Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

OpenClaw 权限许可和访问控制问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.20 contained security vulnerabilities. These vulnerabilities were caused by permission escalation issues, where hooks triggered proxy operations that incorrectly received MCP...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

aiograpi 代码问题漏洞

aiograpi is an asynchronous Instagram API Python library developed by Mark. Versions of aiograpi prior to 0.9.10 contained code vulnerabilities. These vulnerabilities stemmed from accepting registration challenge paths provided by the server and using them to construct the request URL before...

6.5CVSS5.4AI score0.00195EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Axios 代码问题漏洞

Axios is an open-source HTTP client developed by Axios, based on Promise a solution for asynchronous programming. There were code-related vulnerabilities in versions of Axios before 0.32.0 and 1.16.0. These vulnerabilities stemmed from unnormalized IPv4-to-Ipv6 address mappings, which could lead ...

8.6CVSS5.3AI score0.00889EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions 1.7.0 to 1.15.x of Axios contain security vulnerabilities. These vulnerabilities stem from the lack of enforcement of request and response size limits when using the fetch adapter, which may lead to resource exhaustion...

7.5CVSS5.2AI score0.0063EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

GitLab 授权问题漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 15.10, 18.10.8, 18.11.5, and 19.0.2...

5.4CVSS5.8AI score0.00187EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

WordPress plugin WpEvently 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.3AI score0.001EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 had a security vulnerability due to insufficient checks. This vulnerability could allow applications to bypass startup restriction protections and execute...

7.8CVSS5.5AI score0.00115EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 had a security vulnerability due to insufficient checks, which could allow applications to bypass its sandbox...

8.8CVSS5.3AI score0.00127EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Axios 资源管理错误漏洞

Axios is an open-source HTTP client developed by Axios, based on Promise a solution for asynchronous programming. Versions of Axios prior to 0.32.0 and 1.16.0 have a resource management vulnerability. This vulnerability arises from failing to escape regular expression characters when constructing...

7.5CVSS5.3AI score0.00622EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

IBM Security QRadar EDR 安全漏洞

IBM Security QRadar EDR is a terminal detection and response software developed by the American multinational company IBM. There are security vulnerabilities in versions 3.12 to 3.12.24 of IBM Security QRadar EDR. These vulnerabilities stem from the storage of user credentials in plain text, whic...

4.4CVSS5.3AI score0.00094EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Limatek LimRAD NAC 代码问题漏洞

Limatek LimRAD NAC is a network access control system developed by the Turkish company Limatek. Versions of Limatek LimRAD NAC prior to 5.5.7.3.9 contained code vulnerabilities. These vulnerabilities stemmed from an unlimited upload of dangerous types of files, which could lead to remote code...

9.8CVSS5.8AI score0.00358EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Cerebrate 输入验证错误漏洞

Cerebrate is an open-source platform developed by Cerebrate. It serves as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there was a vulnerability related to input validation errors. This vulnerability stemmed...

8.7CVSS5.3AI score0.00312EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Quest Bot 安全漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.4 contained security vulnerabilities. These vulnerabilities stemmed from the fact that audit commands did not disable mention resolution, allowing administrators...

2.3CVSS5.4AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Hermes Web UI 访问控制错误漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.358 contained an access control vulnerability. This vulnerability stemmed from improper access control measures, allowing unauthorized remote attackers to initial...

9.4CVSS5.9AI score0.00543EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

MCP Server Kubernetes 安全漏洞

MCP Server Kubernetes is a Kubernetes management server developed by Suyog Sonwalkar. Versions of MCP Server Kubernetes prior to 3.6.0 contained security vulnerabilities. These vulnerabilities stemmed from access control being executed at the tool discovery layer but not at the execution layer,...

8.8CVSS5.6AI score0.00376EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Quest Bot 安全漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.3 contained security vulnerabilities. These vulnerabilities stemmed from users who had access to manage servers but did not have management roles or administrator...

7.5CVSS5.6AI score0.00238EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

IBM Langflow Desktop 代码问题漏洞

IBM Langflow Desktop is a desktop application for AI process orchestration developed by IBM. Versions 1.0.0 to 1.9.2 of IBM Langflow Desktop have code vulnerabilities. These vulnerabilities are due to susceptibility to server-side request forgeing attacks, which may allow authenticated attackers ...

5.4CVSS5.5AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

VMware Spring Web Flow 安全漏洞

VMware Spring Web Flow is a web application flow management framework developed by the American company VMware. Versions 4.0.0, 3.0.0 to 3.0.1, and 2.5.0 to 2.5.1 of VMware Spring Web Flow contain security vulnerabilities. These vulnerabilities stem from the possibility of malicious Unified EL...

6.4CVSS5.4AI score0.00225EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Oracle PeopleSoft Enterprise PeopleTools 访问控制错误漏洞

Oracle PeopleSoft Enterprise PeopleTools is a technology provided by Oracle Corporation for use with PeopleSoft applications, ensuring that it remains aligned with user needs and expectations. Versions 8.61 and 8.62 of Oracle PeopleSoft Enterprise PeopleTools contain access control vulnerabilitie...

9.8CVSS5.8AI score0.9233EPSS
Exploits3References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Vim 代码注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Prior to Vim 9.2.0496, there was a code injection vulnerability in the plugin for the cucumber file type. This vulnerability stemmed from the s:stepmatch function in the plugin, which, in Vim builds that support Ruby,...

5.3CVSS5.8AI score0.00135EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Netty 资源管理错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.135.Final and 4.2.15.Final contained a resource management vulnerability. This...

7.5CVSS5.2AI score0.0038EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

VMware Spring Data Commons 资源管理错误漏洞

VMware Spring Data Commons is a data access abstraction framework developed by VMware Corporation in the United States. There is a resource management vulnerability in VMware Spring Data Commons. This vulnerability arises when the attribute path string controlled by the attacker is passed to the...

7.5CVSS5.3AI score0.00363EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

SpiceDB 授权问题漏洞

SpiceDB is a fine-grained permission database developed by the Authzed team. In versions 1.15.0 to 1.52.0 of SpiceDB, there was an authorization vulnerability. This vulnerability stemmed from the caveat structure, which contained nested lists, potentially leading to improper caching reuse...

2.3CVSS5.3AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Apache OFBiz 授权问题漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.07 had an authorization vulnerability; this vulnerability stemmed from an issue wi...

8.8CVSS5.3AI score0.00407EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Boxlite 访问控制错误漏洞

BoxLite is an open-source embedded microvirtual machine runtime developed by BoxLite. It provides hardware-isolated secure sandboxes for AI agents and code execution scenarios. Versions of BoxLite prior to 0.9.0 contained an access control vulnerability. This vulnerability stemmed from the lack o...

10CVSS6AI score0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

WordPress plugin Simple Link Directory 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.4CVSS5.2AI score0.00141EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Fedify 代码问题漏洞

Fedify is a TypeScript library developed by Hong Minhee. It is used to build federated server applications that support ActivityPub and other standards. Versions of Fedify prior to 1.9.12, 1.10.11, 2.0.19, 2.1.15, and 2.2.4 have code vulnerabilities. These vulnerabilities stem from an incomplete...

8.6CVSS5.4AI score0.00269EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

sharp 安全漏洞

Sharp is a personal development tool by Lovell, designed to convert large images in common formats into smaller, web-friendly JPEG, PNG, WebP, GIF, and AVIF images. Versions of Sharp from 9.0.0 to 9.22.3 contained a security vulnerability. This vulnerability stemmed from the create and store...

4.3CVSS5.4AI score0.00213EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Russh 输入验证错误漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. In versions of Russh from 0.34.0 to 0.61.0, there was an input validation vulnerability. This vulnerability stemmed from multiple message processors decoding attacker-controlled SSH strings, name lists, and...

7.5CVSS5.4AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Russh 安全漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. Versions of Russh prior to 0.60.3 contained security vulnerabilities. These vulnerabilities stemmed from CryptoVec’s use of unchecked capacity growth and unchecked length arithmetic, which could lead to buffe...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

s2n-quic 安全漏洞

s2n-quic is a high-performance QUIC protocol implementation library open source by Amazon Web Services. Versions of s2n-quic prior to 1.8.2 contained security vulnerabilities. These vulnerabilities stemmed from unbounded memory allocation in theCRYPTO frame reassembler, which could allow...

6.9CVSS5.4AI score0.00291EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Fission 访问控制错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained a access control vulnerability. This vulnerability allowed low-privilege developers to create KubernetesWatchTriggers within their own namespaces, enabling them to establish...

7.7CVSS5.3AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities arise from the buildermgr controller failing to verify that Package.spec.environment.namespace matches Package.metadata.namespac...

7.7CVSS5.3AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Silverpeas 安全漏洞

Silverpeas is an open-source business collaboration platform developed by Silverpeas. This platform includes applications such as project management, blogs, forums, and document management. Versions of Silverpeas prior to 6.4.6 contained security vulnerabilities, which were caused by improper...

6.5CVSS5.3AI score0.00327EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Lenovo ThinkPad 加密问题漏洞

The Lenovo ThinkPad is a portable computer by the company Lenovo. The Lenovo ThinkPad has an encryption vulnerability, which stems from issues with the embedded controller firmware. This vulnerability may allow privileged local users to perform arbitrary read and write operations on privileged...

8.4CVSS5.5AI score0.00077EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

NLnet Labs ldns 访问控制错误漏洞

NLnet Labs ldns is a DNS library developed by the Nlnet Foundation in the Netherlands, designed for easy programming of DNS tools. Versions 1.2.0 to 1.9.0 of NLnet Labs ldns contain access control vulnerability issues. This vulnerability arises from the fact that when used as a UDP resolver, the...

8.2CVSS5.3AI score0.00147EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

QNAP file station 资源管理错误漏洞

QNAP Systems File Station 6 is a file management software developed by QNAP Systems, a company based in Taiwan, China. There is a security vulnerability in QNAP Systems File Station 6, which stems from unlimited resource allocation or throttling. This vulnerability could allow remote attackers to...

6.5CVSS5.9AI score0.0028EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

QNAP Systems File Station 6 安全漏洞

QNAP Systems File Station 6 is a file management software developed by QNAP Systems, a company based in Taiwan, China. QNAP Systems File Station 6 has a security vulnerability that stems from improper authorization. This vulnerability could allow remote attackers to bypass intended access...

8.6CVSS5.4AI score0.00259EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.4.0 contained a security vulnerability. This vulnerability stemmed from the call to .unwrap during the delinearize function in Ed25519PublicKey::delinearize. When the public key was constructed...

4.3CVSS5.3AI score0.00231EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Cloud hypervisor 资源管理错误漏洞

Cloud Hypervisor is a virtual machine monitor developed by Cloud Hypervisor Company, designed for modern cloud workloads. Versions of Cloud Hypervisor from 21.0 to 51.2 contained a resource management vulnerability. This vulnerability stemmed from submitting two virtio-block descriptors with the...

8.9CVSS5.3AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

VMware Spring Security和Spring Authorization Server 输入验证错误漏洞

VMware Spring Security and Spring Authorization Server are both products of the American company VMware. VMware Spring Security is a security framework designed to provide descriptive security protections for Spring-based applications. Spring Authorization Server is a framework used to build secu...

6.1CVSS5.4AI score0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

spring security 资源管理错误漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. There is a resource management vulnerability in Spring Security. This vulnerability arises from the use of spring-security-saml2-service-provider and REDIRECT when...

7.5CVSS5.9AI score0.00331EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained security vulnerabilities. These vulnerabilities were caused by errors in...

4CVSS5.5AI score0.00116EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

ImageMagick 资源管理错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-47 and 7.1.2-22 contained a resource management vulnerability. This vulnerability stemmed from a...

7.5CVSS5.3AI score0.00495EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

ImageMagick 路径遍历漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-24 contained a path traversal vulnerability. This vulnerability stemmed from incorrec...

5.5CVSS5.3AI score0.00128EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

ImageMagick 输入验证错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-24 contained a vulnerability related to input validation errors. This vulnerability...

7.5CVSS5.3AI score0.00346EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Microsoft Exchange Server 授权问题漏洞

Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There are vulnerabilities related to authorization in Microsoft Exchange Server. Attackers can...

8.1CVSS5.3AI score0.00454EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

WordPress plugin jQuery Hover Footnotes 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

6.4CVSS5.3AI score0.00253EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS6.1AI score0.00283EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS5.1AI score0.00224EPSS
Exploits0References1
Total number of security vulnerabilities5000