Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/06/09 12:0 a.m.22 views

Microsoft Windows Ancillary Function Driver for WinSock 竞争条件问题漏洞

The Microsoft Windows Ancillary Function Driver for WinSock is a compatibility issue driver developed by Microsoft for Winsock. This driver contains a vulnerability known as a race condition. Attackers can exploit this vulnerability to gain elevated privileges. The following products and versions...

7CVSS5.3AI score0.00179EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.22 views

Microsoft Windows Telephony Server 缓冲区错误漏洞

Microsoft Windows Telephony Server is a component of the American company Microsoft. It supports the Telephone Application Programming Interface TAPI, allowing computer programs to communicate with shared telephone services. There is a buffer error vulnerability present in Microsoft Windows...

5.5CVSS5.6AI score0.00388EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.22 views

DesDev DedeCMS 安全漏洞

DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation in China. It is built using PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Version 5.7.118 of DesDev DedeCMS contains a securit...

9.8CVSS5.5AI score0.00816EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.22 views

Microsoft Windows Ancillary Function Driver for WinSock 资源管理错误漏洞

The Microsoft Windows Ancillary Function Driver for WinSock is a accessibility driver for Winsock by Microsoft Corporation. The Microsoft Windows Ancillary Function Driver for WinSock has a resource management vulnerability that stems from reusing resources after they have been released. This...

7CVSS5.3AI score0.00234EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.22 views

Microsoft Office 缓冲区错误漏洞

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a code execution vulnerability in Microsoft Office, which is caused by improper...

7.8CVSS7.8AI score0.00457EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.22 views

image-size 资源管理错误漏洞

image-size is a lightweight image size retrieval tool developed by image-size. Versions of image-size from 1.1.0 to 1.2.1 and from 2.0.0 to 2.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the findBox function, which had a denial-of-service vulnerability when processin...

8.7CVSS5.9AI score0.0064EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.22 views

Huawei HarmonyOS 访问控制错误漏洞

Huawei HarmonyOS is a distributed operating system developed by Huawei Corporation. It is designed for comprehensive scenarios and primarily offers features such as cross-device collaboration, security protection, and intelligent services. There is an access control vulnerability in the package...

5.1CVSS5.9AI score0.00073EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.22 views

VMware Spring HATEOAS 访问控制错误漏洞

VMware Spring HATEOAS is a REST API hypermedia development framework provided by the American company VMware. Vulnerabilities in access control exist in versions 1.5.0 to 1.5.6, 2.3.0 to 2.3.4, 2.4.0 to 2.4.1, 2.5.0 to 2.5.2, and 3.0.0 to 3.0.3 of VMware Spring HATEOAS. This vulnerability stems...

7.5CVSS5.3AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.22 views

SAP Business Objects Business Intelligence Platform 访问控制错误漏洞

SAP Business Objects Business Intelligence Platform is a set of business intelligence software and enterprise performance solutions provided by the German company SAP. This product includes features such as report generation, analysis, and data visualization. There is an access control...

4.3CVSS5.4AI score0.00109EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.22 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow. The...

3.1CVSS5.3AI score0.00459EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.22 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure of the connection preparation in the mac80211 module. This failure results in the site not...

8.8CVSS5.8AI score0.00302EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.22 views

Synology DiskStation Manager(DSM) 代码问题漏洞

Synology DiskStation Manager DSM is an operating system developed by Synology Inc. It is used for managing data, files, photos, music, and other information on network storage servers. Versions of DSM prior to 7.2.2.6-72806-5 and 7.3.1.8-86003-1 contained code vulnerabilities. These vulnerabiliti...

8.1CVSS6.7AI score0.00533EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.22 views

BentoML 代码注入漏洞

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.39, there was a code injection vulnerability. This vulnerability stemmed from the envs.name value...

8.8CVSS5.9AI score0.00321EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.22 views

Delta Electronics DIAView 安全漏洞

Delta Electronics DIAView is an industrial configuration software developed by Delta Electronics in China. Delta Electronics DIAView has a security vulnerability, which stems from the possibility for unverified remote attackers to access the configured database...

9.8CVSS5.8AI score0.00053EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.22 views

Live555 安全漏洞

LIVE555 is a cross-platform C++ open-source project that provides solutions for streaming media. It supports standard streaming media transmission protocols such as RTP/RTCP, RTSP, and SIP. Versions of LIVE555 before 2026.04.22 had security vulnerabilities. These vulnerabilities stemmed from...

8.2CVSS5.8AI score0.00486EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.22 views

Akıllı E-Commerce Website SQL注入漏洞

Akıllı E-Commerce Website is an e-commerce website system developed by the Turkish company Akıllı, aimed at online retail and digital sales scenarios. Versions of Akıllı E-Commerce Website prior to 4.5.001 contained a SQL injection vulnerability. This vulnerability stemmed from improper...

9.8CVSS5.9AI score0.00358EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.22 views

HCL BigFix Service Management 安全漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. There is a security vulnerability in HCL BigFix Service Management. This vulnerability stems from the failure to remove EXIF metadata from uploaded images, which may lead t...

3.5CVSS5.8AI score0.00143EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.22 views

Paperclip 授权问题漏洞

Paperclip is an AI proxy orchestration tool developed by Paperclip Open Source. Versions of Paperclip prior to 2026.416.0 contained an authorization vulnerability. This vulnerability stemmed from the default authenticated configuration, allowing unauthenticated attackers to achieve full remote co...

10CVSS6.5AI score0.01972EPSS
Exploits5References1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.22 views

Roundcube Webmail 安全漏洞

Roundcube Webmail is an open-source browser-based IMAP client developed by Roundcube. It supports address book management, information search, spelling checking, and more. Versions of Roundcube Webmail prior to 1.5.14 and 1.6.14 contained security vulnerabilities. These vulnerabilities stemmed fr...

5.3CVSS5.8AI score0.00366EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.22 views

wvp-GB28181-pro 代码问题漏洞

WVP-GB28181-Pro is a video monitoring platform developed by individual developer 648540858. Versions of WVP-GB28181-Pro 2.7.4 and earlier have code vulnerabilities. These vulnerabilities stem from a deserialization issue in the function GenericFastJsonRedisSerializer within the component API...

7.5CVSS7.2AI score0.00427EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.22 views

doslib 安全漏洞

doslib is a MS-DOS development support library personally developed by Jonathan Campbell. Versions of doslib prior to 20250729 contained security vulnerabilities, which were caused by improper restrictions on memory buffer operations...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.22 views

D-Link DWR-M960 安全漏洞

The D-Link DWR-M960 is a router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DWR-M960 formDdns file. The vulnerability stems from a misbehavior of the function sub4648F0 in the file /boafrm/formDdns in the DDNS Settings Handler component with respect to the...

9CVSS6.4AI score0.0062EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.22 views

WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

5.3CVSS5.8AI score0.00245EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.22 views

farm 安全漏洞

Farm is a web building tool developed by Farm OpenSource. Versions of Farm prior to 1.7.6 contained security vulnerabilities. These vulnerabilities stemmed from a lack of source verification in WebSocket, which could allow attackers to monitor developers and steal source code...

6.5CVSS5.8AI score0.00191EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.22 views

Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx; this vulnerability stems from the rules.http.paths.path Ingress field...

8.8CVSS7.7AI score0.00501EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.22 views

WordPress Plugin AI Engine – The Chatbot and AI Framework for WordPress Code Issues and Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

7.2CVSS6AI score0.00667EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.22 views

npm CLI security vulnerabilities

npm CLI is a package manager developed by the American company npm. There is a security vulnerability in npm CLI, which stems from loading modules from insecure locations, potentially leading to privilege escalation and the execution of arbitrary code...

7CVSS7.5AI score0.00286EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.22 views

IBM ApplinX 安全漏洞

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. An unauthorized access vulnerability exists in IBM ApplinX that stems from insufficient server-side enforcement of client-side security, which could be...

4.3CVSS5.8AI score0.00159EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.22 views

RemoteMouse security vulnerability

Remote Mouse is a remote mouse application developed by the Remote Mouse company. Version 4.002 of Remote Mouse contains a security vulnerability. This vulnerability stems from the RemoteMouseService having a service path that is not enclosed in quotes, which may allow for the execution of...

8.5CVSS6AI score0.00205EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.22 views

Weblate 访问控制错误漏洞

Weblate is a Copyleft open source web-based free software continuous localization system. An Access Control Error vulnerability exists in Weblate versions prior to 5.15.2 that stems from improper access control of screenshot images, which could lead to unauthenticated users accessing screenshots...

7.5CVSS6.6AI score0.00323EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.22 views

Tenda M3 安全漏洞

Tenda M3 is an access control controller from Tenda China. A security vulnerability exists in Tenda M3 version 1.0.0.134903, which stems from an incorrect operation of the parameter qvlantruckport in the file /goform/setVlanPolicyData, which could result in a heap-based buffer overflow...

9CVSS9AI score0.00619EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.22 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from premature initialization of the GPIO controller, which could lead to a race condition...

6AI score0.00175EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/20 12:0 a.m.22 views

Microsoft Dynamics OmniChannel SDK Storage Containers 授权问题漏洞

Microsoft Dynamics OmniChannel SDK Storage Containers is a container for storing, accessing, or managing records from Microsoft Corporation, USA. An authorization issue vulnerability exists in Microsoft Dynamics OmniChannel SDK Storage Containers that stems from improper authorization and could...

9.8CVSS6.5AI score0.00424EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.22 views

MotionEye 安全漏洞

motionEye is a daemon web front-end for motionEye open source. A security vulnerability exists in MotionEye v0.43.1b4 and earlier versions, which stems from a configuration parameter that is not cleaned of user input and could lead to an OS command injection attack...

7.2CVSS6.9AI score0.18993EPSS
Exploits17References2
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.22 views

Creativeitem Ekushey CRM 跨站脚本漏洞

Creativeitem Ekushey CRM is an open source project management script from Creativeitem. A cross-site scripting vulnerability exists in Creativeitem Ekushey CRM version 5.0, which stems from a lack of user input validation and could lead to a stored cross-site scripting attack...

5.4CVSS5.9AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.22 views

Flock Safety Android Collins 安全漏洞

Flock Safety Android Collins is an application module for managing cameras from Flock Safety USA. A security vulnerability exists in Flock Safety Android Collins version 6.35.31, which stems from a lack of authentication and could lead to denial of service, information disclosure, and remote code...

9.8CVSS7.9AI score0.01004EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/09/30 12:0 a.m.22 views

Finance.js 安全漏洞

Finance.js is a JavaScript library for financial calculations by Essam B. Individual Developer. A security vulnerability exists in Finance.js version 4.1.0, which stems from improper handling of the seekZero parameter and could lead to a denial of service attack...

7.5CVSS6.3AI score0.00496EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/10 12:0 a.m.22 views

WordPress plugin Duplicate Page and Post SQL注入漏洞

WordPress Duplicate Page and Post plugin is a plugin for quickly duplicating pages or posts, supporting one-click cloning of existing content and saving it to draft, private or public status, for users who need to batch process website content. WordPress Duplicate Page and Post plugin suffers fro...

6.5CVSS8AI score0.00278EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/29 12:0 a.m.22 views

MetaCPAN CGI::Simple 安全漏洞

MetaCPAN CGI::Simple is a module for Perl from the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN CGI::Simple versions prior to 1.282, which stems from HTTP response splitting and could lead to reflective cross-site scripting or open redirects...

7.3CVSS5.8AI score0.00431EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/08/18 12:0 a.m.22 views

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from improper input validation and could lead to remote elevation of privilege...

9.8CVSS6.8AI score0.01564EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.22 views

WordPress plugin DigitalOcean Spaces Sync 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS5.8AI score0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.22 views

Apple macOS 安全漏洞

Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia contains a security vulnerability that can be exploited by attackers to cause iCloud Private Relay to fail to activate when multiple users are logged in at the same time...

5.3CVSS6.4AI score0.00362EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/24 12:0 a.m.22 views

Capillary.io CapillaryScope 安全漏洞

Capillary.io CapillaryScope is a software for vascular examinations from the Spanish company Capillary.io. A security vulnerability exists in Capillary.io CapillaryScope versions prior to v2.5.0, which stems from the unencrypted storage of sensitive data and could lead to credential disclosure...

6.9CVSS6.4AI score0.00074EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/01 12:0 a.m.22 views

Blogbook 注入漏洞

Blogbook is a content management system project by the individual developer Chaitak Gorai. Blogbook 92f5cf90f8a7e6566b576fe0952e14e1c6736513 and earlier versions have an injection vulnerability that stems from SQL injection of the parameter postid in the file /admin/viewallposts.php...

8.8CVSS6.9AI score0.00388EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/05/28 12:0 a.m.22 views

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from the heap content of a JSP application containing a password sent over HTTP...

4CVSS9.3AI score0.00366EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/21 12:0 a.m.22 views

Google Chrome 安全漏洞

Google Chrome is a WEB browser developed by Google Inc. Google Chrome suffers from an information disclosure vulnerability, no details of the vulnerability are provided at this time...

5.4CVSS6.2AI score0.00322EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.22 views

Retrieval-based-Voice-Conversion-WebUI 安全漏洞

Retrieval-based-Voice-Conversion-WebUI is an open source voice training modeling tool from RVC-Project. A security vulnerability exists in Retrieval-based-Voice-Conversion-WebUI version 2.2.231006 and earlier, which stems from command injection...

9.8CVSS7AI score0.02259EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.22 views

LRQA Nettitude PoshC2 安全漏洞

LRQA Nettitude PoshC2 is an agent-aware C2 framework from LRQA used to help penetration testers with red teaming, late exploits, and lateral movement. A security vulnerability exists in LRQA Nettitude PoshC2 that stems from allowing an unauthenticated attacker to connect to the C2 server and...

6.5CVSS7.4AI score0.00332EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.22 views

Microsoft Windows Kernel 安全漏洞

Microsoft Windows Kernel is the kernel of the Windows operating system by Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Kernel. An attacker can exploit the vulnerability to elevate privileges. The following products and versions are affected:Windows 10 Version 18...

7.8CVSS8.1AI score0.00592EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.22 views

WordPress plugin MyBookProgress by Stormhill Media 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS6AI score0.00232EPSS
Exploits0References2
Total number of security vulnerabilities5000