Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2021/06/14 12:0 a.m.22 views

Tor 信息泄露漏洞

Tor is a network of virtual tunnels. It allows individuals and groups to increase their privacy and security on the Internet. An information disclosure vulnerability exists in Tor. An attacker could forge RELAYEND or RELAYRESOLVED to end a stream bypassing expected access controls...

7.5CVSS8AI score0.02721EPSS
Exploits0References12
CNNVD
CNNVD
added 2021/05/28 12:0 a.m.22 views

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++, designed for resource-constrained microcontrollers. A stack overflow vulnerability exists in parseunary in Cesanta MJS version 1.20.1. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...

5.5CVSS5.7AI score0.00823EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/05/27 12:0 a.m.22 views

http4s 路径遍历漏洞

Http4s is an open source for Scala streaming HTTP server . Http4s has a path traversal vulnerability that can be exploited by an attacker to obtain sensitive information...

5.8CVSS5.6AI score0.01395EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.22 views

Huawei ESE620X vESS 缓冲区错误漏洞

Huawei ESE620X vESS is a virtual enterprise service controller from Huawei, China. A security vulnerability exists in ESE620X vESS, which is caused by an out-of-bounds read in a function that handles internal messages. An attacker could use this vulnerability to send a constructed exception messa...

5.5CVSS5.6AI score0.00156EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/05/14 12:0 a.m.22 views

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in tf.rawops.SparseSplit in Google TensorFlow. A locally authenticated attacker can exploit this vulnerability to cause a denial of service condition...

7.8CVSS5.6AI score0.00211EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/05/11 12:0 a.m.22 views

Istio 授权问题漏洞

Istio is a set of open platforms for connecting, managing, and securing microservices. Istio is vulnerable to an authorization issue. An attacker could use this vulnerability to bypass the program's authorization service...

6.5CVSS6.5AI score0.01174EPSS
Exploits1References6
CNNVD
CNNVD
added 2021/05/03 12:0 a.m.22 views

Google Android 输入验证错误漏洞

Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Alliance OHA. an elevation of privilege vulnerability exists in Google Android sqlite3.c. An attacker could exploit this vulnerability to escalate privileges...

7.8CVSS5.7AI score0.0012EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/04/27 12:0 a.m.22 views

PHPMailer 代码问题漏洞

PHPMailer is a PHP class library for sending emails. PHPMailer is vulnerable to a code issue that allows object injection via addAttachment with a UNC pathname via Phar deserialization. No details of the vulnerability are currently available...

9.8CVSS5.8AI score0.03095EPSS
Exploits0References10
CNNVD
CNNVD
added 2021/03/26 12:0 a.m.23 views

Red Hat Resteasy 跨站脚本漏洞

Red Hat Resteasy is the United States Red Hat Red Hat, a JAX-RS a Java programming language API specification implementation. A cross-site scripting vulnerability exists in Red Hat RESTEasy. An attacker can exploit the vulnerability to launch a reflected XSS attack...

8.8CVSS5.4AI score0.03635EPSS
Exploits1References8
CNNVD
CNNVD
added 2021/03/24 12:0 a.m.22 views

Cisco Jabber for Windows 输入验证错误漏洞

Cisco Jabber is a web conferencing and instant messaging application that allows users to send messages over the Extensible Messaging and Status Protocol XMPP. A code execution vulnerability exists in Cisco Jabber, which is caused by incorrect validation of message content. An attacker can send...

9.9CVSS8.2AI score0.0103EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/01/11 12:0 a.m.22 views

Sass Node-sass Trust Management Issues Vulnerability

Sass Node-sass is a C++-based codebase from the Gogo Sass team that supports Node interaction with LibSass. A security vulnerability exists in node-sass 2.0.0 to 4.14.1, which stems from certificate validation being disabled...

5.3CVSS6.8AI score0.0082EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.21 views

SolidInvoice 安全漏洞

SolidInvoice is an open-source invoice processing application developed by SolidInvoice. Versions of SolidInvoice prior to 2.3.17 contained a security vulnerability. This vulnerability stemmed from API tokens being stored in the apitokens database table in plain text, which could allow attackers...

8.1CVSS5.3AI score0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.21 views

openSIS Classic 安全漏洞

openSIS Classic is an easy-to-use student information system developed under Open Solutions for Education. It is used to organize student information and school-related operations, thereby improving the efficiency of K-12, trade schools, and higher education school systems. Version 9.3 of openSIS...

7.1CVSS5.5AI score0.00238EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.21 views

Duck Site 安全漏洞

Duck Site is a website content management tool open source by the Duck Organization. Versions of Duck Site prior to 1.0.1 contained security vulnerabilities. These vulnerabilities stemmed from improper deployment of workflow condition checks, which could allow attacker-controlled pull request cod...

9.5CVSS5.3AI score0.00312EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.21 views

tmp 输入验证错误漏洞

“tmp” is a temporary file and directory creator developed by KARASZI István as a Node.js tool. Version 0.2.6 of “tmp” contains a vulnerability related to input validation. This vulnerability arises from the “assertPath” guard, which only rejects string values that contain the substring “..”. When...

8.2CVSS5.3AI score0.00496EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.21 views

Thai Palliative SQL注入漏洞

Thai Palliative is a modified version of the PHP framework developed by DAMASAC KKU. Versions of Thai Palliative 3.0 and earlier have a SQL injection vulnerability. This vulnerability arises from the lack of cleaning or parameterization of the idFormMain parameter and the id parameter, which may...

9.8CVSS6.4AI score0.00329EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.21 views

MariaDB Server 命令注入漏洞

MariaDB Server is an open-source relational database system developed by MariaDB. Versions 10.6.1 to 10.6.26, 10.11.1 to 10.11.17, 11.4.1 to 11.4.11, 11.8.1 to 11.8.7, and 12.3.1 of MariaDB Server have a vulnerability related to operating system command injection. This vulnerability arises from...

10CVSS5.9AI score0.00998EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.21 views

Keras 路径遍历漏洞

Keras is an open-source deep learning framework developed by Keras. Versions of Keras prior to 3.14.0 contained a path traversal vulnerability. This vulnerability stemmed from a path traversal issue in the archive extraction tool. The functions filtersafetarinfos and filtersafezipinfos used to...

8.1CVSS7.8AI score0.00518EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained a buffer error vulnerability. This vulnerability could be...

5.7CVSS5.7AI score0.00093EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

ImageMagick 信息泄露漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained a vulnerability related to information leakage. This vulnerability stemm...

4.1CVSS5.3AI score0.00109EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

ImageMagick 竞争条件问题漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained a race condition vulnerability. This vulnerability stemme...

4.1CVSS5.3AI score0.00077EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-47 and 7.1.2-22 contained a buffer error vulnerability. This vulnerability occurred when malicious...

5.1CVSS5.6AI score0.0012EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a security vulnerability in Palo Alto Networks PAN-OS, which stems from privilege escalation. This vulnerability may allow authenticated administrators with access through the comma...

8.5CVSS5.5AI score0.00256EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

Dulwich 资源管理错误漏洞

Dulwich is a Python-based Git repository management interface developed by Jelmer Vernooij. Versions of Dulwich prior to 1.2.5 contained a resource management vulnerability. This vulnerability stemmed from the allocation of memory based on the destsize parameter when handling special thin package...

5.7CVSS5.3AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

Russh 输入验证错误漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. In versions of Russh from 0.34.0-beta.1 to 0.61.0, there was an input validation vulnerability. This vulnerability stemmed from lax implementation of SSH identifier string rules. The server-side identifier...

5.3CVSS5.4AI score0.00277EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

Russh 授权问题漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. In versions of Russh from 0.34.0-beta.1 to 0.61.0, there was an authorization vulnerability. This vulnerability stemmed from the server authentication path not separating the internal authentication state whe...

5.3CVSS5.3AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

OpenVM 输入验证错误漏洞

OpenVM is an open-source, high-performance, and modularized zkVM framework designed for customization and scalability. Prior to OpenVM 1.6.0, there was a vulnerability related to input validation errors. This vulnerability stemmed from the tryhonestpairingcheck function in the openvm-pairing...

8.7CVSS5.3AI score0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of inclusion of CAPSYSTIME in the capability checks during PodSpec security validation. As a result, tenan...

8.5CVSS5.5AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained security vulnerabilities. These vulnerabilities stemmed from tenants with permissions to execute privileged/allowed-privileged/hazardous containers, under the account with hi...

9.9CVSS5.5AI score0.0029EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

Lenovo Android Application 安全漏洞

Lenovo Android Application is an application developed by Lenovo Corporation, designed for managing Lenovo devices. There is a security vulnerability in Lenovo Android Application, which stems from websites accessed via the built-in browser potentially overwriting system clipboard contents...

5.1CVSS5.3AI score0.00171EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

Migration assessment 安全漏洞

Migration assessment is an open-source tool developed by KubeV2V for evaluating and providing migration recommendations for VMware environments. There is a security vulnerability in Migration assessment. This vulnerability stems from the /api/v1/sources/id/image-url endpoint, where improper acces...

9.6CVSS5.3AI score0.0028EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

Jenkins 安全漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have security vulnerabilitie...

5.3CVSS5.4AI score0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

NSA Ghidra 参数注入漏洞

NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Prior to version 12.1 of NSA Ghidra, there was a parameter injection vulnerability. This vulnerability stemmed from improper escaping of the ‘cmd.exe’...

8.4CVSS5.4AI score0.00503EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

QNAP license center 路径遍历漏洞

QNAP Systems License Center is a licensing management system operated by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems License Center prior to 1.9.56 contained a path traversal vulnerability. This vulnerability allows local attackers to use administrative accounts to...

6.9CVSS5.9AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

ESP-IDF 缓冲区错误漏洞

ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1 of ESP-IDF contain buffer overflow vulnerabilities. These vulnerabilities stem from an out-of-bounds read issue in the DHCP server option...

6.5CVSS5.8AI score0.00246EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

QNAP file station 缓冲区错误漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. QNAP Systems File Station 5 has a security vulnerability that stems from a buffer overflow issue. This vulnerability could allow remote attackers to modify memory or cause processe...

9.1CVSS6.2AI score0.00318EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

VMware Spring for Apache Kafka 安全漏洞

VMware Spring for Apache Kafka is a Kafka messaging integration framework developed by VMware, Inc. Vulnerabilities exist in versions 4.0.0 and earlier, as well as versions 3.3.0 and earlier, 3.2.0 and earlier, 2.9.0 and earlier, and 2.8.0 and earlier of VMware Spring for Apache Kafka. The...

6.5CVSS5.3AI score0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

Umbraco 跨站脚本漏洞

Umbraco is an open-source content management system CMS written in C by the Danish company Umbraco. Versions of Umbraco from 14.0.0 to 17.4.0 had a cross-site scripting vulnerability. This vulnerability allowed authenticated users to inject HTML into input fields, with improperly encoded output i...

4.6CVSS5AI score0.00136EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-25 contained security vulnerabilities. These vulnerabilities stemmed from specially crafted...

6.2CVSS5.5AI score0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

QNAP qumagie 信息泄露漏洞

QNAP Systems QuMagie is a QTS photo management application developed by QNAP Systems. There is a security vulnerability in QNAP Systems QuMagie, which stems from lack of authorization. This vulnerability may allow remote attackers to access unauthorized data or perform unauthorized operations. Th...

8.7CVSS5.9AI score0.00322EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

WordPress plugin Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

6.4CVSS5.4AI score0.00243EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Microsoft Exchange Server 服务端请求伪造漏洞

Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There are code vulnerabilities in Microsoft Exchange Server. Attackers can exploit these...

8.8CVSS5.8AI score0.00465EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team, capable of implementing Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure hash...

3.7CVSS5.4AI score0.0035EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Microsoft Azure Stack Edge 跨站脚本漏洞

Microsoft Azure Stack Edge is a Azure-hosted device by Microsoft that integrates Azure computing, storage, and intelligent features at the edge. Microsoft Azure Stack Edge has a cross-site scripting vulnerability. Attackers can exploit this vulnerability to perform phishing attacks...

8.4CVSS5AI score0.00814EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Microsoft Windows Attestation 输入验证错误漏洞

Microsoft Windows Attestation is an open-source device certification service based on TPM hardware trust roots, developed by Microsoft in the United States. Microsoft Windows Attestation has a security vulnerability that stems from a violation of trust boundaries, which may allow authorized...

7.8CVSS5.8AI score0.0031EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Adobe CAI Content Credentials 资源管理错误漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1 have a resourc...

6.2CVSS5.4AI score0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Adobe CAI Content Credentials 资源管理错误漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1 have a resourc...

6.2CVSS5.4AI score0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Adobe Acrobat Reader 资源管理错误漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability that ste...

7.8CVSS7.6AI score0.00285EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Microsoft Bing 处理逻辑错误漏洞

Microsoft Bing is a web search engine developed by Microsoft Corporation in the United States. There are security vulnerabilities in Microsoft Bing. Attackers exploit these vulnerabilities to carry out phishing attacks...

4.3CVSS5.8AI score0.00619EPSS
Exploits0References1
Total number of security vulnerabilities5000