Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/06/08 12:0 a.m.18 views

D-Link DGS-1100-08PD 安全漏洞

The D-Link DGS-1100-08PD is an 8-port Gigabit intelligent management switch from D-Link Corporation. Version 1.00.006 of the D-Link DGS-1100-08PD contains a security vulnerability. This vulnerability stems from improper handling of the /etc/boa.conf file within the Web Interface component, which...

7.5CVSS4.9AI score0.00405EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.18 views

Gun 访问控制错误漏洞

Gun is an open-source Erlang HTTP client developed by Nine Nines that supports HTTP/1.1, HTTP/2, and WebSocket. In versions 2.0.0 to 2.4.0 of Gun, there was a access control vulnerability. This vulnerability stemmed from a source validation error in the gunhttp2 module, which could allow...

6.3CVSS5.3AI score0.00215EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.18 views

Znuny 安全漏洞

Znuny is a ticket system of the Znuny company. Versions of Znuny prior to 7.3.3 contained security vulnerabilities; these vulnerabilities stemmed from user preference settings stored in the system, which could lead to cross-site scripting attacks...

5.4CVSS5AI score0.00133EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.18 views

TRAC PDBM 安全漏洞

TRAC PDBM is an industrial automation process database management software developed by the Slovenian company TRAC. TRAC PDBM has a security vulnerability that stems from the use of static, hard-coded keys. This vulnerability could allow attackers to decrypt credentials stored in configuration...

6.4CVSS5.4AI score0.00065EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.18 views

JetBrains PyCharm 跨站脚本漏洞

JetBrains PyCharm is an integrated development environment IDE for Python language developed by the Czech company JetBrains. Versions of JetBrains PyCharm prior to 2025.3.4 contained a cross-site scripting vulnerability, which originated from Markdown cells in Jupyter notebooks, where a...

6.1CVSS5.6AI score0.00181EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.18 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. There is a security vulnerability in Keycloak. This vulnerability stems from the fact that authenticated administrators with the manage-clients role can exploit the vulnerability in the name-based...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.18 views

WordPress plugin Frontend Admin by DynamiApps 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.00433EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.18 views

CodeWhale 代码问题漏洞

CodeWhale is a terminal coding tool developed by Hunter Bown. Versions of CodeWhale prior to 0.8.22 contained code vulnerabilities. These vulnerabilities stemmed from the fetchurl tool’s ability to validate the IP address of the initial URL. However, the HTTP client was configured to follow...

7.4CVSS5.8AI score0.00226EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.18 views

XCharge C6 安全漏洞

XCharge C6 is a series of intelligent electric vehicle DC charging stations developed by the German company XCharge. There is a security vulnerability in the XCharge C6, which stems from a configuration flaw in the device’s remote management service. This flaw allows for the establishment of...

8.6CVSS5.8AI score0.00185EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.18 views

Northern.tech Mender Server 安全漏洞

Northern.tech Mender Server is an IoT server-side software developed by the American company Northern.tech. Versions of Northern.tech Mender Server such as 4.1.0, 4.0.1, and earlier have security vulnerabilities, which are due to a vulnerability that makes the system susceptible to directory...

3.7CVSS5.8AI score0.0052EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.18 views

pam_usb 安全漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.0 contain security vulnerabilities; these vulnerabilities stem from the lack of mandatory verification of the system-side pad file, which could allow...

7.1CVSS5.8AI score0.00119EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.18 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. In versions of Google Chrome on Android prior to 148.0.7778.216, there was a resource management vulnerability. This vulnerability stemmed from the WebGL component’s tendency to reuse resources after they were released, which could allow...

9.6CVSS5.9AI score0.00243EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.18 views

WordPress plugin Yoast SEO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.9AI score0.00288EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.18 views

DotCMS 安全漏洞

DotCMS is an open-source content management system written in Java, developed by DotCMS Inc. It is used to manage content and content-driven websites and applications. There are security vulnerabilities in the DotCMS Core version 25.11.04-1 to 26.04.28-02. These vulnerabilities stem from the...

10CVSS5.8AI score0.01584EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.18 views

WordPress plugin WPComplete 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.18 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an out-of-bound MMIO read performed by the queue reader/writer index exceeding the REMOTEQUEUESIZE rang...

5.8AI score0.00145EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.18 views

Jenkins LDAP Plugin 安全漏洞

The Jenkins LDAP Plugin is an open-source Jenkins directory service identity authentication plugin developed by Jenkins. The Jenkins LDAP Plugin version 807.v7d7de30930cf and earlier versions have security vulnerabilities, which stem from unvalidated deserialization of LDAP reference data...

6.6CVSS5.8AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.18 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an invalid dereference of rawdata when the exportbinary function is not set properly. This could lead t...

5.8AI score0.0016EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.18 views

Gradio 安全漏洞

Gradio is an open-source Python library developed by Google. It provides a user-friendly web interface for demonstrating machine learning models. Prior to version 6.15.0, Gradio had a security vulnerability. This vulnerability stemmed from the use of shared module-level HTTP clients, which allowe...

7.6CVSS5.8AI score0.0035EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.18 views

WordPress plugin CM Ad Changer 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.18 views

B&R Industrial Automation PPT30 Operating System 安全漏洞

The B&R Industrial Automation PPT30 Operating System is an industrial control terminal operating system developed by B&R Industrial Automation in Austria. Versions of the B&R Industrial Automation PPT30 Operating System prior to 1.8.0 contained security vulnerabilities. These vulnerabilities...

8.7CVSS5.8AI score0.00322EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.18 views

luci-app-https-dns-proxy 命令注入漏洞

Luci-app-https-dns-proxy is an OpenWrt DNS-over-HTTPS proxy with a web management interface, developed by Stan Grishin. Versions of Luci-app-https-dns-proxy dated back to December 29, 2025, and earlier have a command injection vulnerability. This vulnerability stems from command injection in the...

8.8CVSS6.1AI score0.06582EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.18 views

SourceCodester Hospitals Patient Records Management System SQL注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability stems from...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.18 views

WordPress plugin NextGEN Gallery SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

9.3CVSS5.9AI score0.00287EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.18 views

vm2 安全漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 have security vulnerabilities; these vulnerabilities stem from sandbox boundary violations. During...

7.2CVSS5.9AI score0.002EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.18 views

Playwright Capture 代码问题漏洞

Playwright Capture is an open-source web capture tool based on Playwright developed by Lookyloo. Versions of Playwright Capture prior to 1.39.6 contained code vulnerabilities. These vulnerabilities stemmed from insufficient restrictions on navigation and resource requests initiated by rendered...

8.7CVSS5.9AI score0.00319EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.18 views

Netty 资源管理错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contained a resource management vulnerability. This...

7.5CVSS6.9AI score0.00887EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.18 views

Microsoft Win32k 资源管理错误漏洞

Microsoft Win32k is a system file used by Microsoft for multi-user management in Windows operating systems. There is a resource management vulnerability in Microsoft Windows Win32K-ICOMP. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are...

7.8CVSS5.8AI score0.02014EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.18 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.5CVSS5.8AI score0.0038EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.18 views

Auth 授权问题漏洞

Auth is a user authentication and management system open sourced by Supabase. There were vulnerabilities related to authorization in versions of Auth from 1.18.0 to 1.25.2, and from 2.0.0 to 2.1.2. This vulnerability stemmed from the Patreon OAuth provider, which mapped all authenticated Patreon...

9.1CVSS5.8AI score0.00417EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.18 views

Dapr 路径遍历漏洞

Dapr is a portable, serverless, event-driven runtime developed by Dapr Open Source. Versions of Dapr from 1.3.0 to 1.15.14, as well as versions from 1.16.0-rc.1 to 1.16.14 and from 1.17.0-rc.1 to 1.17.5, have a path traversal vulnerability. This vulnerability stems from the use of reserved URL...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.18 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the component NSSF, specifically the function...

6.5CVSS5.8AI score0.00372EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.18 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of signed integers in bloblen and nummon functions within cephmonmapdecode. This can lead...

7.5CVSS5.8AI score0.0049EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.18 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios from 1.0.0 to 1.15.2 contained security vulnerabilities. These vulnerabilities stemmed from five configuration properties in the HTTP adapter being accessed directly through property access without the protection of...

9.1CVSS5.8AI score0.00715EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.18 views

ZTE Cloud PC client uSmartView 代码问题漏洞

ZTE Cloud PC client uSmartView is a cloud desktop remote access client software developed by ZTE Corporation. There is a code vulnerability in ZTE Cloud PC client uSmartView, which stems from a DLL hijacking vulnerability. Since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful...

7.8CVSS6AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.18 views

Siemens Mendix Studio Pro 安全漏洞

Siemens Mendix Studio Pro is a visualization model-driven IDE developed by the German company Siemens. Versions of Siemens Mendix Studio Pro 11.8.0 Beta and earlier contained security vulnerabilities. These vulnerabilities were caused by incorrect authorization configurations, which could allow...

9.3CVSS5.8AI score0.00272EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.18 views

Apache Wicket 路径遍历漏洞

Apache Wicket is an open-source, lightweight, component-based framework developed by the Apache Foundation in the United States. It provides an object-oriented approach for developing web-based dynamic UI applications. Versions 8.0.0 to 8.17.0, 9.0.0 to 9.22.0, and 10.0.0 to 10.8.0 of Apache Wick...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.18 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.15 contained security vulnerabilities. These vulnerabilities stemmed from capturing a resolved bearer-auth configuration during initialization, which could allow revoked tokens ...

9.8CVSS5.8AI score0.0054EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.18 views

Redis 安全漏洞

Redis is an open-source database developed by Redis Technologies in the United States. It is written in ANSI C, supports networking, and can be implemented as either in-memory or persistent storage systems. It also provides APIs in multiple languages. Versions of Redis 8.6.3 and earlier contained...

8.8CVSS6.1AI score0.02995EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.18 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.14 contained security vulnerabilities. These vulnerabilities stemmed from the reuse of authorized environments within queue batches. This allowed messages from different senders...

8.1CVSS5.9AI score0.0022EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.18 views

PhpSpreadsheet 代码问题漏洞

PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. Code vulnerabilities exist in versions 1.30.2 and earlier, as well as versions 2.0.0 to 2.1.14, 2.2.0 to 2.4.3, 3.3.0 to 3.10.3, and 4.0.0 to 5.5.0 of PhpSpreadsheet. These vulnerabilities...

9.8CVSS6.4AI score0.00712EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.18 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities were caused by environmental variable injection, allowing malicious workarea.env files to set runtime control...

8.8CVSS5.8AI score0.00203EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.18 views

Claude SDK for TypeScript 安全漏洞

Claude SDK for TypeScript is an open-source development toolkit by Anthropic, designed for calling the Claude API using TypeScript. There were security vulnerabilities in versions of Claude SDK for TypeScript from 0.79.0 to 0.91.1. These vulnerabilities stemmed from BetaLocalFilesystemMemoryTool...

4.8CVSS5.8AI score0.00119EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.18 views

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of parameters in the OpenApiController.add/OpenApiController.call...

6.5CVSS6.7AI score0.00214EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.18 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the function smbinheritdacl does not verify the numaces value. This can lead to...

8.8CVSS5.8AI score0.00369EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.18 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a bypass vulnerability in the webhook signature processing mechanism. The vulnerability allowed attacke...

6.3CVSS5.8AI score0.0033EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.18 views

多款产品安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from insufficient boundary checks in the depth computing functions of the Irdma driver, potentially...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.18 views

Oracle MySQL Server 安全漏洞

Oracle MySQL Server is a relational database management system developed by Oracle Corporation. Vulnerabilities exist in versions 8.0.0 to 8.0.45, 8.4.0 to 8.4.8, and 9.0.0 to 9.6.0 of Oracle MySQL Server. These vulnerabilities stem from issues with the Server: Optimizer component, allowing...

6.5CVSS7.2AI score0.00303EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.18 views

Microsoft Windows Kerberos 授权问题漏洞

Microsoft Windows Kerberos is a software developed by Microsoft for authentication in network clusters. As a network authentication protocol, Kerberos aims to provide robust authentication services for client/server applications through a key system. There are authorization vulnerabilities in...

8CVSS5.8AI score0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.18 views

Piwigo 安全漏洞

Piwigo is a web-based open-source image library software developed by Piwigo contributors. This software includes functions such as image management, image classification, and permission management. Versions of Piwigo prior to 16.3.0 contained security vulnerabilities. These vulnerabilities stemm...

7.2CVSS6.1AI score0.00372EPSS
Exploits1References3
Total number of security vulnerabilities5000