Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/03/03 12:0 a.m.21 views

WatchGuard Fireware OS 安全漏洞

WatchGuard Fireware OS is a software operated by the American company WatchGuard, running on Firebox devices. Versions 12.7 to 12.11.7 and 2025.1 to 2026.1.1 of WatchGuard Fireware OS contain security vulnerabilities. These vulnerabilities stem from reflective cross-site scripting in the Fireware...

6.1CVSS5.8AI score0.00196EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.21 views

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...

9.8CVSS7.3AI score0.00404EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.21 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.14.0 contained security vulnerabilities. These vulnerabilities stemmed fro...

6.5CVSS5.8AI score0.00301EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.21 views

MajorDoMo 操作系统命令注入漏洞

MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. There is a vulnerability in the operating system’s command injection mechanism. This vulnerability stems from the $param variable passed as user input in the rc/index.php file, which is inserted...

9.8CVSS5.8AI score0.06872EPSS
Exploits3References3
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.21 views

OpenSatKit 安全漏洞

OpenSatKit is an open-source application development toolkit developed by OpenSatKit. Version 2.2.1 of OpenSatKit contains a security vulnerability. This vulnerability stems from the use of an insecure sprintf call in the EventErrStr buffer, which may lead to a stack buffer overflow...

9.8CVSS6.1AI score0.00532EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.21 views

Zulip 跨站脚本漏洞

Zulip is a powerful open-source chat application developed by the American company Zulip Corporation. It combines the immediacy of real-time conversations with the productivity benefits of threaded dialogue. Versions of Zulip from 5.0 to 11.5 had a cross-site scripting vulnerability. This...

5.4CVSS5.7AI score0.0023EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.21 views

Honeywell WIN-PACK PRO code issue vulnerability

Honeywell WIN-PACK PRO is a security management platform software developed by the American company Honeywell. Version 4.8 of Honeywell WIN-PACK PRO contains a code vulnerability. This vulnerability stems from the GuardTourService having service paths that are not enclosed in quotes, which may...

8.5CVSS6AI score0.00127EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.21 views

Oracle PeopleSoft security vulnerabilities

Oracle PeopleSoft is a corporate human capital management solution developed by Oracle Corporation in the United States. This product offers functions such as human capital management, financial management, and supplier relationship management. PeopleSoft Enterprise PeopleTools is a tool and...

5.4CVSS7.1AI score0.002EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.21 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a node page read not ending before f2fsputsuper completes, potentially leading to a file system reference...

5.5CVSS6.2AI score0.00159EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.21 views

Microsoft Windows SMB Server 竞争条件问题漏洞

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. A denial of service vulnerability exists in Microsoft Windows SMB Server, which is caused d...

5.3CVSS5.8AI score0.00892EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.21 views

Microsoft Windows Common Log File System Driver 安全漏洞

The Microsoft Windows Common Log File System Driver is Microsoft's Common Log File System CLFS API that provides a high-performance, general-purpose log file subsystem that can be used by specialized client applications and shared by multiple clients to optimize logging and access. access. A...

7.8CVSS5.8AI score0.02521EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.21 views

Microsoft Windows Virtualization-Based Security Enclave 安全漏洞

Microsoft Windows Virtualization-Based Security Enclave Microsoft Windows VBS Enclave is a software-based trusted execution environment in the address space of host applications from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Virtualization-Based Security...

6.2CVSS5.9AI score0.00412EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.21 views

fluidsynth 安全漏洞

fluidsynth is fluidsynth open source an application system . Used to generate audio by using SoundFont by reading and processing MIDI events from MIDI input devices. A security vulnerability exists in fluidsynth 2.4.6 and earlier versions, which stems from a null pointer dereference that may be...

7.5CVSS6.3AI score0.00414EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.21 views

WordPress plugin Speed Kit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.4AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/02 12:0 a.m.21 views

Yonyou KSOA SQL注入漏洞

Yonyou KSOA is an enterprise management software from China's UFIDA Yonyou company. A SQL injection vulnerability exists in Yonyou KSOA version 9.0, which originates from the incorrect operation of the parameter zpjhid in the file /kp/PrintZPYG.jsp, which could lead to a SQL injection attack...

9.8CVSS7.8AI score0.00345EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.21 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not freeing memory when clock hardware registration fails, which could lead to a memory leak...

6.1AI score0.00198EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.21 views

WordPress plugin Custom 404 Pro 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.6AI score0.001EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.21 views

WordPress plugin Workreap 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

7.7CVSS6.6AI score0.00394EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/20 12:0 a.m.21 views

CAPE 安全漏洞

CAPE is a malware sandbox by the individual developer Kevin OReilly. CAPE has a security vulnerability that stems from an analysis denial vulnerability in reporting/mongodb.py and reporting/jsondump.py, which allows an attacker to submit samples to generate deeply nested or oversized behavioral...

7.5CVSS6.8AI score0.00323EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.21 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a double release of blkmqtags, which could cause the kernel to crash...

6.1AI score0.00184EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.21 views

KNIME Business Hub 安全漏洞

KNIME Business Hub is KNIME's enterprise software for data science automation, deployment modeling, team collaboration and management workflows. A security vulnerability exists in KNIME Business Hub versions prior to 1.16.0 that originates from an unauthenticated, remote attacker who can craft...

7.2CVSS6.7AI score0.0024EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/01 12:0 a.m.21 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from insufficient attribute size checking, which could lead to out-of-bounds reads...

6.1AI score0.00149EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.21 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a race condition in the fs dlm component that could lead to a null pointer dereference...

4.7CVSS6.2AI score0.00135EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.21 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not checking the tw68riscbuffer return value and buf-cpu value, which could result in a null pointer...

5.5CVSS6.3AI score0.00135EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.21 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improperly set completion timeout for the ucsiacpi command, which could result in a null pointer...

5.5CVSS6.4AI score0.00143EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.21 views

Microsoft Office 资源管理错误漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

7.8CVSS8AI score0.00686EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.21 views

NVIDIA BlueField 安全漏洞

NVIDIA BlueField is a series of data processing units from NVIDIA. NVIDIA BlueField has a security vulnerability that can be exploited by attackers to potentially cause a denial of service, elevation of privilege, and information disclosure...

8.7CVSS6.7AI score0.00134EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.21 views

Citrix Systems ADC and NetScaler Gateway 安全漏洞

Citrix Systems ADC and NetScaler Gateway is an application delivery controller from Citrix Systems, Inc. A security vulnerability exists in Citrix Systems ADC and NetScaler Gateway that originates from a memory overflow that could lead to unpredictable behavior or denial of service...

9.8CVSS6.8AI score0.06658EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.21 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from mt7996thermalinit not checking the devmkasprintf return value, which could result in a null pointer...

5.5CVSS8AI score0.00137EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/09 12:0 a.m.21 views

Jenkins plugin Aqua Security Scanner 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

4.3CVSS6.4AI score0.00191EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/09 12:0 a.m.21 views

Jenkins plugin HTML Publisher 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

6.3CVSS6AI score0.00413EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/25 12:0 a.m.21 views

Brother Industries Multiple driver installers for Windows 安全漏洞

Brother Industries Multiple driver installers for Windows is a driver software from Brother Industries, Japan. A security vulnerability exists in Brother Industries Multiple driver installers for Windows, which can be exploited by an unauthenticated attacker to access the /etc/mntinfo.csv path vi...

5.3CVSS8.1AI score0.7656EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.21 views

Elecom WRC-1167GHBK2-S 跨站脚本漏洞

The Elecom WRC-1167GHBK2-S is a router from Elecom Japan. The Elecom WRC-1167GHBK2-S suffers from a cross-site scripting vulnerability that stems from susceptibility to stored cross-site scripting attacks...

5.4CVSS5.5AI score0.00195EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.21 views

Allure Report 代码问题漏洞

Allure Report is a flexible, lightweight, multi-language test reporting tool from the Allure Framework open source. A code issue vulnerability exists in Allure Report 2 versions prior to 2.34.1, which stems from xunit-xml-plugin not securely configuring the XML parser, which could lead to XXE...

7.5CVSS6.6AI score0.00324EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/20 12:0 a.m.21 views

Pterodactyl Panel 代码注入漏洞

Pterodactyl Panel is a free open source game server administration panel from Pterodactyl Open Source. A code injection vulnerability exists in Pterodactyl Panel versions prior to 1.11.11, which stems from the /locales/locale.json endpoint that does not validate the locale and namespace parameter...

10CVSS7.7AI score0.13105EPSS
Exploits28References4
CNNVD
CNNVD
added 2025/06/11 12:0 a.m.21 views

IBM Cognos Analytics 跨站脚本漏洞

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist organizations in adjusting their decisions by analyzing such things as key factors and key people. A cross-site...

5.5CVSS5.9AI score0.00178EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.21 views

WordPress plugin Wp Easy Allopass 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site...

4.3CVSS4.9AI score0.00136EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.21 views

WordPress plugin LayoutBoxx 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

7.3CVSS8.3AI score0.00419EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.21 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a memory leak in the es58xrxerrmsg function error path...

3.3CVSS6.2AI score0.00158EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.21 views

CrushFTP 安全漏洞

CrushFTP is a file transfer server from CrushFTP, Inc. A security vulnerability exists in CrushFTP that stems from vulnerability to directory traversal attacks...

5CVSS6.6AI score0.12119EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/04/03 12:0 a.m.21 views

WordPress plugin Team Rosters 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS6.9AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.21 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from the eth bnxt module accessing a null pointer when the interface is closed...

6.5AI score0.00178EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/04 12:0 a.m.21 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege checking vulnerability exists in the Huawei HarmonyOS media library module, which can be exploited by an attacker to compromise confidentiality...

5.5CVSS6.8AI score0.00097EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/28 12:0 a.m.21 views

IBM FlashSystem 安全漏洞

IBM FlashSystem is a family of high-performance all-flash and hybrid flash storage solutions from International Business Machines IBM. A security vulnerability exists in IBM FlashSystem that originates from a specially crafted HTTP request bypassing RPCAdapter endpoint authentication...

9.1CVSS6.4AI score0.00796EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/20 12:0 a.m.21 views

Sitecore Experience Manager和Experience Platform 安全漏洞

Sitecore Experience Platform XP and Sitecore Experience Manager XM are both products of Sitecore, a Danish company.Sitecore Experience Platform is a suite of customer digital experience platforms.Sitecore Sitecore Experience Platform is a customer digital experience platform, and Sitecore...

5.3CVSS8.1AI score0.6356EPSS
Exploits4References3
CNNVD
CNNVD
added 2025/02/07 12:0 a.m.22 views

FileVista 安全漏洞

FileVista is a web file manager from GleamTech Individual Developers. A security vulnerability exists in FileVista version 9.2.0.0 that originates from directory traversal during file uploads and allows remote attackers to execute code, disclose information, and elevate privileges...

6.3CVSS6.6AI score0.03206EPSS
Exploits3References2
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.21 views

WAVLINK AC3000 安全漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. An external configuration control vulnerability exists in the WAVLINK AC3000, which can be exploited by attackers to cause a privilege bypass...

9.1CVSS6.8AI score0.01457EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.21 views

SingMR HouseRent 代码问题漏洞

HouseRent is a house rental management system by Mr.W individual developer. It provides an auto-caching JWK-Set HTTP client. A code issue vulnerability exists in SingMR HouseRent version 1.0, which stems from the singleUpload/upload function in the file...

8.8CVSS6.6AI score0.00369EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/24 12:0 a.m.21 views

Hanwha Vision NVR 安全漏洞

Hanwha Vision NVR is a series of network video recorder devices from Hanwha Vision, a South Korean company. A security vulnerability exists in Hanwha Vision NVR that stems from improper handling of large data inputs when processing URL parameters, which could lead to a stack overflow...

6.9CVSS6.4AI score0.00799EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.21 views

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal that stems from improper input neutralization during page generation, resulting in a cross-site scripting vulnerability...

5.4CVSS6AI score0.00327EPSS
Exploits0References1
Total number of security vulnerabilities5000