Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/03/29 12:0 a.m.18 views

OpenClaw 数据伪造问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a data forgery issue vulnerability that can be exploited by an attacker to inject forged Feishu events and trigger execution by downstream tools...

9.8CVSS5.9AI score0.00247EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.18 views

Mastodon 安全漏洞

Mastodon is an open-source social networking server based on ActivityPub, developed by Mastodon. There are security vulnerabilities in versions prior to Mastodon 4.5.8, specifically the 4.5.x branch, and versions prior to Mastodon 4.4.15, specifically the 4.4.x branch. These vulnerabilities stem...

4.8CVSS5.8AI score0.00166EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.18 views

phpseclib 安全漏洞

phpseclib is an open-source PHP security communication library developed by phpseclib. Versions of phpseclib starting from 1.0.26, 2.0.0 to 2.0.51, and 3.0.0 to 3.0.49 contain security vulnerabilities. These vulnerabilities stem from a timing attack that occurs when using the AES CBC mode...

8.2CVSS5.8AI score0.00374EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.18 views

OPEXUS eComplaint和OPEXUS eCASE 安全漏洞

OPEXUS eComplaint and OPEXUS eCASE are products of the American company OPEXUS. OPEXUS eComplaint is a complaint and appeal management platform. OPEXUS eCASE is an case management system. There were security vulnerabilities in versions of OPEXUS eComplaint and OPEXUS eCASE before 10.2.0.0. These...

5.5CVSS5.7AI score0.00141EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.18 views

WordPress plugin KiviCare 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.2CVSS5.8AI score0.00248EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.18 views

aaPanel 安全漏洞

aaPanel is a simple yet powerful web-based control panel, open source. Version 7.57.0 of aaPanel has a security vulnerability that stems from an issue with arbitrary file uploads, which may allow for the execution of arbitrary code...

9.8CVSS6AI score0.0051EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.18 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.75 contained a buffer overflow vulnerability. This vulnerability stemmed from out-of-bounds writes in Skia, which could allow remote attackers to execute out-of-bounds memory access via a special...

8.8CVSS7.5AI score0.01629EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.18 views

itsourcecode Online Doctor Appointment System SQL注入漏洞

itsourcecode Online Doctor Appointment System is an open-source online doctor appointment system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability, which stems from incorrect handling of the patientid parameter in the file admin/patientaction.php. This...

9.8CVSS7.2AI score0.00379EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.18 views

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 had code vulnerabilities, as the url parameters could be used to access local system files...

8.7CVSS5.8AI score0.00533EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.18 views

chia-blockchain 安全漏洞

chia-blockchain is a Python library for Chia Network, open-source software. Version 2.1.0 of chia-blockchain contains a security vulnerability, which stems from incorrect handling of the /sendtransaction file. This vulnerability may lead to cross-site request forgery attacks...

3.1CVSS5.7AI score0.00173EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.18 views

OpenEXR 安全漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions 3.3.0 to 3.3.6 and 3.4.0 to 3.4.4 of OpenEXR contain security vulnerabilities. These vulnerabilities stem from integer underflow during the parsing of malformed EXR...

6.5CVSS5.9AI score0.00523EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.18 views

WordPress plugin Booking Calendar 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.18 views

NVIDIA Nemo Framework 代码注入漏洞

NVIDIA Nemo Framework is a framework developed by NVIDIA Corporation in the United States for building and deploying generative AI models. The NVIDIA Nemo Framework has a code injection vulnerability. This vulnerability allows attackers to potentially execute remote code, leading to code executio...

7.8CVSS6AI score0.00219EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.18 views

Microsoft HTTP.sys 安全漏洞

Microsoft HTTP.SYS is an HTTP application protocol developed by Microsoft Corporation. There are security vulnerabilities in Microsoft HTTP.SYS. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affected: Windows Server 2025 Server Core...

7.8CVSS5.8AI score0.0104EPSS
Exploits3References2
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.18 views

OpenSTAManager 操作系统命令注入漏洞

OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager 2.9.8 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the P7M file decoding function’s...

9.4CVSS6.1AI score0.01755EPSS
Exploits13References1
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.18 views

vCluster Platform security vulnerabilities

vCluster Platform is an open-source virtual cluster manager developed by vCluster. Vulnerabilities existed in versions prior to vCluster Platform 4.6.0, 4.5.4, 4.4.2, and 4.3.10. These vulnerabilities were due to a potential bypass of range restrictions, which could lead to access to resources th...

9.1CVSS5.8AI score0.00444EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.18 views

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A denial of service vulnerability exists in Google Go, which stems from an unrestricted number of query parameters, which can be exploited by an attacker to cause excessive memory...

7.5CVSS6.9AI score0.01945EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.18 views

Seroval security vulnerabilities

Seroval is a formatted Java library developed by Alexis H. Munsayac. Versions of Seroval 1.4.0 and earlier contain security vulnerabilities, which stem from improper input validation during JSON deserialization, potentially leading to prototype pollution...

9.8CVSS5.8AI score0.00246EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.18 views

Oracle Solaris security vulnerabilities

Oracle Solaris is a UNIX operating system developed by the American company Oracle. There is a security vulnerability in Oracle Solaris 11 version. This vulnerability allows unverified attackers to access the system via TCP networks, potentially leading to unauthorized access to certain data...

5.3CVSS7.1AI score0.0028EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.18 views

Vivotek IP7137 路径遍历漏洞

The Vivotek IP7137 is an IP camera from China's Vivotek Communications Vivotek. A path traversal vulnerability exists in the Vivotek IP7137 version 0200a, which can be exploited by an authenticated attacker to access resources outside of the web root directory via a direct HTTP request, potential...

8.7CVSS6.4AI score0.0071EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.18 views

Nanjing Hanyuan HY511 POE 安全漏洞

Nanjing Hanyuan HY511 POE is an embedded smart display panel from Nanjing Hanyuan, China. A security vulnerability exists in Nanjing Hanyuan HY511 POE versions prior to 2.1 and plugins prior to 0.1, which stems from insufficient device cookie validation, and could lead to an attacker downloading...

9.8CVSS6.6AI score0.04617EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.18 views

WordPress plugin WING WordPress Migrator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

9.6CVSS5.7AI score0.00171EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.18 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the existence of post-release reuse of the btsdioremove function...

5.8AI score0.00195EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.18 views

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which originates from an incorrect operation of the function doQuartzList in the file...

4.8CVSS4AI score0.00207EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.18 views

SAP Web Dispatcher和SAP Internet Communication Manager 安全漏洞

SAP Web Dispatcher and SAP Internet Communication Manager SAP ICM are both products from SAP, Germany.SAP Web Dispatcher is a core component of Load Balancing, which supports load balancing and provides reverse proxy functionality to enable external users to access internal applications. SAP Web...

8.2CVSS6.1AI score0.00306EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.18 views

Windu CMS 跨站请求伪造漏洞

Windu CMS Windu CMS is a lightweight web content management system CMS from Windu. A cross-site request forgery vulnerability exists in Windu CMS version 4.1, which stems from insufficient protection against cross-site request forgery and could lead to the deletion of users...

6.8CVSS6.4AI score0.00154EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/10 12:0 a.m.18 views

OneFlow 安全漏洞

Oneflow is a deep learning framework open-sourced by Oneflow. A security vulnerability exists in OneFlow version v0.9.0 that stems from improper input validation and could lead to a segmentation violation when adding Python sequences during broadcast or type conversion...

6.5CVSS6.5AI score0.00317EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.18 views

SAMSUNG多款产品 安全漏洞

SAMSUNG Exynos is a range of processors from South Korean company Samsung SAMSUNG. A security vulnerability exists in a number of SAMSUNG products, which stems from mishandling of 5G NRMM packets and could lead to a denial of service. The following products are affected: Exynos 2100, 1280, 2200,...

7.5CVSS6.5AI score0.00323EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/31 12:0 a.m.18 views

WordPress plugin Polylang 安全漏洞

WordPress Polylang plugin is a multilingual WordPress plugin for creating and managing multilingual websites, supports switching from 1 to 10 or more languages, the core functionality is fully integrated with WordPress built-in features e.g. taxonomies without additional dependency on external...

8.8CVSS7.4AI score0.00332EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.18 views

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the TLSHOSTNAME parameter, which can be exploited by an attacker to inject...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.18 views

DCMTK 安全漏洞

DCMTK is a collection of libraries and applications that implement most of the DICOM standards from the DCMTK open source. Software for inspecting, building, and converting DICOM image files, processing offline media, sending and receiving images over a network connection, and demonstrating image...

5.5CVSS5.5AI score0.00222EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.18 views

RSUPPORT RemoteCall Remote Support Program 代码问题漏洞

RSUPPORT RemoteCall Remote Support Program is a remote assistance software from the Korean company RSUPPORT. A code issue vulnerability exists in RSUPPORT RemoteCall Remote Support Program versions prior to 5.1.0, which stems from an uncontrolled search path element that could lead to the executi...

8.5CVSS7.9AI score0.0016EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/14 12:0 a.m.18 views

Microsoft Windows Network Driver Interface Specification 缓冲区错误漏洞

The Microsoft Windows Network Driver Interface Specification is one of the core components of a Windows network architecture from Microsoft Corporation USA. A buffer error vulnerability exists in the Microsoft Windows Network Driver Interface Specification, which can be exploited by an attacker t...

7.8CVSS9.1AI score0.00393EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.18 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability which is caused due to missing security attributes in the encrypted session SSL cookie. No details of the vulnerability are provided at this time...

7.5CVSS6.8AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.18 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. in the United States, with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE and EE...

7.5CVSS6.7AI score0.00496EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/01 12:0 a.m.18 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an integer overflow in the iwlwritetouserbuf function, which could lead to a heap overflow...

6AI score0.00158EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/09/25 12:0 a.m.18 views

smsboom 代码注入漏洞

smsboom is an SMS bombing software by the individual developer of QuitDropdatabaseFalse. A code injection vulnerability exists in smsboom 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674 and prior versions, which stems from a misuse of the parameter hm in the file dy.php, and could lead to a cross-site...

5.1CVSS4.8AI score0.00233EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.18 views

Novakon P series 安全漏洞

Novakon P series is a series of industrial panel PC operating pages from Taiwan, China-based Speedcom Novakon. A security vulnerability exists in Novakon P series version V2001.A.C518o2, which stems from improper authentication and could allow an unauthenticated attacker to upload and download...

10CVSS7.2AI score0.01396EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.18 views

Mesh Connect JS SDK 跨站脚本漏洞

Mesh Connect JS SDK is a Java library from Mesh open source. A cross-site scripting vulnerability exists in Mesh Connect JS SDK versions prior to 3.3.2, which stems from the createLink.openLink function not being cleaned up for the URL protocol, which could lead to the execution of arbitrary...

8.2CVSS6AI score0.00438EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/18 12:0 a.m.18 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly handling routine rq reactivation after an XSK socket shutdown, which could result in reading...

5.5CVSS5.9AI score0.00119EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.18 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the az6027i2cxfer function not handling null pointers correctly, which could lead to null pointer...

5.5CVSS6.3AI score0.0015EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.18 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to set a new vector length before reallocating the SVE status buffer, which could lead to memory...

7.8CVSS5.8AI score0.00151EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.18 views

Zabbix 安全漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. A security vulnerability exists in Zabbix that stems from not properly cleaning up the smart.disk.get parameter, which could lead to the...

5.7CVSS6.6AI score0.0016EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/11 12:0 a.m.18 views

WordPress plugin PhpList Subber 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS6.3AI score0.00149EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/11 12:0 a.m.18 views

Xen 安全漏洞

Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. Xen has a security vulnerability that can be exploited by...

7.5CVSS6.5AI score0.0042EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.18 views

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting, and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg that stems from a heap buffer overflow that could lead to remote code execution or denial of service...

7.2CVSS7AI score0.00372EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.18 views

Citrix NetScaler ADC和Citrix NetScaler Gateway 安全漏洞

Citrix NetScaler ADC and Citrix NetScaler Gateway are both products of Citrix Corporation, U.S.A. Citrix NetScaler ADC is an application delivery and security platform.Citrix NetScaler Gateway is a secure remote access solution. A security vulnerability exists in Citrix NetScaler ADC and Citrix...

8.7CVSS6.5AI score0.02723EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/21 12:0 a.m.18 views

hippo4j 安全漏洞

hippo4j is an asynchronous thread pooling framework from opengoofy open source. A security vulnerability exists in hippo4j versions 1.0.0 through 1.5.0, which stems from the use of hard-coded keys in JWT creation, which could lead to the forgery of valid access tokens...

8.8CVSS6.4AI score0.00325EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.18 views

my-site 安全漏洞

my-site is WinterChenS individual developer's personal website based on springboot 2.0 development, integrated with: personal home page, personal blog, personal works. A security vulnerability exists in my-site version 6c79286, which stems from an authentication bypass that could lead to...

9.8CVSS6.9AI score0.00415EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.18 views

WordPress plugin Responsive Posts Carousel WordPress Plugin Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

7.5CVSS5.8AI score0.00458EPSS
Exploits0References1
Total number of security vulnerabilities5000