Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/05/25 12:0 a.m.20 views

Code-Projects Employee Management System SQL注入漏洞

Code-Projects Employee Management System is a Code-Projects open source employee management system . Code-Projects Employee Management System version 1.0 suffers from a SQL injection vulnerability that originates from the operation of the parameter pid by an unknown function in the /psubmit.php...

6.5CVSS6.7AI score0.00246EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.20 views

H3C Magic B0 安全漏洞

H3C Magic B0 is a small wireless router produced by H3C Corporation. The H3C Magic B0 100R002 and earlier versions have security vulnerabilities. These vulnerabilities stem from improper handling of parameters in the function EditBasicSSID5G within the file/goform/aspForm. This may lead to a remo...

9CVSS7.6AI score0.00445EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.20 views

New API SQL注入漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.12.1 have a SQL injection vulnerability. This vulnerability originates from the SearchUserTopUps/SearchAllTopUps function in the model/topup.go file of the self Endpoint component, which may lead to...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.20 views

SourceCodester Hospitals Patient Records Management System SQL注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability stems from...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.20 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.6 contained security vulnerabilities. These vulnerabilities stemmed from the chat completion API, where tool IDs and server parameters were provided by users witho...

7.1CVSS5.8AI score0.0026EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.20 views

Turborepo 跨站请求伪造漏洞

Turborepo is a high-performance JavaScript and TypeScript build system open source by Vercel. Versions of Turborepo prior to 2.9.14 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of validation of the CSRF status value on the localhost callback in t...

6.5CVSS5.7AI score0.00124EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.20 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of limits on the number of authentication attempts at the /admin/check endpoint, allowing...

9.3CVSS5.8AI score0.00339EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.20 views

WordPress plugin Essential Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.5CVSS5.8AI score0.00238EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.20 views

vm2 安全漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 have security vulnerabilities; these vulnerabilities stem from sandbox boundary violations. During...

7.2CVSS5.9AI score0.002EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.20 views

Netty 环境问题漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contained environmental issues. These issues stemmed from...

9.1CVSS6.9AI score0.0075EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.20 views

vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox for Node.js developed by Patrik Simek from Czech Republic. It runs untrusted code using built-in Node modules listed in the allowlist. In versions 3.9.6 to 3.10.5 of vm2, there was a code injection vulnerability. This vulnerability stemmed from a bridgi...

10CVSS6.1AI score0.00842EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.20 views

Schneider Electric Saitel DR RTU和Schneider Electric Saitel DP RTU 路径遍历漏洞

Schneider Electric Saitel DR RTU and Schneider Electric Saitel DP RTU are both remote terminal devices from Schneider Electric, a French company. Both devices have a path traversal vulnerability. This vulnerability stems from improper path name restrictions, which may lead to unauthorized access ...

7.1CVSS5.9AI score0.00303EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.20 views

Onyx 安全漏洞

Onyx is an open-source AI large model platform developed by Onyx. Vulnerabilities exist in versions prior to Onyx 3.0.9, 3.1.6, and 3.2.6. These vulnerabilities stem from the POST /chat/stop-chat-session/chatsessionid endpoint checking authentication but failing to verify that the session belongs...

4.3CVSS5.8AI score0.00279EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.20 views

PhpSpreadsheet 跨站脚本漏洞

PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. Versions prior to PhpSpreadsheet 5.7.0, 3.10.5, 2.4.5, 2.1.16, and 1.30.4 contained a cross-site scripting vulnerability. This vulnerability stemmed from HTML writers skipping...

5.4CVSS5.8AI score0.00225EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.20 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. The version of OpenClaw from 2026.4.7 to 2026.4.10 contains security vulnerabilities. These vulnerabilities stem from the lack of standardization of Discord event cover image parameters during sandbox media...

7.7CVSS5.8AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.20 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in DevTools, allowing attackers who persuade users to install malicious extensions to leak...

4.3CVSS5.9AI score0.00125EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.20 views

Flowise 命令注入漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior to Flowise 3.1.0, there was a command injection vulnerability in versions of the tool. This vulnerability stemmed from the lack of proper sandboxing mechanisms in the run method of the...

9.8CVSS7.5AI score0.00464EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.20 views

Seeyon OA A8 代码问题漏洞

Seeyon OA A8 is a collaborative office management system developed by the Chinese company Seeyon. There is a code vulnerability in Seeyon OA A8. This vulnerability stems from an unauthenticated file writing operation at the /seeyon/htmlofficeservlet endpoint. This could allow a remote attacker to...

9.3CVSS6.2AI score0.00653EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.20 views

Eclipse Jetty 授权问题漏洞

Eclipse Jetty is an open-source Java-based web server and Java Servlet container developed by the Eclipse Foundation. There is an authorization issue vulnerability in Eclipse Jetty, which stems from the fact that the JASPIAuthenticator does not clear the ThreadLocal variable. This can cause...

7.4CVSS5.8AI score0.00529EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.20 views

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. OX Dovecot Pro has a security vulnerability; this vulnerability arises from email messages that contain excessive RFC 2231 MIME parameters, which may lead to excessive CPU usage and...

5.3CVSS5.8AI score0.00374EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.20 views

HCCTG MPOS M6 PLUS 安全漏洞

HCCTG MPOS M6 PLUS is a mobile payment terminal device developed by HCCTG Corporation. The HCCTG MPOS M6 PLUS 1V.31-N version contains a security vulnerability, which stems from an authentication bypass in the Bluetooth Handler component...

5CVSS6AI score0.00288EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.20 views

glances 安全漏洞

Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.2 contained security vulnerabilities. These vulnerabilities stemmed from the use of untrusted advertisement names to construct connection URIs and retrieve keys under the Central Browser mode. This...

8.1CVSS5.8AI score0.00282EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.20 views

itsourcecode Online Doctor Appointment System SQL注入漏洞

itsourcecode Online Doctor Appointment System is an open-source online doctor appointment system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability, which stems from incorrect handling of the patientid parameter in the file admin/patientaction.php. This...

9.8CVSS7.2AI score0.00379EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.20 views

The Unofficial and Awesome Home Assistant MCP Server 跨站脚本漏洞

The Unofficial and Awesome Home Assistant MCP Server is an open-source component of the Unofficial Home Assistant AI Toolkit, designed to connect smart home platforms with AI assistants. Versions of the Unofficial and Awesome Home Assistant MCP Server prior to version 7.0.0 contained a cross-site...

6.8CVSS5.8AI score0.00181EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.20 views

Copyparty 跨站脚本漏洞

Copyparty is a portable file server developed by Ed’s individual developer. Versions of Copyparty prior to 1.20.12 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of the.prologue.html file, which could allow attackers to execute arbitrary JavaScri...

4.4CVSS5.9AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.20 views

Microsoft Graphics Component 代码问题漏洞

The Microsoft Graphics Component is a graphics driver component developed by Microsoft Corporation. There are code-related vulnerabilities in the Microsoft Graphics Component. Attackers can exploit these vulnerabilities to cause system denial-of-service attacks. The following products and version...

6.2CVSS5.8AI score0.0048EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.20 views

Rocket.Chat 安全漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. There were security vulnerabilities in versions prior to 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0. These vulnerabilities stemmed from authentication issues within the DDP Streamer service, where two-factor...

9.8CVSS5.8AI score0.00333EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.20 views

WordPress plugin Marcell 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.20 views

IBM Db2 安全漏洞

IBM Db2 is a relational database management system developed by IBM. The system can run on various operating systems such as UNIX, Linux, IBMi, z/OS, and Windows servers. Versions of IBM Db2 prior to 11.5.9 and 12.1.3 contain security vulnerabilities. These vulnerabilities stem from specific HADR...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.20 views

Dell Unisphere for PowerMax 跨站脚本漏洞

Dell Unisphere for PowerMax is a graphical management platform developed by the American company Dell. The version 9.2.4.x of Dell Unisphere for PowerMax contains a cross-site scripting vulnerability, which arises from improper input handling and may lead to cross-site scripting attacks...

5.4CVSS5.6AI score0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.20 views

Microsoft Outlook 信息泄露漏洞

Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Outlook. The vulnerability stems from the application's inadequate protection of sensitive information and can be exploited by an attacker to conduc...

7.5CVSS5.8AI score0.01425EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.20 views

Keycloak security vulnerabilities

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak, which stems from improper control of administrator API permissions. This vulnerability may allow restricted administrators to retrieve sensitive user attributes...

2.7CVSS5.8AI score0.00364EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.20 views

Dell PowerScale OneFS security vulnerabilities

Dell PowerScale OneFS is an operating system developed by the American company Dell. It provides a horizontally scalable NAS solution through the PowerScale OneFS operating system. Versions of Dell PowerScale OneFS prior to 9.13.0.0 contained a security vulnerability. This vulnerability stemmed...

9.8CVSS5.8AI score0.00367EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.20 views

WordPress plugin Hospital Doctor Directory has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.00378EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.20 views

Sandboxie Plus code issue and vulnerabilities

Sandboxie Plus is an open-source Windows sandboxing tool developed by Sandboxie Plus. Version 0.7.2 of Sandboxie Plus has a code vulnerability; this vulnerability stems from a service path in the SbieSvc service that lacks quotation marks, which may allow local attackers to execute code with...

8.5CVSS6AI score0.00128EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.20 views

Microsoft Windows SMB Server 竞争条件问题漏洞

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server due to...

7.5CVSS5.9AI score0.00784EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.20 views

WordPress plugin WP Export Categories & Taxonomies 安全漏洞

...

5.3CVSS6.8AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.20 views

Elastic Filebeat 安全漏洞

Elastic Filebeat is a lightweight data probe for forwarding and centralizing log data from Elastic Netherlands. A security vulnerability exists in Elastic Filebeat that stems from improper input validation and could lead to a buffer overflow and denial of service...

6.5CVSS6.7AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.20 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from an out-of-bounds read in the rtwgetie parser in rtl8723bs...

6.2AI score0.00176EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.20 views

Brother iPrint&Scan 安全漏洞

Brother iPrint&Scan is a free application from Brother that allows you to print and scan from your Android device. A security vulnerability exists in Brother iPrint&Scan version 6.13.7 and earlier, which stems from improper use of the external cache directory and could result in files being...

4.8CVSS4.3AI score0.00115EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.20 views

Tuya多款产品 安全漏洞

Tuya Android SDK and others are products of Tuya China.Tuya Android SDK is a software development kit.Tuya iOS SDK is a software development kit.Tuya Smart App is a smart app. A security vulnerability exists in several Tuya products, which stems from an unvalidated state parameter in the OAuth...

8.8CVSS6.5AI score0.00135EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.20 views

Pi-hole Web Interface 跨站脚本漏洞

Pi-hole Web Interface is a dashboard web interface from Pi-hole open source. A cross-site scripting vulnerability exists in Pi-hole Web Interface versions prior to 6.3, which stems from improper input cleanup in the Address field and could lead to a cross-site scripting attack...

5.4CVSS5.8AI score0.00228EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.20 views

D-Link Nuclias Connect 安全漏洞

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from an observable response difference vulnerability that stems from the...

6.9CVSS6.9AI score0.00954EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.20 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. A security vulnerability exists in HCL AION version v2.0 that stems from allowing inline script execution in CSP environments...

8.2CVSS7AI score0.00219EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.20 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unreleased temporary buffer that could lead to a memory leak...

5.5CVSS6AI score0.00168EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.20 views

Tuya Smart Life App 安全漏洞

Tuya Smart Life App is a smart home control app from Chinese company Tuya Tuya. A security vulnerability exists in Tuya Smart Life App version 5.6.1, which originates from an attacker being able to control the device without privileges via the Matter protocol...

9.1CVSS6.7AI score0.00291EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.20 views

Baicells多款产品 安全漏洞

Baicells Nova 436Q and others are products of Baicells, Inc.Baicells Nova 436Q is an advanced dual-carrier outdoor eNodeB eNB. Baicells Nova 227 and others are products of the company.Baicells Nova 227 is a miniature base station.Baicells NEUTRINO430 is an LTE base station. A security vulnerabili...

9.8CVSS6.6AI score0.00319EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/02 12:0 a.m.20 views

Mobile Security Framework 路径遍历漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application from Mobile Security Framework open source. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A path traversal vulnerability exists in...

6.5CVSS6.6AI score0.0056EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.20 views

Fortinet FortiWeb 安全漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A security vulnerability exists in Fortinet...

8.1CVSS7.1AI score0.09825EPSS
Exploits4References2
CNNVD
CNNVD
added 2025/08/08 12:0 a.m.20 views

OpenMetadata 安全漏洞

OpenMetadata is OpenMetadata open source a unified discovery, observable and governance platform powered by a central metadata repository, deep along and seamless team collaboration. A security vulnerability exists in OpenMetadata 1.4.4 and earlier versions, which stems from an unvalidated...

8.8CVSS7.5AI score0.00317EPSS
Exploits0References4
Total number of security vulnerabilities5000