Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2025/12/31 12:0 a.m.49 views

PocketMine-MP 安全漏洞

PocketMine-MP is a game server software from PMMP Open Source. A security vulnerability exists in PocketMine-MP versions prior to 4.18.1, which stems from improper input validation in inventory transaction processing, and could lead to a remote attacker triggering a server crash and resulting in ...

7.1CVSS5.8AI score0.0036EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.49 views

WordPress plugin Formality 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS6.6AI score0.02042EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/03 12:0 a.m.49 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from dm not handling partition table swapping correctly, which could lead to memory corruption...

5.5CVSS8AI score0.00137EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/20 12:0 a.m.49 views

NETGEAR DGND3700 安全漏洞

The Netgear DGND3700 is a dual-band Gigabit wireless DSL router manufactured by NETGEAR and is primarily used for home and SMB network connections. The Netgear DGND3700 suffers from an improper authentication vulnerability that originates in an unknown portion of Basic Authentication's file...

10CVSS6.9AI score0.17581EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.49 views

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft USA. A security vulnerability exists in Microsoft Windows. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected:Windows Server...

6.5CVSS8AI score0.02263EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.49 views

Django 安全漏洞

Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability in Django versions 5.1.5 prior to version 5.1, 5.0 prior to version...

7.5CVSS6.4AI score0.01854EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/25 12:0 a.m.49 views

BoidCMS 安全漏洞

BoidCMS is a free open source flat file CMS from BoidCMS Open Source for building simple websites and blogs, developed in PHP and using JSON as the database. A security vulnerability exists in BoidCMS 2.1.1 and earlier versions, which stems from a Reflected Cross-Site Scripting XSS vulnerability ...

5.4CVSS5.7AI score0.00865EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.49 views

Laravel 参数注入漏洞

Laravel is a web application framework from the Laravel community. A parameter injection vulnerability exists in Laravel. An attacker exploiting this vulnerability can call any URL using a specially crafted query string...

8.7CVSS6.9AI score0.37981EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/04/25 12:0 a.m.49 views

Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat USA that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from a hard-coded, loose regular expression used for filtering that allows hosts t...

5.4CVSS7AI score0.01075EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/02/21 12:0 a.m.49 views

MongoDB 代码问题漏洞

MongoDB is a document-oriented database management system from the American company MongoDB. A code issue vulnerability exists in MongoDB .NET/C Driver version v2.18.0 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...

7.2CVSS7.5AI score0.01049EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/24 12:0 a.m.49 views

OpenStack 路径遍历漏洞

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. A security vulnerability exists in OpenStack Cinder, glance, and nova, which stems from the fact that by providing a specially created VMDK flat image that references the path to a specific...

5.7CVSS6.8AI score0.01025EPSS
Exploits1References22
CNNVD
CNNVD
added 2022/12/27 12:0 a.m.49 views

memos 资源管理错误漏洞

memos is an open source hosted memo center with knowledge management and social features. A resource management error vulnerability exists in versions of memos prior to 0.9.1, which stems from a denial of service...

7.6CVSS7.2AI score0.00678EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.49 views

Siemens Mendix Email Connector 安全漏洞

Siemens Mendix Email Connector Module allows email to be sent and received on its own email server and adds new features such as sending signed and encrypted emails.A security vulnerability exists in Siemens Mendix Email Connector Module due to a version of the affected module that fails to...

8.1CVSS6.7AI score0.00705EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.49 views

Microsoft Windows Terminal 代码注入漏洞

Microsoft Windows Terminal is a new virtual terminal for Windows 10 announced by Microsoft Corporation of the United States at the Build 2019 conference that opened in Seattle. Users can install it through the Microsoft App Store or compile and install it themselves by downloading the source code...

7.8CVSS7.8AI score0.01365EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.49 views

Apache SOAP 访问控制错误漏洞

Apache SOAP is used as a client-side library by the Apache Foundation to invoke SOAP services available elsewhere, and as a server-side tool to implement SOAP-accessible services. an authentication error vulnerability exists in Apache SOAP, which stems from the fact that RPCRouterServlet can be...

9.8CVSS9.8AI score0.02251EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/09/19 12:0 a.m.49 views

WordPress plugin Site Offline 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in the WordPress...

4.3CVSS5.2AI score0.01299EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/07/12 12:0 a.m.49 views

VMware vCenter Server 代码问题漏洞

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A code issue vulnerability exists in VMware...

7.5CVSS7.4AI score0.00946EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.49 views

Jenkins Plugin OpsGenie 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

4.3CVSS5.6AI score0.00557EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/13 12:0 a.m.49 views

Open Forms 代码问题漏洞

Open Forms is Open Formulieren open source an intelligent dynamic form . Used to quickly create powerful and intelligent forms exposed through the API . Open Forms versions prior to 1.1.1 have a code issue vulnerability that stems from insufficient input validation of uploaded files...

7.6CVSS6.7AI score0.00748EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/08 12:0 a.m.49 views

GE APM 安全漏洞

GE APM is an equipment monitoring system from General Electric GE. The system provides continuous monitoring of equipment operating status and faults. A security vulnerability exists in the GE APM Java agent that stems from the discovery of a local elevation of privilege issue in the APM Java...

7.8CVSS7.4AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/20 12:0 a.m.49 views

Six Apart Movable Type 操作系统命令注入漏洞

Six Apart Movable Type is an application from Six Apart, Inc. A command injection vulnerability exists in Six Apart Movable Type due to incorrect input validation in the Movable Type XMLRPC API, which can be exploited by an unauthenticated remote attacker to execute arbitrary operating system...

9.8CVSS6.3AI score0.88144EPSS
Exploits11References10
CNNVD
CNNVD
added 2021/06/24 12:0 a.m.49 views

thephpleague flysystem 代码注入漏洞

Flysystem is an open source file repository. Thephpleague flysystem suffers from a code injection vulnerability that stems from the fact that under certain conditions, flysystem could allow a malicious user to remotely execute code...

9.8CVSS8.4AI score0.03486EPSS
Exploits2References8
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.48 views

PilusCart SQL注入漏洞

PilusCart is an online store management system based on PHP and MySQL. Version 1.4.1 of PilusCart has a SQL injection vulnerability. This vulnerability stems from the send parameter, which allows for SQL injections. It may allow unverified attackers to manipulate database queries and extract...

8.8CVSS5.9AI score0.00377EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.48 views

Google Chrome 资源管理错误漏洞

Google Chrome is a popular web browser. Google Chrome suffers from a resource management error vulnerability, which stems from a post-release reuse of a media component, that can be exploited by an attacker to cause an application to crash or execute arbitrary code in the context of the applicati...

8.8CVSS8.6AI score0.00401EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.48 views

SAMSUNG MagicINFO 9 Server 安全漏洞

Samsung MagicINFO 9 Server is a core component of the MagicINFO solution and is responsible for content management and scheduling functions. A path traversal vulnerability exists in Samsung MagicINFO 9 Server, which stems from an improperly restricted pathname, and can be exploited by an attacker...

9.8CVSS6.9AI score0.23953EPSS
Exploits4References1
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.48 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the drm/i915 component requesting an improper reference count during error trapping...

5.5CVSS6.3AI score0.0021EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/01/19 12:0 a.m.48 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the netfsunbufferedwriteiterlocked function incorrectly handling kernel asynchronous DIO writes as user-spac...

5.5CVSS6.6AI score0.00209EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/06/14 12:0 a.m.48 views

GitLab CE/EE Security Vulnerabilities

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE, which stems from the fact that an...

4.3CVSS6.7AI score0.00426EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/19 12:0 a.m.48 views

WordPress Plugin Restrict User Access Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.1CVSS5.8AI score0.00622EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/29 12:0 a.m.48 views

jberet Security Vulnerabilities

jberet is a jberet open source application to provide portable batch processing support in Jakarta EE environments. A security vulnerability exists in jberet that stems from an exception in dbProperties that may display user credentials, such as the username and password for a database connection...

6.5CVSS6.9AI score0.00788EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.48 views

Microsoft SQL Server 安全漏洞

Microsoft SQL Server is a large commercial database system from Microsoft that is used on Microsoft Windows systems. A security vulnerability exists in SQL Server. The following products and versions are affected:Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity...

7.8CVSS7.7AI score0.00393EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/19 12:0 a.m.48 views

WordPress plugin Social Warfare 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

5.4CVSS5.6AI score0.00374EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/12/31 12:0 a.m.48 views

rgb2hex 安全漏洞

rgb2hex is a lightweight rgb/rgba-to-hexadecimal parser from the personal developer Christian Bromann. A security vulnerability exists in rgb2hex version 0.1.5 and earlier. An attacker exploited the vulnerability to cause inefficient regular expression complexity...

7.5CVSS5.8AI score0.0094EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/30 12:0 a.m.48 views

Book Store Management System 访问控制错误漏洞

Book Store Management System is an online bookstore system by Carlo Montero Personal Developer. A security vulnerability exists in Book Store Management System version 1.0, which stems from incorrect access control...

9.8CVSS7.5AI score0.00897EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.48 views

Digital Alert Systems DASDEC EAS 跨站脚本漏洞

Digital Alert Systems DASDEC EAS is a digital alert system from Digital Alert Systems, Inc. Digital Alert Systems DASDEC EAS suffers from a cross-site scripting vulnerability that can be exploited by a remote attacker to inject arbitrary web script or HTML code via the username field of the login...

5.4CVSS5.8AI score0.00438EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/08 12:0 a.m.48 views

Fastify 安全漏洞

Fastify is an open source web framework for Node.js from the OpenJS Foundation. Fastify fastify-websocket suffers from a security vulnerability that originates from an attacker sending it specific packets in the wrong format, which could cause it to crash...

7.5CVSS7.3AI score0.00731EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.48 views

F5 BIG-IP 命令注入漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other functions from F5 Corporation in the United States. A command injection vulnerability exists in F5 BIG-IP versions 16.1.x through 16.1.3.1 prior,...

7.2CVSS7.2AI score0.011EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/19 12:0 a.m.48 views

WordPress plugin NEX-Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

8.8CVSS8AI score0.10375EPSS
Exploits5References5
CNNVD
CNNVD
added 2022/08/29 12:0 a.m.48 views

WordPress plugin Simply Schedule Appointments 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

5.3CVSS6.7AI score0.01424EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/08/08 12:0 a.m.48 views

WordPress plugin DW Promobar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

4.8CVSS5AI score0.00493EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/07/26 12:0 a.m.48 views

Atlassian Jira 代码问题漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira Service Management Server and Data Center versions prior to 4.13.20, 4.14.0 to...

5.7CVSS6AI score0.00602EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.48 views

Qualcomm多款产品 资源管理错误漏洞

The Qualcomm Snapdragon SOC Snapdragon Processor is a chip from Qualcomm Incorporated that is used in mobile devices to process information. A security vulnerability exists in various Qualcomm products that stems from a post-release reuse condition when using the IOCTL munmap call to free process...

8.4CVSS7.6AI score0.0045EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/05/19 12:0 a.m.48 views

Arm Mali GPU Kernel Driver 资源管理错误漏洞

The Arm Mali GPU Kernel Driver is a driver for a graphics processor unit from Arm UK. A security vulnerability exists in the Arm Mali GPU Kernel Driver, which stems from a reuse-after-release vulnerability and affects the following products and versions: Midgard versions r28p0 through r29p0, prio...

10CVSS8.2AI score0.01245EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/05/04 12:0 a.m.48 views

Microweber 跨站脚本漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber versions prior to 1.2.16, which allows an...

8.8CVSS7.4AI score0.0125EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/10/14 12:0 a.m.48 views

ZZCMS SQL注入漏洞

ZZCMS is a content management system CMS from the Zzcms team in China.ZZCMS version 2019 is vulnerable to a SQL injection vulnerability that originates from a missing validation of external input SQL statements in the dlid parameter on the application's /dl/dlprint.php page. An attacker could use...

7.5CVSS6.1AI score0.01468EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.47 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel. These vulnerabilities stem from the fact that ksmbd does not verify the SID length of inherited ACEs in the...

8.8CVSS6AI score0.00408EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.47 views

Oracle MySQL Server 安全漏洞

Oracle MySQL Server is a relational database management system developed by Oracle Corporation. There are security vulnerabilities in versions 8.0.0 to 8.0.45 of Oracle MySQL Server. These vulnerabilities stem from issues with the Server: DML component, which may allow attackers with high...

4.9CVSS7.2AI score0.00323EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.47 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the f2fs file system not performing an integrity check on the destination block address during recovery, whi...

5.5CVSS4.9AI score0.00145EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.47 views

Microsoft Windows Fast Fat Driver 安全漏洞

Microsoft Windows Fast Fat Driver is a complete file system from Microsoft USA that solves a variety of problems such as storing data on disk, interacting with a cache manager, and handling a variety of I/O operations such as file creation, performing reads/writes to files, setting file...

7.8CVSS6.4AI score0.00477EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/27 12:0 a.m.47 views

vLLM 代码问题漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A code issue vulnerability exists in versions of vLLM prior to v0.7.0 that stems from arbitrary code execution during unpickling when torch.load loads malicious pickle data...

8.8CVSS7.3AI score0.00694EPSS
Exploits0References4
Total number of security vulnerabilities5000