Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/05/23 12:0 a.m.19 views

SourceCodester Hospitals Patient Records Management System SQL注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability stems from...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.19 views

WordPress plugin All in One SEO 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.19 views

phpMyFAQ SQL注入漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained an SQL injection vulnerability. This vulnerability stemmed from the BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods, which inserted...

9.8CVSS5.9AI score0.01709EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.19 views

Netty 环境问题漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contained environmental issues. These issues stemmed from...

9.1CVSS6.9AI score0.0075EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.19 views

Arqit Symmetric Key Agreement Platform 安全漏洞

The Arqit Symmetric Key Agreement Platform is a quantum-safe key negotiation platform developed by Arqit Corporation. Versions prior to 26.03 of the Arqit Symmetric Key Agreement Platform contained security vulnerabilities. These vulnerabilities stemmed from exposing the QKEY and internal system...

8.7CVSS5.8AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.19 views

Playwright Capture 代码问题漏洞

Playwright Capture is an open-source web capture tool based on Playwright developed by Lookyloo. Versions of Playwright Capture prior to 1.39.6 contained code vulnerabilities. These vulnerabilities stemmed from insufficient restrictions on navigation and resource requests initiated by rendered...

8.7CVSS5.9AI score0.00319EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.19 views

ABIS BAPSİS 安全漏洞

ABIS BAPSİS is a research information system developed by the Turkish company ABIS, aimed at university research projects, academic budgets, and administrative processes management. Previous versions of ABIS BAPSİS, such as v.202604152042, contained security vulnerabilities. These vulnerabilities...

8.8CVSS5.8AI score0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.19 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft Studio. Versions of Craft CMS from 5.0.0-RC1 to 5.9.18 contained security vulnerabilities. These vulnerabilities stemmed from the AssetsController::actionShowInFolder method, which did not check user permissions when...

7.1CVSS5.8AI score0.00324EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.19 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS prior to Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 contain security vulnerabilities. These vulnerabilities stem from issues with state handling, which may allow...

7.8CVSS5.8AI score0.00149EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.19 views

PHP SQL注入漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 have a SQL injection vulnerability. This vulnerability stems from the improper handling of NUL bytes by the PDO Firebird driver when processing SQL queries, which can...

9.8CVSS5.9AI score0.00298EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.19 views

CLI Proxy API 代码问题漏洞

CLI Proxy API is an open-source CLI proxy server developed by Router-For.ME, which supports multi-model APIs. Version 6.9.29 of the CLI Proxy API has a code vulnerability that stems from the handling of the url parameter in the file internal/api/handlers/management/apitools.go. This vulnerability...

6.5CVSS6.7AI score0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.19 views

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there were security vulnerabilities. These vulnerabilities stemmed fr...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.19 views

ZTE Cloud PC client uSmartView 代码问题漏洞

ZTE Cloud PC client uSmartView is a cloud desktop remote access client software developed by ZTE Corporation. There is a code vulnerability in ZTE Cloud PC client uSmartView, which stems from a DLL hijacking vulnerability. Since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful...

7.8CVSS6AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.19 views

Apache Wicket 路径遍历漏洞

Apache Wicket is an open-source, lightweight, component-based framework developed by the Apache Foundation in the United States. It provides an object-oriented approach for developing web-based dynamic UI applications. Versions 8.0.0 to 8.17.0, 9.0.0 to 9.22.0, and 10.0.0 to 10.8.0 of Apache Wick...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.19 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google to provide web browsing, application running and internet communication features. Google Chrome suffers from an integer overflow vulnerability that stems from the Network component failing to properly handle certain data, which can be exploited b...

4.3CVSS5.9AI score0.00225EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.19 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities were caused by environmental variable injection, allowing malicious workarea.env files to set runtime control...

8.8CVSS5.8AI score0.00203EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.19 views

mem0 输入验证错误漏洞

mem0 is an efficient memory algorithm benchmarking tool open-sourced by Mem0. An input validation error vulnerability exists in mem0 1.0.11 and earlier versions, which stems from improper manipulation of the pickle.load/pickle.dump functions in the mem0/vectorstores/faiss.py file, which could lea...

6.5CVSS6.5AI score0.00315EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.19 views

Wireshark 安全漏洞

Wireshark is a set of network packet analysis tools developed by the Wireshark team. The software’s function is to capture network packets and display detailed data for analysis. Versions of Wireshark from 4.6.0 to 4.6.4, as well as 4.4.0 to 4.4.14, have security vulnerabilities. These...

5.5CVSS5.8AI score0.00125EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.19 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a bypass vulnerability in the webhook signature processing mechanism. The vulnerability allowed attacke...

6.3CVSS5.8AI score0.0033EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.19 views

Pi-Hole Adminlte 跨站脚本漏洞

Pi-Hole Adminlte is a control panel used for collecting more data. Versions of Pi-Hole Adminlte from 6.0 to 6.5 had a cross-site scripting vulnerability. This vulnerability occurred due to the direct insertion of configuration values into HTML attributes without escaping, which could lead to HTML...

6.1CVSS5.7AI score0.00254EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.19 views

qdPM SQL注入漏洞

qdPM is a web-based open-source project management tool developed by qdPM Inc. Version 9.1 of qdPM has a SQL injection vulnerability. This vulnerability stems from the SQL injection present in the searchbyextrafields parameter, which could allow attackers to manipulate database queries and extrac...

8.8CVSS5.9AI score0.00311EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.19 views

Broadcom Symantec Data Loss Prevention Windows Endpoint 安全漏洞

Broadcom Symantec Data Loss Prevention Windows Endpoint is a terminal data leakage prevention security software developed by Broadcom Corporation. There is a security vulnerability in Broadcom Symantec Data Loss Prevention Windows Endpoint, which stems from an privilege escalation vulnerability...

7.8CVSS6AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.19 views

Mastodon 安全漏洞

Mastodon is an open-source social networking server based on ActivityPub, developed by Mastodon. There are security vulnerabilities in versions prior to Mastodon 4.5.8, specifically the 4.5.x branch, and versions prior to Mastodon 4.4.15, specifically the 4.4.x branch. These vulnerabilities stem...

4.8CVSS5.8AI score0.00166EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.19 views

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 0.18.0 to 2.2.1 had security vulnerabilities. These vulnerabilities stemmed from insufficient validation of user status during certain authentication processes, allowing users who were already...

8.1CVSS6.4AI score0.00453EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.19 views

esaml 安全漏洞

esaml is a library developed by Australian developer Lexi Wilson for handling SAML authentication. It provides functions for SAML service providers and identity providers. esaml has a security vulnerability, which stems from the undisabled XML entity extensions. This vulnerability may lead to XML...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.19 views

CEWE PHOTO IMPORTER 安全漏洞

CEWE PHOTO IMPORTER is a photo import tool developed by the British company CEWE. Version 6.4.3 of CEWE PHOTO IMPORTER contains a security vulnerability. This vulnerability arises from the import of specially crafted image files, which may allow local attackers to trigger an application crash...

6.9CVSS5.8AI score0.00169EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.19 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.21 contained security vulnerabilities. These vulnerabilities stemmed from improper URL scheme validation in the assertBrowserNavigationAllowed function. This allowed unauthorize...

7.1CVSS5.8AI score0.00403EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.19 views

OPEXUS eComplaint和OPEXUS eCASE 安全漏洞

OPEXUS eComplaint and OPEXUS eCASE are products of the American company OPEXUS. OPEXUS eComplaint is a complaint and appeal management platform. OPEXUS eCASE is an case management system. There were security vulnerabilities in versions of OPEXUS eComplaint and OPEXUS eCASE before 10.2.0.0. These...

5.5CVSS5.7AI score0.00141EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.19 views

Cockpit SQL注入漏洞

Cockpit is an interactive server management interface developed by Cockpit OpenSource. Versions of Cockpit 2.13.4 and earlier had a SQL injection vulnerability. This vulnerability originated from the SQL injection vulnerability present in the MongoLite aggregate optimizer, which could allow...

7.7CVSS6AI score0.00397EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.19 views

OpenCTI 代码问题漏洞

OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions of OpenCTI prior to 6.8.16 had code vulnerabilities. These vulnerabilities stemmed from the data ingestion feature not verifying the URLs provided by users, which could lead to server-side request forgei...

7.7CVSS5.9AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.19 views

itsourcecode Online Doctor Appointment System SQL注入漏洞

itsourcecode Online Doctor Appointment System is an open-source online doctor appointment system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability, which stems from incorrect handling of the patientid parameter in the file admin/patientaction.php. This...

9.8CVSS7.2AI score0.00379EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.19 views

Shopware 安全漏洞

Shopware is a set of open-source e-commerce software developed by the German company Shopware GmbH. Versions prior to Shopware 6.6.10.15 and 6.7.8.1 contained security vulnerabilities. These vulnerabilities stemmed from defects in the application registration process, which could allow attackers ...

8.9CVSS5.8AI score0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.19 views

Checkmate 信息泄露漏洞

Checkmate is an open-source, self-hosted tool developed by BlueWave. It aims to provide visually appealing real-time tracking and monitoring of server hardware, uptime, response times, and events. Versions of Checkmate prior to 3.4.0 contained a security vulnerability related to information...

5.3CVSS5.8AI score0.00386EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.19 views

Everon 代码问题漏洞

Everon is an electric vehicle charging station system developed by Everon Corporation. There are code vulnerabilities in Everon, which stem from the WebSocket backend’s use of predictable session identifiers. These vulnerabilities may lead to session hijacking or shadow attacks, ultimately...

8.6CVSS5.9AI score0.00252EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.19 views

WordPress plugin Custom Logo 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.4CVSS5.7AI score0.00193EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.19 views

OpenEXR 安全漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions 3.3.0 to 3.3.6 and 3.4.0 to 3.4.4 of OpenEXR contain security vulnerabilities. These vulnerabilities stem from integer underflow during the parsing of malformed EXR...

6.5CVSS5.9AI score0.00523EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.19 views

WordPress plugin Complianz 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.6AI score0.00245EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.19 views

WordPress plugin Booking Calendar 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.19 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an alignment error in the virtnetinfo structure. This error may lead to memory access errors and...

5.5CVSS6AI score0.00107EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.19 views

Tenda TX9 安全漏洞

The Tenda TX9 is a wireless router produced by the Chinese company Tenda. The Tenda TX9 versions 22.03.02.10multi and earlier has a security vulnerability. This vulnerability stems from incorrect handling of the deviceList parameter in the function sub4223E0 located in the...

9CVSS7.7AI score0.00733EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.19 views

WordPress plugin Video Onclick 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.19 views

MediaTek Chipsets 安全漏洞

MediaTek Chipsets are a series of chips developed by MediaTek Corporation in China. The MediaTek Chipsets contain security vulnerabilities, which stem from improper handling of modem errors. These vulnerabilities may lead to remote denial-of-service attacks...

6.5CVSS5.8AI score0.00216EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.19 views

Open5GS security vulnerabilities

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of the function...

7.5CVSS6AI score0.00511EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.19 views

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A denial of service vulnerability exists in Google Go, which stems from an unrestricted number of query parameters, which can be exploited by an attacker to cause excessive memory...

7.5CVSS6.9AI score0.01945EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.19 views

Delta Electronics DIAView 安全漏洞

Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A security vulnerability exists in Delta Electronics DIAView that stems from failure to authenticate critical functions. No details of the vulnerability are available at this time...

9.8CVSS5.8AI score0.00525EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.19 views

编号撤回

SoX is a suite of open source audio processing tools. The product supports playing, converting and recording audio in multiple formats. A numeric error vulnerability exists in SoX version 14.4.2, which originates from a divide-by-zero error when processing a specially crafted WAV file, and may...

5.4AI score0.00039EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.19 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from ioestimatebvecsize truncating the number of computed segments, which could lead to data corruption...

6.1AI score0.00162EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.19 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from amdgpu powerplay not clearing memory when power state initialization fails, which could lead to a memory lea...

8.6AI score0.00174EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.19 views

HP Image Assistant 安全漏洞

HP Image Assistant is a free tool from Hewlett-Packard HP that scans computers and installs recommended BIOS updates, drivers, and HP Business PC software. A security vulnerability exists in HP Image Assistant versions prior to 5.3.3, which stems from a competing condition in the installation of...

7CVSS6.3AI score0.00072EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.19 views

CKAN 授权问题漏洞

CKAN is an open source DMS Data Management System from CKAN Open Source. It is used to power data centers and data portals. An authorization issue vulnerability exists in CKAN versions prior to 2.10.9 and prior to 2.11.4, which stems from an attacker being able to fix session IDs, potentially...

6.1CVSS6.5AI score0.00269EPSS
Exploits0References3
Total number of security vulnerabilities5000