Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Microsoft Office 资源管理错误漏洞

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a resource management vulnerability in Microsoft Office, which stems from a heap buff...

8.4CVSS5.9AI score0.00364EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Microsoft Windows Network Controller (NC) 资源管理错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a resource management vulnerability in Microsoft Windows. Attackers have exploited this vulnerability, causing a denial-of-service attack on the system. The following products and version...

5.5CVSS5.8AI score0.00356EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Microsoft Windows Ancillary Function Driver for WinSock 资源管理错误漏洞

The Microsoft Windows Ancillary Function Driver for WinSock is a compatibility driver developed by Microsoft for Winsock. There is a resource management vulnerability present in the Microsoft Windows Ancillary Function Driver for WinSock. The following products and versions are affected: Windows...

7CVSS5.2AI score0.00234EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Microsoft Windows TCP/IP 缓冲区错误漏洞

Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There are security vulnerabilities present in Microsoft Windows TCP/IP. The following products and versions are affected: Windows Server 2022, Windows Server 2022 Serv...

9.6CVSS5.8AI score0.00438EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

microsoft projected file system 缓冲区错误漏洞

The Microsoft Projected File System is an application system developed by Microsoft Corporation. It projects hierarchical data into the file system, making it appear as files and directories within the file system. There are security vulnerabilities in the Microsoft Projected File System. Attacke...

7.8CVSS5.8AI score0.00326EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

NETGEAR Routers 输入验证错误漏洞

NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a vulnerability related to input validation. This vulnerability stems from insufficient input validation, which may allow administrators who have passed authentication to make...

7.1CVSS5.4AI score0.00216EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

AMD uProf 安全漏洞

AMD uProf is a cross-platform performance analysis tool developed by AMD, Inc. for AMD processor architecture. AMD uProf has a security vulnerability; this vulnerability stems from unlimited resource allocation, which may lead to excessive consumption of system resources and resulting in usabilit...

6.8CVSS5.4AI score0.00098EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Adobe Experience Manager Forms 跨站脚本漏洞

Adobe Experience Manager Forms is a form content management solution developed by Adobe, a company based in America. This product includes features for form creation, management, publishing, as well as communication management, document security, and integrated analysis. The Adobe Experience...

8CVSS5.1AI score0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Microsoft Remote Desktop Client 资源管理错误漏洞

Microsoft Remote Desktop Client is a remote desktop client developed by Microsoft Corporation. There is a resource management vulnerability in Microsoft Remote Desktop Client. Attackers can exploit this vulnerability to execute code. The following products and versions are affected: Windows App...

8.8CVSS5.7AI score0.00981EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

SQLFluff 资源管理错误漏洞

SQLFluff is an open-source SQL linter that features flexible and configurable syntax. Versions of SQLFluff prior to 4.2.0 contained a resource management vulnerability. This vulnerability stemmed from the parser’s improper handling of malicious long SQL queries, which could lead to resource...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Adobe Campaign Classic 安全漏洞

Adobe Campaign Classic is a enterprise-level marketing automation and campaign management platform developed by Adobe Inc. Adobe Campaign Classic 7.4.3 build 9394 and earlier versions have a security vulnerability that stems from improper authorization, which may allow for the execution of...

10CVSS5.9AI score0.00553EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Adobe ColdFusion 输入验证错误漏洞

Adobe ColdFusion is a rapid application development platform provided by Adobe Inc. This platform includes an integrated development environment and a scripting language. Versions of Adobe ColdFusion such as 2023.19, 2025.8, and earlier versions have a vulnerability related to input validation...

9.1CVSS5.8AI score0.00555EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Adobe Acrobat Reader 资源管理错误漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability that ste...

7.8CVSS7.6AI score0.00266EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Adobe Dreamweaver Desktop 输入验证错误漏洞

Adobe Dreamweaver Desktop is a web design and development software provided by Adobe, a company based in America. Versions of Adobe Dreamweaver Desktop starting from 21.7 and earlier have a vulnerability related to input validation. This vulnerability arises due to improper input validation, whic...

6.3CVSS5.5AI score0.00148EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

SEMCMS 跨站请求伪造漏洞

SEMCMS is an open-source content management system CMS for foreign trade websites that supports multiple languages. Version SEMCMS 5.0 has a cross-site request forgeing vulnerability, which stems from improper handling of POST requests directed to /admin/semcmsuser.php. This vulnerability may lea...

6.3CVSS5.1AI score0.00107EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

GPAC MP4Box 处理逻辑错误漏洞

GPAC is an open-source multimedia framework developed by GPAC. Version 2.4 of GPAC contains a security vulnerability. This vulnerability stems from a floating-point exception in the gfopusparsepacketheader function, which could allow attackers to cause denial-of-service attacks through specially...

6.5CVSS5.9AI score0.00296EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

WordPress plugin User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.4AI score0.00153EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Spring Framework 安全漏洞

The Spring Framework is an application development framework developed by Spring in a open-source manner. Versions of the Spring Framework such as 7.0.0 and earlier, 6.2.0 and earlier, 6.1.0 and earlier, and 5.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the...

7.5CVSS5.3AI score0.0036EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

SAP NetWeaver ABAP Platform 安全漏洞

SAP NetWeaver ABAP Platform is an integrated technology platform developed by the German company SAP. There is a security vulnerability in SAP NetWeaver ABAP Platform, which stems from the lack of necessary authorization checks for authenticated users. This vulnerability could allow attackers to...

7.1CVSS5.5AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

VMware Spring Framework 代码问题漏洞

VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, Inc. This framework helps developers build high-quality applications. VMware Spring Framework versions 7.0.0 and earlier, as well as 6.2.0 and earlier, have code vulnerabilities. These vulnerabilities...

6.5CVSS5.5AI score0.00123EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Taier 授权问题漏洞

Taier is a distributed scheduling system open source by DTStack. It aims to reduce the costs of ETL processes, clarify complex dependencies between tasks, and lower labor costs related to submission, scheduling, and operations. Versions of Taier 1.4.0 and earlier have vulnerabilities related to...

7.5CVSS7.5AI score0.00401EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

WordPress plugin MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.3AI score0.00234EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Huawei HarmonyOS 信息泄露漏洞

Huawei HarmonyOS is an operating system developed by Huawei Technologies Co., Ltd. It is a full-scenario distributed operating system based on a microkernel architecture. HUAWEI HarmonyOS has a vulnerability related to information leakage, which stems from the permission control of the file previ...

5.5CVSS5.3AI score0.00087EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

WordPress plugin TinyMCE shortcode Addon 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.2AI score0.00228EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Microsoft Office Sharepoint Server 跨站脚本漏洞

Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by the American company Microsoft. Microsoft Office SharePoint has a cross-site scripting vulnerability, which stems from improper input during the web page generation process. This...

5.4CVSS6.9AI score0.0051EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.19 views

Znuny 安全漏洞

Znuny is a ticket system of the Znuny company. Versions of Znuny prior to 7.3.3 contained security vulnerabilities; these vulnerabilities stemmed from user preference settings stored in the system, which could lead to cross-site scripting attacks...

5.4CVSS5AI score0.00133EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.19 views

Cisco Finesse 安全漏洞

Cisco Finesse is a call center management software developed by the American company Cisco. There is a security vulnerability in Cisco Finesse, which stems from insufficient validation of HTTP request inputs provided to users. This vulnerability could allow unauthorized remote attackers to load...

6.1CVSS5.4AI score0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.19 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after Autofill was released, and it could allow remote attackers who have compromised...

9.6CVSS5.4AI score0.00234EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.19 views

TP-Link多款产品 安全漏洞

TP-Link Tapo L535E are products of the TP-Link company from China. The TP-Link Tapo L535E is a smart color-adjustable LED bulb. The TP-Link Tapo P300 is a smart Wi-Fi multi-port plug-in device. The TP-Link Tapo D100C is a smart video doorbell with a wireless doorbell buzzer. Several TP-Link...

7.3CVSS5.9AI score0.00097EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.19 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of boundary checks in the ibget,setvalue function within drm/amdgpu, potentially leading...

7.1CVSS5.8AI score0.00131EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.19 views

Portainer 安全漏洞

Portainer is a lightweight user management interface developed by Portainer Foundation for managing Docker environments and Docker hosts. Vulnerabilities existed in versions of Portainer from 2.33.0 to 2.33.8, as well as in version 2.39.1, due to an issue with authorization verification in custom...

6.5CVSS5.8AI score0.00257EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.19 views

FacturaScripts 信息泄露漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to v2026 contained a vulnerability related to information leakage. This vulnerability stemmed from unvalidated information during the installation of controllers, allowi...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.19 views

IBM Cloud APM 安全漏洞

IBM Cloud APM is an application performance monitoring and operations analysis platform provided by the American multinational company IBM. There are security vulnerabilities in the IBM Cloud APM Base Private 8.1.4 version and the IBM Cloud APM Advanced Private 8.1.4 version. These vulnerabilitie...

6.5CVSS5.8AI score0.00402EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.19 views

WordPress plugin Yoast SEO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.9AI score0.00288EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.19 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a buffer overflow vulnerability. This vulnerability stemmed from excessive memory writes by the Dawn component, which could allow remote attackers to execute excessive memory writes...

4.3CVSS6.2AI score0.00191EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.19 views

IO-Compress 安全漏洞

IO-Compress is a Perl library developed by Paul Marquess, which supports various compression formats. Versions of IO-Compress from 2.207 to 2.220 had security vulnerabilities. These vulnerabilities occurred due to the zipdetails CLI tool crashing when processing Info-ZIP Unix Extra Fields. This...

7.3CVSS5.9AI score0.00262EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.19 views

Tauri 安全漏洞

Tauri is an open-source project developed by Tauri developers, aimed at creating smaller, faster, and more secure desktop applications using web frontends. Versions of Tauri from 2.0 to 2.11.0 contain security vulnerabilities. These vulnerabilities stem from the islocalurl function, which...

8.8CVSS5.8AI score0.00312EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.19 views

RabbitMQ 安全漏洞

RabbitMQ is an open-source, feature-rich multi-protocol message and streaming media broker. Versions of RabbitMQ from 4.2.0 to 4.2.4 contained a security vulnerability. This vulnerability stemmed from the use of regular expressions for variable substitutions in topic-level authorization within th...

5.3CVSS5.8AI score0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.19 views

Jenkins LDAP Plugin 安全漏洞

The Jenkins LDAP Plugin is an open-source Jenkins directory service identity authentication plugin developed by Jenkins. The Jenkins LDAP Plugin version 807.v7d7de30930cf and earlier versions have security vulnerabilities, which stem from unvalidated deserialization of LDAP reference data...

6.6CVSS5.8AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.19 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which arises from the lack of validation when ICMP reply types exceed the range of the icmppointers array, potentially...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.19 views

IBM HTTP Server 安全漏洞

IBM HTTP Server is an enterprise-level web server software developed by International Business Machines IBM. Versions 8.5 and 9.0 of IBM HTTP Server contain security vulnerabilities. These vulnerabilities are caused by buffer overflows, which could allow privileged users to execute remote code or...

8CVSS6.3AI score0.0026EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.19 views

WineHQ Wine 安全漏洞

WineHQ Wine is an open-source compatibility layer software developed by WineHQ, capable of running Windows applications on Unix-like systems. There is a security vulnerability in WineHQ, which stems from a.desktop file registered as an EXE file MIME processor. This vulnerability may allow EXE fil...

7.3CVSS5.8AI score0.00179EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.19 views

SourceCodester Hospitals Patient Records Management System SQL注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability stems from...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.19 views

WordPress plugin All in One SEO 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.19 views

phpMyFAQ SQL注入漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained an SQL injection vulnerability. This vulnerability stemmed from the BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods, which inserted...

9.8CVSS5.9AI score0.01709EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.19 views

Netty 环境问题漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contained environmental issues. These issues stemmed from...

9.1CVSS6.9AI score0.0075EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.19 views

Arqit Symmetric Key Agreement Platform 安全漏洞

The Arqit Symmetric Key Agreement Platform is a quantum-safe key negotiation platform developed by Arqit Corporation. Versions prior to 26.03 of the Arqit Symmetric Key Agreement Platform contained security vulnerabilities. These vulnerabilities stemmed from exposing the QKEY and internal system...

8.7CVSS5.8AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.19 views

Playwright Capture 代码问题漏洞

Playwright Capture is an open-source web capture tool based on Playwright developed by Lookyloo. Versions of Playwright Capture prior to 1.39.6 contained code vulnerabilities. These vulnerabilities stemmed from insufficient restrictions on navigation and resource requests initiated by rendered...

8.7CVSS5.9AI score0.00319EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.19 views

Schneider Electric Saitel DR RTU和Schneider Electric Saitel DP RTU 路径遍历漏洞

Schneider Electric Saitel DR RTU and Schneider Electric Saitel DP RTU are both remote terminal devices from Schneider Electric, a French company. Both devices have a path traversal vulnerability. This vulnerability stems from improper path name restrictions, which may lead to unauthorized access ...

7.1CVSS5.9AI score0.00303EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.19 views

ABIS BAPSİS 安全漏洞

ABIS BAPSİS is a research information system developed by the Turkish company ABIS, aimed at university research projects, academic budgets, and administrative processes management. Previous versions of ABIS BAPSİS, such as v.202604152042, contained security vulnerabilities. These vulnerabilities...

8.8CVSS5.8AI score0.00242EPSS
Exploits0References1
Total number of security vulnerabilities5000