.00433EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/18 12:0 a.m.54 views

GPAC 安全漏洞

GPAC is an open source multimedia framework from GPAC Open Source. A security vulnerability exists in GPAC 2.4 and earlier versions, which stems from a null pointer dereference due to incorrect manipulation of the parameter baseiniturl in the file src/mediatools/dashclient.c. The vulnerability is...

6.9CVSS5.2AI score0.00871EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.54 views

Matrix Rust SDK SQL注入漏洞

Matrix Rust SDK is an open source Rust-based Matrix client server development toolkit from The Matrix.org Foundation. A SQL injection vulnerability exists in Matrix Rust SDK versions 0.11 and 0.12, which stems from SQL injection in the EventCache::findeventwithrelations method, and could lead to...

7.7CVSS7.7AI score0.00254EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.54 views

Microsoft Configuration Manager SQL注入漏洞

Microsoft Configuration Manager is a Microsoft solution for managing computers and servers within an organization that helps IT departments keep software up to date, set configuration and security policies, and monitor system status. A SQL injection vulnerability exists in Microsoft Configuration...

8CVSS7.6AI score0.0204EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/18 12:0 a.m.54 views

FreeFloat FTP Server 安全漏洞

FreeFloat FTP Server is an FTP service from Freefloat. A buffer overflow vulnerability exists in FreeFloat FTP Server, which stems from the component CD Command Handler failing to properly validate the length size of input data, no details of the vulnerability are provided at this time...

9.8CVSS7.3AI score0.00588EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.54 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the thermal core error handling device registration...

5.5CVSS5.1AI score0.00188EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/21 12:0 a.m.54 views

WordPress plugin Shortcodes and extra features for Phlox theme 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

6.4CVSS7.7AI score0.00245EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/22 12:0 a.m.54 views

Liferay Portal 跨站请求伪造漏洞

Liferay Portal is a J2EE-based portal solution from Liferay USA. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and so on. A security vulnerability exists in Liferay Portal,...

9.6CVSS6.5AI score0.00218EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.54 views

PuTTY 安全漏洞

PuTTY is a suite of free Telnet, Rlogin, and SSH client software from the individual developer Simon Tatham. The software is primarily used for remote administration of Linux systems. A security vulnerability exists in PuTTY versions 0.68 through 0.80, which stems from the presence of biased rand...

5.9CVSS7.6AI score0.05773EPSS
Exploits0References17
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.54 views

编号撤回

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. This CVE number has...

6.5CVSS8.2AI score0.00427EPSS
Exploits3References5
CNNVD
CNNVD
added 2022/12/14 12:0 a.m.54 views

Red Hat Undertow 安全漏洞

Red Hat Undertow is a Java-based embedded web server from Red Hat, Inc. and is the default web server for Wildfly Java Application Server. A security vulnerability exists in Red Hat Undertow that stems from not checking the server identity in https connections...

7.5CVSS7.2AI score0.00596EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/11/01 12:0 a.m.54 views

Bento4 安全漏洞

Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in Bento4, which stems from an unknown function in its mp4mux component that allows an attacker to implement a memory leak. The attack method is publicly available and can be initiated remotely...

6.5CVSS6.4AI score0.00771EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.54 views

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google. Google TensorFlow has a security vulnerability that stems from the fact that the implementation of Conv2DBackpropInput requires inputsizes to be 4-dimensional. Otherwise, it gives an assertion failu...

7.5CVSS7.4AI score0.00383EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/01 12:0 a.m.54 views

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A SQL injection vulnerability exists in PrestaShop versions 1.6.0.10 through 1.7.8.6, which stems from a...

9.8CVSS8.4AI score0.0517EPSS
Exploits2References4
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.54 views

Distributed Data Systems WebHmi 操作系统命令注入漏洞

Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used to monitor and control any automation system on a local network and over the Internet from computers and mobile devices. An operating system command injection...

9.1CVSS8.6AI score0.01122EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.54 views

WordPress plugin Admin Word Count Column路径遍历漏洞

WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. PHP is a scripting language that executes on the server side. WordPress plugin Admin An arbitrary file reading vulnerability exists in Word Count Column 2.2 and earlier versions, which...

9.8CVSS5.7AI score0.22133EPSS
Exploits2References4
CNNVD
CNNVD
added 2022/03/29 12:0 a.m.54 views

Omron CX-Position 缓冲区错误漏洞

Omron CX-Position is a position control software from Omron Corporation of Japan. An out-of-bounds write vulnerability exists in Omron CX-Position, which stems from a failure to properly validate data when a program performs an operation in memory while processing a specific project file, and cou...

7.8CVSS6.2AI score0.01409EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.53 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.14 had code vulnerabilities related to command hijacking. Attackers could execute unintended binary files by manipulating the PATH environment variable, potentially leading to arbitrary command...

8.8CVSS6.1AI score0.00465EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.53 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which stems from improper input validation of the loadDescription function in DeviceAdminInfo.java, and can be exploited by an attacker to cause a local elevation of...

9.8CVSS5.8AI score0.00192EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.53 views

MingSoft MCMS 安全漏洞

MingSoft MCMS is a modular content management framework developed by MingSoft Corporation in China. Version 6.1.1 of MingSoft MCMS contains a security vulnerability, which stems from incorrect handling of the File parameter in the file/ms/file/uploadTemplate.do file. This vulnerability could lead...

7.2CVSS5.9AI score0.00362EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.53 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memory leak in the ubifssysfsinit function...

5.5CVSS6.2AI score0.00143EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.53 views

Zyxel USG FLEX 安全漏洞

Zyxel USG FLEX is a firewall from China Hopkins Zyxel. Offering flexible VPN options IPsec, SSL or L2TP, it provides flexible and secure remote access for remote work and management. A security vulnerability exists in Zyxel USG FLEX versions prior to V1.32, which stems from improper assignment of...

7.8CVSS6.7AI score0.0093EPSS
Exploits2References3
CNNVD
CNNVD
added 2024/06/05 12:0 a.m.53 views

WordPress plugin GP Premium 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS6AI score0.00637EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/15 12:0 a.m.53 views

Microsoft Office OneNote 安全漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and others. A security vulnerability exists in Microsoft Office OneNote, which stems from the presence o...

5.4CVSS5.6AI score0.00423EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/10 12:0 a.m.53 views

Wasmtime 缓冲区错误漏洞

Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. A security vulnerability exists in versions of Wasmtime prior to 2.0.2, which stems from out-of-bounds reads and writes in its zero-memory page configuration...

7.4CVSS7.2AI score0.00577EPSS
Exploits0References4
Total number of security vulnerabilities5000