Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Microsoft Windows Attestation 输入验证错误漏洞

Microsoft Windows Attestation is an open-source device certification service based on TPM hardware trust roots, developed by Microsoft in the United States. Microsoft Windows Attestation has a security vulnerability that stems from a violation of trust boundaries, which may allow authorized...

7.8CVSS5.8AI score0.0031EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Adobe CAI Content Credentials 资源管理错误漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1 have a resourc...

6.2CVSS5.4AI score0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Adobe CAI Content Credentials 资源管理错误漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1 have a resourc...

6.2CVSS5.4AI score0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Adobe Acrobat Reader 资源管理错误漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability that ste...

7.8CVSS7.6AI score0.00285EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Microsoft Bing 处理逻辑错误漏洞

Microsoft Bing is a web search engine developed by Microsoft Corporation in the United States. There are security vulnerabilities in Microsoft Bing. Attackers exploit these vulnerabilities to carry out phishing attacks...

4.3CVSS5.8AI score0.00619EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

pretix 安全漏洞

Pretix is a ticketing system developed by the German company Pretix. Pretix has a security vulnerability. This vulnerability stems from including the secrets of connected gift cards during the creation of all reusable media exports. As a result, it is possible for users who create these exports t...

6.9CVSS5.4AI score0.00229EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the function kvmvcpuinitnested. This function reallocates and releases the kvm-arch.nestedmmus...

8.8CVSS5.3AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Apache Answer 代码问题漏洞

Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier had code vulnerabilities. These vulnerabilities stemmed from insufficient restrictions on the upload of dangerous types of files. Custom TIFF images might trigger...

6.5CVSS5.4AI score0.00479EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

WordPress plugin FastPicker 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

VMware Spring Framework 安全漏洞

VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, Inc. This framework helps developers build high-quality applications. Versions 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48 of the VMware Spring Framework contain security...

7.5CVSS5.3AI score0.00317EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Microsoft Windows Push Notifications 竞争条件问题漏洞

Microsoft Windows Push Notifications is a push notification service provided by the American company Microsoft. It provides a reliable way to deliver new updates. There are compatibility issues with Microsoft Windows Push Notifications. The following products and versions are affected: Windows...

7.8CVSS5.3AI score0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Microsoft HTTP.sys 资源管理错误漏洞

Microsoft HTTP.SYS is an HTTP application protocol developed by Microsoft Corporation. There is a resource management vulnerability in Microsoft HTTP.SYS. Attackers can exploit this vulnerability to cause a denial-of-service attack on the system. The following products and versions are affected:...

7.5CVSS5.9AI score0.48438EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Microsoft Windows Ancillary Function Driver for WinSock 缓冲区错误漏洞

The Microsoft Windows Ancillary Function Driver for WinSock is a supplementary function driver for Winsock by Microsoft Corporation. There are security vulnerabilities associated with the Microsoft Windows Ancillary Function Driver for WinSock. Attackers can exploit these vulnerabilities to gain...

7.8CVSS5.8AI score0.00286EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Microsoft Windows Shell 信息泄露漏洞

Microsoft Windows Shell is the graphical user interface of the Windows operating system developed by Microsoft Corporation. Key elements of the Windows Shell include the desktop, taskbar, start menu, task switcher, and autoplay features. There is an information leakage vulnerability present in...

5.5CVSS5.3AI score0.00404EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.21 views

FOSSBilling 输入验证错误漏洞

FOSSBilling is an open-source billing and customer management platform for hosting service providers and digital service providers. Versions of FOSSBilling prior to 0.8.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from the redirection module not...

4.8CVSS5.3AI score0.00259EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.21 views

MBS多款产品 路径遍历漏洞

MBS Single-A and other products are a series of industrial communication gateways developed by the German company MBS. Several MBS products have a path traversal vulnerability. This vulnerability stems from the insufficient input validation in the ugw-logread method, which may allow remote...

8.8CVSS5.4AI score0.00494EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.21 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from an authorization bypass vulnerability in the QQBot’s native approval button, which failed to enforce th...

8CVSS5.8AI score0.00199EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.21 views

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux versions 6.8, 6.17, and 7.0 have security vulnerabilities. These vulnerabilities stem from an incorrect calculation of the internal buffer size, which may lead to out-of-bound...

7.8CVSS5.9AI score0.00107EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.21 views

Responsive FileManager 安全漏洞

Responsive FileManager is a free, open-source file manager developed by Alberto Peripolli. Version 9.14.0 of Responsive FileManager contains a security vulnerability. This vulnerability stems from issues with the forcedownload.php component, which could allow remote attackers to execute arbitrary...

8CVSS6.1AI score0.00334EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.21 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of use of a security list iteration in the mac80211 radar detection process. This...

8.8CVSS5.8AI score0.00203EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.21 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a security vulnerability. This vulnerability stemmed from an issue with the ANGLE component where uninitialized resources were used, which could allow a remote attacker with access ...

5CVSS5.8AI score0.00199EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.21 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure of scsi sd during the deviceadd process, resulting in the failure to call putdisk. Th...

5.8AI score0.00123EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.21 views

RELATE 跨站脚本漏洞

RELATE is a web-based course package developed by Andreas Klöckner. RELATE has a cross-site scripting vulnerability. This vulnerability stems from the getuser method in ParticipationAdmin, which uses marksafe for rendering user-controlled inputs, bypassing Django’s HTML escaping. This may lead to...

8.7CVSS5.6AI score0.0031EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.21 views

NVIDIA Isaac Launchable 安全漏洞

NVIDIA Isaac Launchable is a cloud-based one-click deployment solution provided by NVIDIA Corporation. NVIDIA Isaac Launchable has a security vulnerability, which stems from the transmission of sensitive information in plain text. This vulnerability may lead to code execution, privilege escalatio...

9.8CVSS5.8AI score0.00655EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.21 views

Check Point Security Gateway 安全漏洞

Check Point Security Gateway is a series of network security gateway devices developed by the Israeli company Check Point. There is a security vulnerability in Check Point Security Gateway, which arises when the identity-aware module based on browser authentication is enabled, allowing...

7.5CVSS5.8AI score0.0475EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.21 views

WordPress plugin Easy Elements for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS5.8AI score0.00541EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.21 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the fact that the POST parameters tickid and ftickid were directly concatenated into the...

7.1CVSS5.9AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.21 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an incorrect inference of the zero-copy status during the cleanup phase before messages are...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.21 views

apscheduler 安全漏洞

apscheduler is a Python task scheduling and queueing system developed by Alex Grönholm. There are security vulnerabilities in the apscheduler 3.10.x version and 4.0.0a5 version. These vulnerabilities stem from the unmarshalobject function in JSONSerializer and CBORSerializer, which allows arbitra...

9.8CVSS6.3AI score0.0081EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.21 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the ogssbidiscoveryoptionparseplmnlist function...

6.5CVSS5.8AI score0.0039EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.21 views

Astro 安全漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro prior to 6.1.10 contained security vulnerabilities. These vulnerabilities stemmed from the use of AES-GCM encryption to protect server island attributes and slot parameters, where the ciphertext was not...

6.3CVSS5.7AI score0.00144EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.21 views

Microsoft Windows TCP/IP 安全漏洞

Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There are security vulnerabilities present in Microsoft Windows TCP/IP. The following products and versions are affected: Windows 10 Version 1809 for 32-bit Systems,...

7.8CVSS5.8AI score0.00328EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.21 views

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an open-source application developed by OpenC3. Vulnerabilities exist in versions of OpenC3 COSMOS prior to 6.10.5 and 7.0.0-rc3. These vulnerabilities stem from design flaws in the savetoolconfig function, allowing the ability to save tool configuration files at any position...

4.3CVSS5.9AI score0.00313EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.21 views

Microsoft Windows Shell 资源管理错误漏洞

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. An elevation of privilege...

7CVSS5.8AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.21 views

Addressable 安全漏洞

Addressable is a Ruby library developed by Bob Aman. Versions of Addressable from 2.3.0 to 2.9.0 contained a security vulnerability. This vulnerability stemmed from the URI template implementation; two types of regular expressions generated by the URI templates had catastrophic backtracking, whic...

7.5CVSS5.8AI score0.0036EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.21 views

WordPress plugin Link Whisper Free 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00186EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.21 views

MCP Go SDK 安全漏洞

MCP Go SDK is an open-source development toolkit for the Model Context Protocol. Versions of MCP Go SDK prior to 1.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the default lack of DNS rebinding protection, allowing malicious websites to bypass the same-origin policy...

8.1CVSS5.8AI score0.00455EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.21 views

Drupal UI Icons 安全漏洞

Drupal UI Icons is a content management system module provided by the Drupal company that offers interface icon display and management functions. Versions of Drupal UI Icons prior to 1.0.1 and 1.1.1 contained security vulnerabilities, which were caused by improper input handling and could lead to...

6.1CVSS5.6AI score0.00149EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.21 views

SOGo 安全漏洞

SOGo is a highly fast and scalable modern collaboration suite open source by Alinto. It offers calendar management, address book management, a fully functional webmail client, as well as features for resource sharing and permission handling. Versions of SOGo prior to 5.12.5 contained security...

2.6CVSS5.8AI score0.00135EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.21 views

Microsoft Copilot 命令注入漏洞

Microsoft Copilot is an artificial intelligence-based assistant tool developed by Microsoft. It offers capabilities such as content generation, code writing, and office collaboration. Microsoft Copilot has a command injection vulnerability, which stems from improper neutralization of special...

7.5CVSS5.8AI score0.00651EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.21 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.2 contained security...

8.1CVSS5.9AI score0.00444EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.21 views

Runtipi 安全漏洞

Runtipi is an open-source family server orchestrator developed by Runtipi. Versions of Runtipi prior to 4.8.1 contained security vulnerabilities. These vulnerabilities stemmed from the/api/auth/verify-totp endpoint, which did not enforce any rate limits or account locking mechanisms. This allowed...

8.8CVSS5.8AI score0.0034EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.21 views

TinaCMS 路径遍历漏洞

TinaCMS is an open-source headless CMS developed by Tina for Markdown, MDX, and JSON formats. Versions of TinaCMS prior to 2.1.2 contained a path traversal vulnerability. This vulnerability stemmed from the use of path.join to combine paths without verifying that the resolved path remained within...

6.3CVSS5.8AI score0.00426EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.21 views

plunk 代码问题漏洞

Plunk is an open-source email sending and management platform developed by Plunk. Versions of Plunk prior to 0.7.0 contained code vulnerabilities. These vulnerabilities stemmed from issues with the SNS webhook handler, which had problems with server-side request forgeing attacks. This could allow...

9.3CVSS6AI score0.00273EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.21 views

RIOT 缓冲区错误漏洞

RIOT is an open-source operating system designed for the Internet of Things. Versions of RIOT prior to 2026.01 contain a buffer error vulnerability. This vulnerability stems from insufficient validation of buffer boundaries, which could allow attackers to corrupt adjacent stack locations, resulti...

9.8CVSS6.2AI score0.00483EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.21 views

Calendar 跨站脚本漏洞

Calendar is an event management module developed by HumHub, offering a comprehensive solution for events within companies or organizations. Versions of Calendar prior to 1.8.11 contained a cross-site scripting vulnerability. This vulnerability stemmed from the existence of storage-type cross-site...

6.9CVSS5.6AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.21 views

Gogs 跨站脚本漏洞

Gogs Go Git Service is a self-service Git hosting service developed by the Gogs team using the Go language. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Prior to version 0.14.2, Gogs had a cross-site scripting...

7.3CVSS7.1AI score0.00184EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.21 views

IBM DataStage on Cloud Pak for Data 操作系统命令注入漏洞

IBM DataStage on Cloud Pak for Data is an enterprise-level data integration solution provided by IBM Corporation. Versions 5.1.2 to 5.3.0 of IBM DataStage on Cloud Pak for Data contain an operating system command injection vulnerability. This vulnerability stems from improper input validation in...

8.8CVSS6.1AI score0.00344EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.21 views

WatchGuard Fireware OS 安全漏洞

WatchGuard Fireware OS is a software operated by the American company WatchGuard, running on Firebox devices. Vulnerabilities exist in versions 11.9 to 11.12.4Update1, 12.0 to 12.11.7, and 2025.1 to 2026.1.1 of WatchGuard Fireware OS. These vulnerabilities stem from out-of-bound writing, allowing...

8.6CVSS6.2AI score0.00765EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.21 views

stabilizer 安全漏洞

Stabilizer is a performance evaluation tool developed by Charlie Curtsinger. Stabilizer has a security vulnerability, which stems from the direct transmission of uncleaned user input to os.system, potentially allowing remote attackers to execute arbitrary system commands...

7.8CVSS6.1AI score0.0053EPSS
Exploits0References3
Total number of security vulnerabilities5000