Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2025/07/10 12:0 a.m.18 views

Headlamp 参数注入漏洞

Headlamp is an open source UI program for Kubernetes SIGs. A parameter injection vulnerability exists in versions of Headlamp prior to 0.31.1, which stems from command injection in the codeSign.js script and could lead to the execution of arbitrary commands...

7.7CVSS7.5AI score0.00672EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.18 views

Chall-Manager 路径遍历漏洞

Chall-Manager is an open source project from CTFer.io open source. A path traversal vulnerability exists in versions prior to Chall-Manager 0.1.4, which originates from unzipping a zip file without checking the path of the file, which may lead to arbitrary file overwriting...

9.1CVSS6.5AI score0.00718EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/07/09 12:0 a.m.18 views

Docusaurus gists plugin 信息泄露漏洞

Docusaurus gists plugin is an automation plugin by Webber Takken Personal Developer. An information disclosure vulnerability exists in Docusaurus gists plugin versions prior to 4.0.0, which stems from a GitHub token disclosure that could lead to credential disclosure...

10CVSS5.8AI score0.01842EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/27 12:0 a.m.18 views

WordPress plugin Contact Form 7 Hide Success Message security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.3CVSS5.8AI score0.00257EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/20 12:0 a.m.18 views

WordPress plugin Better Random Redirect 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Better Random Redirect plugin has a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data...

5.9CVSS6AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/03 12:0 a.m.18 views

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from insufficient input validation, which could lead to local elevation of privilege...

8.4CVSS6.1AI score0.00403EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.18 views

WordPress plugin Save as Image Plugin by Pdfcrowd 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.8CVSS5.8AI score0.00266EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/05/12 12:0 a.m.18 views

WordPress plugin LightPress Lightbox 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.8CVSS6.8AI score0.00372EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.18 views

IBM i 信任管理问题漏洞

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. IBM i is vulnerable to a trust management issue vulnerability that stems from improper handling of IBM i Netserver authentication, no details of the vulnerability are...

5.4CVSS6.7AI score0.00217EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/23 12:0 a.m.18 views

Drupal Sportsleague 安全漏洞

Drupal Sportsleague is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Sportsleague that stems from a problem with the project file that affects usability...

7.3CVSS6.7AI score0.00243EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/18 12:0 a.m.18 views

PHPGurukul Men Salon Management System 注入漏洞

PHPGurukul Men Salon Management System is a men's salon management system from PHPGurukul. An injection vulnerability exists in PHPGurukul Men Salon Management System version 1.0, which originates from SQL injection due to the manipulation of multiple parameters in file /admin/contact-us.php...

8.8CVSS6.9AI score0.00443EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/04/03 12:0 a.m.18 views

HCL Traveler 安全漏洞

HCL Traveler is a software from HCL India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. A security vulnerability exists in HCL Traveler that originates from a Windows application accidentally disclosing interna...

4.3CVSS6.7AI score0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/13 12:0 a.m.18 views

Autodesk AutoCAD 缓冲区错误漏洞

Autodesk AutoCAD is a suite of professional 3D drawing software from Autodesk, Inc. A security vulnerability exists in Autodesk AutoCAD that stems from a memory corruption vulnerability when parsing specially crafted SLDPRT files, which could lead to the execution of arbitrary code...

7.8CVSS6.8AI score0.00224EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/03/11 12:0 a.m.18 views

Adobe Illustrator 代码问题漏洞

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An untrusted search path vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to execute arbitrary code...

7.8CVSS7.2AI score0.00219EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.18 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the aspeedpinmuxsetmux function potentially dereferencing null pointers...

5.5CVSS5.5AI score0.00242EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.18 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the mdfree and mdstop functions repeatedly releasing ioacctset, resulting in a double release...

7.8CVSS5.5AI score0.00259EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.18 views

Cordaware bestinformed 安全漏洞

Cordaware bestinformed is a mass notification system from Cordaware, Germany. A security vulnerability exists in Cordaware bestinformed that stems from a server address modification permission issue that could result in local privileges being elevated to SYSTEM...

8.5CVSS6.4AI score0.0016EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/12/27 12:0 a.m.18 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper resource release on USB disconnection in the ALSA:usx2y module, which could lead to a memory leak...

5.5CVSS6.4AI score0.00217EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/27 12:0 a.m.18 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a post-release reuse issue in the binder subsystem...

7.8CVSS5.9AI score0.00149EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.18 views

Adobe Acrobat Reader 代码问题漏洞

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. Adobe Acrobat Reader has an XML External Entity Injection vulnerability that originates from a network system or product that is not set up with the correct filters ...

6.3CVSS6.9AI score0.00403EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/04 12:0 a.m.18 views

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, an American company. A security vulnerability exists in Google Pixel, which stems from a lack of bounds checking in getbinary in vendor/mediatek/proprietary/hardware/connectivity/gps/gpshal/src/datacoder.c, where out-of-bounds writes may exist...

7.8CVSS9.1AI score0.00084EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.18 views

Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A resource management error vulnerability exists in Foxit PDF Reader, which arises from manipulating AcroForms without verifying the existence of the object, which could lead to remote code execution...

7.8CVSS7.7AI score0.00401EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/19 12:0 a.m.18 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by type confusion in V8. An attacker can exploit the vulnerability to execute arbitrary code on the system...

8.8CVSS8AI score0.00355EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.18 views

Shilpi Client Dashboard 安全漏洞

Shilpi Client Dashboard is a centralized dashboard from Shilpi. A security vulnerability exists in Shilpi Client Dashboard versions prior to 9.7.0, which stems from a lack of rate limiting and CAPTCHA protection for OTP requests in the API endpoints, and could lead to an OTP explosion on the targ...

7.5CVSS6.6AI score0.00492EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/03 12:0 a.m.18 views

TEM Opera Plus FM Family Transmitter 跨站请求伪造漏洞

The TEM Opera Plus FM Family Transmitter is a frequency modulation FM transmitter device from TEM. A cross-site request forgery vulnerability exists in TEM Opera Plus FM Family Transmitter version 35.45, which originates from allowing a user to perform certain actions via HTTP requests without...

8.6CVSS6.8AI score0.00245EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/09/01 12:0 a.m.18 views

Code-Projects Hospital Management System SQL注入漏洞

Code-Projects Hospital Management System is a Code-Projects open source hospital management system. Code-Projects Hospital Management System version 1.0 suffers from a SQL injection vulnerability, which originates from a SQL injection vulnerability contained in the index.php page...

9.8CVSS7.9AI score0.00755EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/08/13 12:0 a.m.18 views

Fortinet FortiOS 访问控制错误漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An access control error...

5.5CVSS6.7AI score0.00159EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/15 12:0 a.m.18 views

Zoom Meeting SDK and Zoom Workplace Path Traversal Vulnerability

Zoom Meeting SDK and Zoom Workplace are both products of Zoom, Inc.Zoom Meeting SDK is a development kit. Enables your company to accelerate the development and build of fully customizable video-based applications by leveraging the performance, scale, and reliability of Zoom's industry-leading...

6.8CVSS6.1AI score0.00439EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/18 12:0 a.m.18 views

Dolibarr ERP/CRM Security Breach

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A security vulnerability exists in Dolibarr ERP/CRM version...

8.8CVSS7.7AI score0.00754EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/18 12:0 a.m.18 views

intellij Security Vulnerabilities

intellij is a plugin for the Bazel project. A security vulnerability exists in versions prior to intellij 2024.06.04.0.2, which stems from a dialog box for trusting the project not being displayed...

3.3CVSS6.7AI score0.00109EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.18 views

Microsoft Azure Backlink Vulnerability

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from Microsoft Corporation USA. A backlink vulnerability exists in Microsoft Azure File Sync. An attacker could exploit the vulnerability to elevate privileges. The following products and versions are affected:Azure Fi...

4.4CVSS6.7AI score0.00738EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/29 12:0 a.m.18 views

WordPress plugin Swiss Toolkit For WP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

8.8CVSS6.6AI score0.00583EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.18 views

WordPress plugin Swift Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.4AI score0.00377EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.18 views

Siemens Parasolid 缓冲区错误漏洞

Parasolild Translators is a single-format translator toolkit for high-speed end-to-end translation between Parasolid and several industry formats such as STEP or IGES. An out-of-bounds read vulnerability exists in the Siemens PS/IGES Parasolid Translator component, which can be exploited by an...

7.8CVSS7.2AI score0.0039EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.18 views

Microsoft Edge 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an information disclosure vulnerability, which is caused by an out-of-bounds read in the V8 API. An attacker can exploit this vulnerability to obtain sensitive information...

6.5CVSS5.9AI score0.009EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/04/17 12:0 a.m.18 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from memory reuse after release...

6.5CVSS6.6AI score0.00489EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.18 views

Microsoft OLE DB Provider for SQL Server 安全漏洞

Microsoft OLE DB Driver for SQL Server is a standalone data access application programming interface API for OLE DB. A remote code execution vulnerability exists in Microsoft OLE DB Driver for SQL Server, which can be exploited by an attacker to execute arbitrary code on the system...

8.8CVSS8.8AI score0.024EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.18 views

Microsoft ODBC Driver 安全漏洞

Microsoft ODBC Driver is a driver from Microsoft Corporation USA. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in Microsoft ODBC Driver. An attacker could exploit the vulnerability to...

8.8CVSS8.9AI score0.02259EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.18 views

Byzro Networks Smart S80 代码问题漏洞

Byzro Networks Smart S80 is an Internet behavior management product from Byzro Networks. A code issue vulnerability exists in Byzro Smart S80 Management Platform 20240317 and prior versions, which stems from an unknown function in /useratte/userattestation.php that causes unrestricted uploads via...

5.8CVSS5.3AI score0.0124EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/03/25 12:0 a.m.18 views

iSulad 安全漏洞

iSulad is a lightweight container engine open-sourced by src-openEuler. A security vulnerability exists in iSulad version 2.0.18-13 version 2.1.4-1 and version 2.1.4-2, which stems from the presence of a race condition issue...

7CVSS6.4AI score0.00146EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.18 views

RSSHub 安全漏洞

RSSHub is an RSS feed generator written in Node.js, distributed under the MIT license and maintained by DIYgod and other GitHub users. A security vulnerability exists in RSSHub versions 1.0.0-master.cbbd829 through prior to 1.0.0-master.d8ca915, which stems from the presence of a cross-site...

6.1CVSS6.1AI score0.00521EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/01 12:0 a.m.18 views

phpseclib security vulnerability

phpseclib is a PHP secure communication library open-sourced by phpseclib. A security vulnerability exists in phpseclib versions prior to 1.0.23, 2.0.47, and 3.0.36, which stems from a potential denial of service when processing ASN.1 object identifiers for certificates...

7.5CVSS6.7AI score0.00569EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.18 views

WordPress plugin (Simply) Guest Author Name security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.4CVSS5.9AI score0.00513EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/01/31 12:0 a.m.18 views

SaltStack Salt 安全漏洞

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt that stems from an attacker being able to traverse a directory in order to...

5CVSS6AI score0.00693EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/01/13 12:0 a.m.18 views

WordPress Plugin MailMunch Constant Contact Forms Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.5CVSS5.7AI score0.00317EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/09 12:0 a.m.18 views

Microsoft Office 安全漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office has a code execution vulnerability that can be exploited by an attacker to execute arbitra...

7.8CVSS8AI score0.0326EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/18 12:0 a.m.18 views

Gallagher Controller 6000 Security Vulnerability

The Gallagher Controller 6000 is an interface between the Gallagher Command Center server and distributed field hardware from Gallagher New Zealand. A security vulnerability exists in Gallagher Controller 6000 versions prior to 8.70 vCR8.70.231204a, v8.60 and earlier, which stems from the presenc...

4.6CVSS6.2AI score0.00311EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/05 12:0 a.m.18 views

Microsoft Graphics Component Information Disclosure Vulnerability

Microsoft Graphics Component is a graphics driver component from Microsoft Corporation USA. An information disclosure vulnerability exists in Microsoft Graphics Component msgraph-sdk-php that originates from a vulnerability that allows an attacker to craft HTTP requests to be able to access syste...

5.4CVSS4.8AI score0.02203EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/02 12:0 a.m.18 views

NVIDIA vGPU software security vulnerability

NVIDIA vGPU Software is a management software from NVIDIA that is used to provide GPU capabilities to virtual machines. The software supports multiple virtual machines to access the host's GPU, providing graphics performance and application compatibility for virtual machines. A security...

5.5CVSS6.7AI score0.00171EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.18 views

Microsoft Windows Power Management Service Security Vulnerability

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows Power Management Service. An attacker could exploit this vulnerability to obtain sensitive information. The...

5.5CVSS6.4AI score0.00549EPSS
Exploits0References4
Total number of security vulnerabilities5000