Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2022/11/10 12:0 a.m.53 views

Xterm 命令注入漏洞

Xterm is a terminal emulator for the X Window System by Thomas Dickey, a personal developer. It is intended to provide Dec Vt102 and Tektronix 4014 compatible terminals for programs that cannot use the window system directly. A security vulnerability exists in versions prior to Xterm 375. An...

9.8CVSS8.3AI score0.04949EPSS
Exploits1References15
CNNVD
CNNVD
added 2022/09/30 12:0 a.m.53 views

GoFlow 资源管理错误漏洞

GoFlow is an open source NetFlow/IPFIX/sFlow collector in Go by Cloudflare. A resource management error vulnerability exists in GoFlow versions prior to 3.4.4, which stems from insufficient packet cleanup and processes consuming large amounts of memory, leading to denial of service attacks...

7.5CVSS7.2AI score0.00825EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/09 12:0 a.m.53 views

OAuthenticator 安全漏洞

OAuthenticator is an OAuth token library for the JupyerHub login handler. A security vulnerability exists in OAuthenticator version 14.2.0 and earlier, which stems from CILogon, a federated authentication provider that allows users to authenticate with multiple identity providers IdPs...

6.5CVSS6.4AI score0.00434EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.53 views

Canonical Apport 资源管理错误漏洞

Canonical Apport is a toolkit from Canonical UK that collects and provides feedback on error messages information that the operating system considers useful when an application crashes. A resource management error vulnerability exists in Canonical Apport, which arises from the application not...

5.5CVSS5.7AI score0.00199EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.53 views

Canonical Apport 安全特征问题漏洞

Canonical Apport is a toolkit from Canonical UK that collects and provides feedback on error messages information that the operating system considers useful when an application crashes. Canonical Apport suffers from a security signature issue vulnerability that stems from not filtering D-Bus...

7.1CVSS7.2AI score0.00207EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.52 views

nest 安全漏洞

nest is a Node.js framework developed by Nestjs, designed for building efficient, scalable, and enterprise-level server-side applications using TypeScript/JavaScript. Version 11.1.13 of nest contains a security vulnerability. This vulnerability arises from NestJS applications that utilize...

9.8CVSS5.8AI score0.00666EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.52 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unreleased control handler that could lead to a memory leak...

6.1AI score0.0018EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.52 views

Clinic’s Patient Management System SQL注入漏洞

Clinic's Patient Management System is a patient management system for a clinic in Carlo Montero. A security vulnerability exists in Clinic's Patient Management System version 2.0, which originates from a SQL injection vulnerability on the login page...

9.3CVSS9.4AI score0.03271EPSS
Exploits4References3
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.52 views

Filament Excel 安全漏洞

Filament Excel is a tool by Dennis Koch, a personal developer. Easily configure Excel exports in Filament through batch or page operations. A security vulnerability exists in Filament Excel that stems from allowing any file to be downloaded without logging in...

7.5CVSS6.5AI score0.0057EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.52 views

Coder 安全漏洞

Coder is an application from Coder that allows you to set up a development environment in a public or private cloud infrastructure. A security vulnerability exists in Coder and CoderV2 that stems from a security hole in OIDC authentication that allows an attacker to bypass authentication and crea...

8.2CVSS8.1AI score0.00965EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.52 views

WordPress plugin Formidable Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability in the WordPress...

7.5CVSS7.1AI score0.00702EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/08/11 12:0 a.m.52 views

ThinkCMF 跨站脚本漏洞

ThinkCMF is a CMS Content Management System based on ThinkPHP. A cross-site scripting vulnerability exists in ThinkCMF version 5.1.5, which stems from the lack of effective filtering and escaping of user-supplied data in the file UserController.php, and can be exploited by an attacker to execute...

5.4CVSS6.8AI score0.00418EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/16 12:0 a.m.52 views

Fortinet FortiADC 操作系统命令注入漏洞

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. Fortinet FortiADC suffers from a command injection vulnerability, which stems from an improper neutralization of special elements used in os commands, that can be exploited by an attacker to execute arbitrary shell code a...

7.8CVSS8.2AI score0.00552EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/15 12:0 a.m.52 views

Jenkins NS-ND Integration Performance Publisher Plugin 信任管理问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A trust management issue...

7.5CVSS7.3AI score0.00396EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/08/02 12:0 a.m.52 views

v8n 安全漏洞

v8n is a JavaScript validation library by the individual developer Bruno C. Couto. A security vulnerability exists in versions of v8n prior to 1.5.1, which stems from the fact that the low complexity of its lowercase and uppercase regular expressions may lead to denial-of-service attacks...

7.5CVSS7.1AI score0.01358EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.52 views

Moodle 输入验证错误漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. moodle suffers from an input validation error vulnerability, which stems from improper input validation and can be exploited by remote...

9.8CVSS6.1AI score0.06441EPSS
Exploits1References9
CNNVD
CNNVD
added 2021/12/27 12:0 a.m.52 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the Smart...

4.8CVSS4.9AI score0.00598EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/06/22 12:0 a.m.52 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

5.4CVSS5.9AI score0.00932EPSS
Exploits4References6
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.51 views

GNU LibreDWG 安全漏洞

GNU LibreDWG is a C-language library from the GNU community in the United States that is used for processing DWG files. Versions of GNU LibreDWG 0.13.4.8160 and earlier contain security vulnerabilities. These vulnerabilities stem from a heap buffer overflow in the bitreadRC function within the...

7.5CVSS7.3AI score0.00339EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.51 views

PilusCart SQL注入漏洞

PilusCart is an online store management system based on PHP and MySQL. Version 1.4.1 of PilusCart has a SQL injection vulnerability. This vulnerability stems from the send parameter, which allows for SQL injections. It may allow unverified attackers to manipulate database queries and extract...

8.8CVSS5.9AI score0.00377EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.51 views

Microsoft Windows Routing and Remote Access Service 安全漏洞

Microsoft Windows Routing and Remote Access Service is a network service from Microsoft Corporation USA that is used to implement features such as network routing, virtual private networks VPNs, and dial-up connections. A security vulnerability exists in Microsoft Windows Routing and Remote Acces...

8CVSS6.5AI score0.00791EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.51 views

Autodesk Navisworks 缓冲区错误漏洞

Autodesk Navisworks is a 3D model review software for architecture, engineering and construction from Autodesk, Inc. in the United States. A security vulnerability exists in Autodesk Navisworks that originates from parsing a specially crafted DWFX file resulting in memory corruption that could...

7.8CVSS7.1AI score0.00212EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.51 views

WordPress plugin HUSKY 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.8CVSS8.6AI score0.00477EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.51 views

编号撤回

Red Hat Undertow is a Java-based embedded web server from Red Hat USA and is the default web server for Wildfly Java Application Server. This CVE number has been withdrawn...

4.9AI score
Exploits0References3
CNNVD
CNNVD
added 2024/11/07 12:0 a.m.51 views

Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from the need for additional restrictions to avoid the risk of remote...

8.1CVSS8.9AI score0.83343EPSS
Exploits8References4
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.52 views

Ruby SAML 数据伪造问题漏洞

Ruby SAML is an open source implementation of a SAML authorization client from SAML-Toolkits. A data forgery vulnerability exists in Ruby SAML that stems from Ruby-SAML's inability to properly verify the signature of a SAML response, allowing an attacker to log in to a vulnerable system as an...

10CVSS9.5AI score0.10684EPSS
Exploits3References5
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.51 views

WordPress plugin ShopLentor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS6.2AI score0.00676EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/11/29 12:0 a.m.51 views

Progress MOVEit Transfer Cross-Site Scripting Vulnerability

Progress MOVEit Transfer is a secure hosted file transfer application from Progress. A security vulnerability exists in Progress MOVEit Transfer that stems from a Reflected Cross-Site Scripting XSS vulnerability when MOVEit Gateway and MOVEit Transfer are used together. Affected products and...

7.1CVSS5.7AI score0.00511EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/31 12:0 a.m.51 views

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.2.2, which stems from the lack of effective filtering and escaping of user-supplied data in the FileName parameter of the file attachment upload function, an...

5.4CVSS6.1AI score0.00414EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/10/20 12:0 a.m.51 views

VMware Aria Operations for Logs Code Issue Vulnerability

VMware Aria Operations for Logs is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A security vulnerability exists in VMware Aria Operations for Logs, which stems from a deserialization vulnerability...

7.8CVSS6.9AI score0.00204EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.51 views

Vyper 输入验证错误漏洞

Vyper is the Pythonic smart contract language for EVM. An input validation error vulnerability exists in versions of Vyper prior to 0.3.8, which stems from a lack of overflow checking for cyclic variables...

7.5CVSS7.3AI score0.00913EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/27 12:0 a.m.51 views

go-dagpb 缓冲区错误漏洞

go-dagpb is an IPLD open source implementation of the DAG-PB Go specification. A security vulnerability exists in go-dagpb that stems from the fact that the dag-pb codec may crash when decoding an invalid block...

7.5CVSS7.2AI score0.00723EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/03 12:0 a.m.51 views

WordPress plugin Keywordrush Content Egg 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS7.9AI score0.00284EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.51 views

VMware Spring Data REST 安全漏洞

VMware Spring Data REST is a data interface from VMware, Inc. It is used to build on top of the Spring Data repository, analyze an application's domain model, and expose hypermedia-driven HTTP resources for aggregations contained in the model. A security vulnerability exists in VMware Spring Data...

3.7CVSS6AI score0.00467EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.51 views

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A security vulnerability exists in Google TensorFlow, which stems from the fact that if tf.sparse.cross receives an input separator that is not a scalar, it fails with an...

7.5CVSS7.6AI score0.00405EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.51 views

SAP Host Agent 代码问题漏洞

SAP Host Agent is a suite of agent programs from SAP Germany that support a number of lifecycle management tasks such as operating system monitoring, database monitoring, and system instance monitoring. A code issue vulnerability exists in SAP NetWeaver, ABAP Platform, and SAP Host Agent. An...

4.3CVSS5.5AI score0.00626EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/11 12:0 a.m.51 views

Progress Software WhatsUp Gold 安全漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold versions 21.1.0 throu...

6.5CVSS6.5AI score0.03914EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/15 12:0 a.m.51 views

Moxa MGate 安全漏洞

Moxa MGate is a series of Ethernet gateway products from Moxa China. A security vulnerability exists in the Moxa MGate that allows an attacker to perform a man-in-the-middle MITM attack on the device. This affects MGate MB3170 series firmware version 4.2 or lower. and MGate MB3270 series firmware...

7.4CVSS7.3AI score0.00769EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/04/04 12:0 a.m.51 views

CreateWiki 授权问题漏洞

CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. A security vulnerability exists in CreateWiki that stems from the ability to use Special:RequestWikiQueue for anonymous comments when sent directly via POST...

5.3CVSS5.7AI score0.00969EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/02/17 12:0 a.m.51 views

Snapd 竞争条件问题漏洞

Snapd is an open source, cross-platform package management tool. snapd is vulnerable to a contention issue, which can be exploited by local attackers to gain root privileges and execute arbitrary code to gain privilege escalation by binding to mount their own content in snap's private mount...

7.8CVSS6AI score0.00952EPSS
Exploits4References20
CNNVD
CNNVD
added 2021/10/07 12:0 a.m.51 views

Aruba Instant 格式化字符串错误漏洞

Aruba Instant is a wireless network from Aruba USA. provides the only Wi-Fi solution that is easy to set up. Aruba Instant suffers from a Formatting String Error vulnerability that originates from a formatting string error in the Instant Command Line Interface. The vulnerability allows remote use...

5.3CVSS5.8AI score0.01249EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.50 views

Fortinet多款产品 安全漏洞

Fortinet FortiRecorder and others are products of Fortinet, Inc.Fortinet FortiRecorder is a Web-based network video recorder management system.Fortinet FortiMail is an email security gateway product.Fortinet FortiVoice is a unified communications and collaboration-as-a-service. A security...

9.8CVSS9.8AI score0.31419EPSS
Exploits3References2
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.50 views

Altenergy Power System Control Software 注入漏洞

Altenergy Power System Control Software is microinverter control software from Altenergy Power System. An injection vulnerability exists in Altenergy Power Control Software 20241108 and prior versions that stems from an improper authorization issue in the file /index.php/display/database/...

6.9CVSS5.8AI score0.00534EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.50 views

WordPress Plugin Mail Queue 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists...

7.2CVSS6.6AI score0.00439EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/24 12:0 a.m.50 views

Osprey Pump Controller 安全特征问题漏洞

Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01 that stems from vulnerability to a predictable and weak session token generation algorithm and could facilitate bypassing authentication and authorization. An attacker...

8.3CVSS7.5AI score0.00649EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/01/14 12:0 a.m.50 views

Apache Shiro 安全漏洞

Apache Shiro is a suite of Java security frameworks for performing authentication, authorization, encryption, and session management from the Apache Foundation USA. A security vulnerability exists in Apache Shiro versions prior to 1.11.0, which stems from a specially crafted HTTP request that cou...

7.5CVSS7.3AI score0.01553EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.50 views

Microsoft Windows Terminal 代码注入漏洞

Microsoft Windows Terminal is a new virtual terminal for Windows 10 announced by Microsoft Corporation of the United States at the Build 2019 conference that opened in Seattle. Users can install it through the Microsoft App Store or compile and install it themselves by downloading the source code...

7.8CVSS7.8AI score0.01365EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/01 12:0 a.m.50 views

ThinkCMF 跨站请求伪造漏洞

ThinkCMF is a CMS Content Management System based on ThinkPHP. A security vulnerability exists in ThinkCMF version 6.0.7, which stems from vulnerability to cross-site request forgery CSRF vulnerability...

8.8CVSS7.7AI score0.00343EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.50 views

NTT DATA TERASOLUNA 输入验证错误漏洞

NTT DATA TERASOLUNA is an NTT DATA framework from NTT DATA Corporation in Japan. A security vulnerability exists in NTT DATA TERASOLUNA Global Framework version 1.0.0 and TERASOLUNA Server Framework for Java Rich versions 2.0.0.2 through 2.0.5.1, which stems from improper input validation in the...

7.8CVSS8.2AI score0.00407EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/10/31 12:0 a.m.50 views

WordPress plugin WP Contact Slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

4.8CVSS5AI score0.00532EPSS
Exploits2References2
Total number of security vulnerabilities5000