Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2021/08/24 12:0 a.m.18 views

F5 BIG-IP 资源管理错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG-IP Advanced WAF and ASM MySQL database denial of service vulnerability is associated with a policy on Virtul Serve...

5.3CVSS5.6AI score0.00919EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/08/16 12:0 a.m.18 views

D-Link DSL-2750U安全漏洞

The D-Link DSL-2750U is a wireless N 300 ADSL2 modem router.An unauthorized configuration modification vulnerability exists in the D-Link DSL-2750U ME1.16 and earlier versions. An attacker could use this vulnerability to modify the configuration without authorization...

5.5CVSS5.6AI score0.01541EPSS
Exploits2References4
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.18 views

Adobe Connect 跨站脚本漏洞

Adobe Connect is an online video conferencing software. A reflected cross-site scripting vulnerability exists in Adobe Connect 11.2.2 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...

6.1CVSS5.7AI score0.0135EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/08/05 12:0 a.m.18 views

Bento4 代码问题漏洞

Bento4 is a C class library and tool for reading and writing ISO-MP4 files. A null pointer dereference vulnerability exists in the AP4StszAtom::WriteFields function in Ap4StszAtom.cpp in Bento4 1.6.0-636 and earlier versions. An attacker could exploit this vulnerability to cause a denial of servi...

6.5CVSS5.7AI score0.00976EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.18 views

WordPress SQL注入漏洞

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Quiz Maker plugin is an application plugin for WordPress. A SQL injection vulnerability exists in WordPress Quiz Maker...

7.2CVSS7.3AI score0.01292EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/07/26 12:0 a.m.18 views

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Woocommerce. The vulnerability stems from a lack o...

4.9CVSS5.7AI score0.01265EPSS
Exploits2References4
CNNVD
CNNVD
added 2021/07/07 12:0 a.m.18 views

Joomla! 跨站脚本漏洞

A cross-site scripting vulnerability exists in versions 3.0.0 to 3.9.27, which could be exploited to lure users into clicking on and executing client-side code to steal user cookie credentials...

6.1CVSS5.3AI score0.00877EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/06/11 12:0 a.m.18 views

Industrial Light and Magic OpenEXR 缓冲区错误漏洞

OpenEXR is an image file format for high dynamic range HDR images.A security vulnerability exists in OpenEXR, which stems from a flaw in the ImfDeepScanLineInputFile functionality. An attacker could use the upstairs to trigger an out-of-bounds read by submitting a harmful file to an application...

5.5CVSS5.5AI score0.00428EPSS
Exploits1References15
CNNVD
CNNVD
added 2021/06/10 12:0 a.m.18 views

Jenkins 跨站请求伪造漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . The Jenkins XebiaLabs XL Deploy Plugin suffers from a cross-site request forgery vulnerability that stems from a...

8.8CVSS5.6AI score0.00662EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/06/08 12:0 a.m.18 views

Microsoft Office SharePoint 信息泄露漏洞

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. An information...

6.5CVSS6.1AI score0.0452EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/06/02 12:0 a.m.18 views

多款Huawei产品输入验证错误漏洞

Huawei S12700 and others are an enterprise-class switch product from Huawei China. A number of Huawei products command injection vulnerability, attackers can use the vulnerability to send malicious parameters can be injected into the command line, affecting normal functionality...

7.2CVSS5.7AI score0.00917EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/05/17 12:0 a.m.18 views

Google Kubernetes 代码问题漏洞

Google Kubernetes is a set of open source Docker container cluster management system from the U.S. company Google Google. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. A code issue vulnerability exists ...

6.7CVSS7.4AI score0.00458EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/05/11 12:0 a.m.18 views

Microsoft Windows Codecs 缓冲区错误漏洞

Microsoft Windows Codecs is an operating system from Microsoft. It provides a multitasking graphical user interface. A buffer error vulnerability exists in the Microsoft Windows Codecs Library. The following products and versions are affected:Web Media Extensions...

7.8CVSS7.5AI score0.03663EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/05/11 12:0 a.m.18 views

Microsoft Internet Explorer 缓冲区错误漏洞

Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from Microsoft Corporation USA. A buffer error vulnerability exists in Internet Explorer. The following products and versions are affected: Internet Explorer 11, Internet Explorer 9...

7.6CVSS7.9AI score0.22595EPSS
Exploits3References6
CNNVD
CNNVD
added 2021/04/21 12:0 a.m.18 views

NVIDIA Windows GPU Display Driver 代码问题漏洞

Nvidia NVIDIA Windows GPU Display Driver is a graphics processor GPU graphics card driver for the Windows platform from Nvidia. A code issue vulnerability exists in NVIDIA Windows GPU Display Driver for Windows, which stems from a flaw in the kernel driver, where a null pointer dereference could...

5.5CVSS5.8AI score0.00219EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/04/20 12:0 a.m.18 views

Oracle VM VirtualBox 输入验证错误漏洞

Oracle VM VirtualBox is a virtual machine management software from Oracle. Oracle VM VirtualBox suffers from an input validation error vulnerability that stems from an input validation error in the core components of Oracle VM VirtualBox. No detailed vulnerability details are provided at this tim...

7.1CVSS6.5AI score0.00337EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/04/19 12:0 a.m.18 views

Fibaro Home Center 2 安全漏洞

FIBARO Home Center 2 is an application system of the Polish company FIBARO. A system integration system. A security vulnerability exists in Fibaro Home Center 2 that stems from the fact that communications between users and devices can be eavesdropped on to hijack sessions, tokens, and passwords...

8.1CVSS7.7AI score0.01421EPSS
Exploits3References4
CNNVD
CNNVD
added 2021/03/31 12:0 a.m.18 views

IMAGE CONQUEST DICOM SERVER 命令注入漏洞

IMAGE CONQUEST DICOM SERVER is IMAGE an open source application. It can store, validate, query and retrieve through programmable SQL database tables. A security vulnerability exists in CONQUEST DICOM SERVER before 1.5.0, which can be exploited by attackers to execute malicious code...

9.8CVSS8.6AI score0.01497EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/03/26 12:0 a.m.18 views

WonderLink Yomi-Search 跨站脚本漏洞

WonderLink Yomi-Search is a WonderLink application. A versatile search engine. A cross-site scripting vulnerability exists in version 4.22 of Yomi-Search Ver4.22, which originates from the ability to execute arbitrary script on the web browser of a user accessing a website that uses Yomi-Search. ...

6.1CVSS8.4AI score0.00756EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/03/18 12:0 a.m.18 views

Wordpress Modern Events Calendar Lite 访问控制错误漏洞

Wordpress Modern Events Calendar Lite is an open source application plugin for Wordpress. This plugin is the best tool for managing event websites. An access control error vulnerability exists in the WordPress Modern Events Calendar Lite plugin before 5.16.5, which stems from not properly...

7.5CVSS7.3AI score0.31043EPSS
Exploits5References4
CNNVD
CNNVD
added 2021/03/05 12:0 a.m.18 views

Rafael França activerecord-session_store 安全漏洞

Rafael França activerecord-sessionstore is an open source application by Rafael França. A default class is provided, but any object with a textual sessionid and data attribute duck-typed into the Active Record Session class is sufficient. A security vulnerability exists in all versions of...

5.3CVSS6.8AI score0.01835EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/02/09 12:0 a.m.18 views

GE Digital HMI/SCADA iFIX Permission License and Access Control Issues Vulnerability

Genesys PureEngage Digital is an omni-channel customer interaction management platform from Genesys. The platform supports features such as online chat, email and SMS Short Message Service. A security vulnerability exists in GE Digital HMI/SCADA iFIX that originates from allowing a locally...

5.5CVSS6.1AI score0.00204EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/01/22 12:0 a.m.18 views

Cross-Site Scripting Vulnerability in Multiple NEC Aterm Products

The NEC Aterm WG2600HP and others are a wireless router from NEC Corporation of Japan. A cross-site scripting vulnerability exists in multiple Aterm products, which stems from a lack of proper validation of client-side data by the WEB application. The vulnerability can be exploited by an attacker...

6.1CVSS6.8AI score0.01044EPSS
Exploits0References5
CNNVD
CNNVD
added 2020/12/29 12:0 a.m.18 views

Command Injection Vulnerability in Multiple NETGEAR Devices

Netgear NETGEAR is a router from the American company Netgear. It is a hardware device that connects two or more networks and acts as a gateway between networks. Certain NETGEAR devices are vulnerable to a command injection vulnerability that affects the following products and versions: D7800...

6.8CVSS5.8AI score0.00715EPSS
Exploits0References2
CNNVD
CNNVD
added 2020/12/15 12:0 a.m.18 views

Google Asylo Buffer Error Vulnerability

Google Asylo is a framework for developing trusted applications from Google Inc. in the United States. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation. A security vulnerability exists in Asylo up to 0.6.0, which allows an...

5.5CVSS6.2AI score0.0013EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the fact that the endpoint for batch role removal does not perform fine-grained permission checks. This could allow with limited permissions to remove...

4.9CVSS5.3AI score0.00201EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. In versions prior to 149.0.7827.115, there was a resource management vulnerability. This vulnerability stemmed from a problem with reusing resources after they were released by the Network component. This could allow attackers with privilege...

8.1CVSS5.4AI score0.00225EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

ClipBucket V5 安全漏洞

ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3 – including version 133 – contained security vulnerabilities. These vulnerabilities were due to lack of authorization, which could allow ordinary authenticated users...

6.5CVSS5.3AI score0.002EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Quest Bot 信息泄露漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.4 contained an information leakage vulnerability. This vulnerability stemmed from the logging feature not restricting channel access, allowing configured users to...

5.7CVSS5.3AI score0.00251EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

ClipBucket V5 操作系统命令注入漏洞

ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3 – including version 140 – contained an operating system command injection vulnerability. This vulnerability stemmed from the remote playback feature allowing direct...

9.8CVSS5.6AI score0.00603EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

MCP Server Kubernetes 参数注入漏洞

MCP Server Kubernetes is an MCP server for Kubernetes management, developed by Suyog Sonwalkar. Versions of MCP Server Kubernetes prior to 3.7.0 contained a parameter injection vulnerability. This vulnerability stemmed from the kubectl generic tool not performing a whitelist check on the tokens...

6.1CVSS5.4AI score0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

KanaDojo 操作系统命令注入漏洞

KanaDojo is an attractive and customizable Japanese learning platform developed by lingdojo. KanaDojo has a vulnerability related to operating system command injection. This vulnerability arises from command injection, and it could allow attackers with access to pull requests to execute arbitrary...

8.5CVSS5.9AI score0.0091EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Summarize 代码问题漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.17.0 contained code vulnerabilities. These vulnerabilities were caused by server-side request forgeing attacks. Attackers could exploit these vulnerabilities by providing maliciou...

7.4CVSS5.4AI score0.00265EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

GitLab 资源管理错误漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 12.0, 18.10.8, 18.11.5, and 19.0.2...

6.5CVSS5.8AI score0.00321EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Google Cloud Platform Dialogflow CX 安全漏洞

Google Cloud Platform Dialogflow CX is a conversational AI development platform based on natural language understanding and generation technology, provided by Google, Inc. There is a security vulnerability in Google Cloud Platform Dialogflow CX. This vulnerability stems from the lack of...

9.4CVSS5.3AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

WordPress plugin SliceWP 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5AI score0.00142EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

OpenClaw 权限许可和访问控制问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.27 had code-related vulnerabilities. These vulnerabilities stemmed from issues with code execution during the skill installation process. The workarea.env file could override th...

8.8CVSS6.3AI score0.00298EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Brickcom多款产品 访问控制错误漏洞

Brickcom Cube, among others, are products of the Brickcom company. The Brickcom Cube is a series of indoor network surveillance cameras. The Brickcom Dome is a series of hemispherical network surveillance cameras. The Brickcom Bullet is a series of gun-type network surveillance cameras. Several o...

8.3CVSS5.4AI score0.00156EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

OpenClaw 授权问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.22 contained security vulnerabilities. These vulnerabilities stemmed from a location verification issue in the Control UI pairing mechanism. This allowed attackers with network...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Apple macOS 路径遍历漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 and earlier contained a path traversal vulnerability. This vulnerability stemmed from parsing issues with directory path handling, which could allow...

5.5CVSS5.3AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Axios 注入漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios from 1.15.2 to 1.16.0 had a injection vulnerability. This vulnerability stemmed from the lack of hasOwnProperty checks on nested objects created by the utils.merge function. This could lead to prototype pollution and...

5.3CVSS5.2AI score0.00228EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability, which was caused by improper implementation of the password function. This vulnerability could allow remote attackers to bypass site...

3.1CVSS5.3AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

CyberArk Idira Endpoint Privilege Manager 信任管理问题漏洞

CyberArk Idira Endpoint Privilege Manager is a terminal privilege management agent developed by the American company CyberArk. Versions of CyberArk Idira Endpoint Privilege Manager prior to version 26.5 contained vulnerabilities related to trust management. These vulnerabilities stemmed from...

8.5CVSS5.4AI score0.00128EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

CodexBar 安全漏洞

CodexBar is an AI programming service usage monitoring tool developed by Peter Steinberger. Versions of CodexBar prior to 0.33.0 contained security vulnerabilities. These vulnerabilities stemmed from credential forwarding, which could allow network adjacent attackers to intercept sensitive...

6CVSS5.3AI score0.00253EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Axios 代码注入漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios from 0.19.0 to 0.31.1, as well as versions before 1.15.2, have a code injection vulnerability. This vulnerability stems from a prototype pollution tool present in request configuration processing, which may lead to the...

7CVSS5.4AI score0.00495EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

WordPress plugin JoomSport SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.3CVSS5.8AI score0.01323EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to 0.32.0 and 1.16.0 of Axios contain security vulnerabilities. These vulnerabilities stem from two prototype pollution tools that may cause upstream dependencies to pollute Object.prototype, allowing Axios to silently use the...

8.2CVSS5.3AI score0.00287EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Vim 代码注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Prior to Vim 9.2.0597, there was a code injection vulnerability. This vulnerability stemmed from Python’s omni-completion feature, which used exec to execute function and class definitions reconstructed from the curren...

8CVSS5.8AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Netty 资源管理错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.135.Final and 4.2.15.Final contained a resource management vulnerability. This...

7.5CVSS5.3AI score0.0038EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-24 contained a buffer error vulnerability. This vulnerability could occur when using the...

5.5CVSS5.6AI score0.00103EPSS
Exploits0References1
Total number of security vulnerabilities5000