Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

WordPress plugin JoomSport SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.3CVSS5.8AI score0.01323EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Apple macOS 后置链接漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 and earlier contained a backlink vulnerability, which was caused by improper handling of symbolic links. This vulnerability could allow applications to...

5.5CVSS5.3AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to 0.32.0 and 1.16.0 of Axios contain security vulnerabilities. These vulnerabilities stem from two prototype pollution tools that may cause upstream dependencies to pollute Object.prototype, allowing Axios to silently use the...

8.2CVSS5.3AI score0.00287EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Vim 代码注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Prior to Vim 9.2.0597, there was a code injection vulnerability. This vulnerability stemmed from Python’s omni-completion feature, which used exec to execute function and class definitions reconstructed from the curren...

8CVSS5.8AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Netty 资源管理错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.135.Final and 4.2.15.Final contained a resource management vulnerability. This...

7.5CVSS5.3AI score0.0038EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-24 contained a buffer error vulnerability. This vulnerability could occur when using the...

5.5CVSS5.6AI score0.00103EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained security vulnerabilities. These vulnerabilities stemmed...

5.5CVSS5.3AI score0.00111EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

National Security Agency Ghidra 路径遍历漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Prior to version 12.1 of National Security Agency Ghidra, there was a path traversal vulnerability. This vulnerability stemmed from SameDirDebugInfoProvider failing to valida...

4.6CVSS5.5AI score0.00185EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

National Security Agency Ghidra 资源管理错误漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to version 12.1 contained a resource management vulnerability. This vulnerability stemmed from the use of the...

4.6CVSS5.4AI score0.00144EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

National Security Agency Ghidra 路径遍历漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to 12.0.2 contained a path traversal vulnerability. This vulnerability stemmed from the extended installer’s failure to...

8.4CVSS5.5AI score0.00215EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

QNAP QTS 路径遍历漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have path traversal vulnerabilities, which allow remote attackers to access unexpected files or system data after...

6.5CVSS6AI score0.00392EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

VMware Spring Data REST 访问控制错误漏洞

VMware Spring Data REST is a data interface provided by the American company VMware. It is used to build domain models based on Spring Data repositories, and to expose hypermedia-driven HTTP resources for aggregates contained within those models. VMware Spring Data REST versions 3.7.0 and earlier...

7.5CVSS5.4AI score0.00306EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

WordPress plugin WPZOOM Portfolio 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5AI score0.00342EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

bit7z 路径遍历漏洞

bit7z is a file compression/uncompression tool developed by Riccardo as an individual project. Versions of bit7z prior to 4.0.12 contained a path traversal vulnerability. This vulnerability stemmed from a one-byte error in the SafeOutPathBuilder::restoreSymlink function, which could allow attacke...

3.6CVSS5.3AI score0.00116EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

National Security Agency Ghidra 路径遍历漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to 12.0.4 contained a path traversal vulnerability. This vulnerability stemmed from the theme import feature not verifying...

8.4CVSS5.5AI score0.00215EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

VMware Spring Data KeyValue和VMware Spring Data Redis 安全漏洞

VMware Spring Data KeyValue and VMware Spring Data Redis are both products of the American company VMware. VMware Spring Data KeyValue is a key-value storage data access framework. VMware Spring Data Redis is a Redis data access framework. Both VMware Spring Data KeyValue and VMware Spring Data...

6.4CVSS5.4AI score0.00202EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Prior versions of the Nimiq network-libp2p 1.4.0 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of the kad get-record query, where incorrect validation of records resulted in...

5.3CVSS5.3AI score0.00297EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

SpiceDB 授权问题漏洞

SpiceDB is a fine-grained permission database developed by the Authzed team. In versions 1.15.0 to 1.52.0 of SpiceDB, there was an authorization vulnerability. This vulnerability stemmed from the caveat structure, which contained nested lists, potentially leading to improper caching reuse...

2.3CVSS5.3AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Umbraco 输入验证错误漏洞

Umbraco is an open-source content management system CMS written in C by the Danish company Umbraco. Versions of Umbraco before 13.14.0 and 17.4.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from some Surface controllers failing to validate the redirect...

6.1CVSS5.3AI score0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

VMware Spring Data Commons 资源管理错误漏洞

VMware Spring Data Commons is a data access abstraction framework developed by VMware Corporation. There is a resource management vulnerability in VMware Spring Data Commons, which may lead to a StackOverflowException during the parsing of Sort parameters, resulting in a denial-of-service attack...

5.9CVSS5.3AI score0.0028EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Nimiq 数据伪造问题漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.4.0 had a data manipulation vulnerability. This vulnerability stems from a logical flaw in the BlockInclusionProof::isblockproven function, causing it to return true without performing any...

5.9CVSS5.2AI score0.0015EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

QNAP file station 异常处理不当漏洞

QNAP Systems File Station 6 is a file management software developed by QNAP Systems, a company based in Taiwan, China. There is a code vulnerability in QNAP Systems File Station 6, which stems from a null pointer dereferencing. This vulnerability could allow remote attackers to launch a...

6.5CVSS6AI score0.0028EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

BSimVis 跨站脚本漏洞

BSimVis is a binary program similarity analysis and visualization tool developed by the MISP Project. Versions of BSimVis up to v0.2.0 contained a cross-site scripting vulnerability. This vulnerability allowed attackers to execute operations as victims, access data that the victims could access, ...

6.9CVSS5.1AI score0.00277EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

National Security Agency Ghidra 安全漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to version 11.2 contained security vulnerabilities. These vulnerabilities were caused by an undefined static initialization...

4CVSS5.4AI score0.0011EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

QNAP QTS 安全漏洞

QNAP Systems QTS is a software with data storage and management capabilities developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems QTS prior to 5.2.7.3256 contained a security vulnerability. This vulnerability stemmed from command injection, which could allow remot...

9.8CVSS6.2AI score0.0029EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

VMware Spring Data Relational 安全漏洞

VMware Spring Data Relational is a relational database access framework developed by VMware, Inc. There is a security vulnerability in VMware Spring Data Relational, which stems from the improper escaping of external control inputs when using StringMatcher in Query By Example. Attackers can use...

4.8CVSS5.3AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Concrete CMS 代码问题漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS prior to 9.5.2 had code vulnerabilities. These vulnerabilities stemmed from calls to the unserialize function in the Permission, Cache, and Search components, which could allow unauthorize...

8.4CVSS5.6AI score0.0014EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Metrics::Any::Adapter::SignalFx 注入漏洞

Metrics::Any::Adapter::SignalFx is a Perl metric collection adapter module developed by PEVANS’ personal developers. Versions of Metrics::Any::Adapter::SignalFx prior to version 0.04 contained an injection vulnerability. This vulnerability occurred because the labels function did not check for li...

6.5CVSS5.3AI score0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions, developed by Erlang/OTP. This library can catch exceptions caused by Node.js’s built-in APIs. Erlang/OTP ssh versions prior to 6.0.0 had a security vulnerability. This vulnerability stemmed from the sshauth module’s use of...

6.3CVSS5.4AI score0.00354EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Frappe Learning Management System 注入漏洞

Frappe Learning Management System is an easy-to-use open-source learning management system developed by Frappe. Versions of the Frappe Learning Management System prior to 2.53.0 had a injection vulnerability. This vulnerability allowed authenticated users to provide malicious content in certain...

5.4CVSS5.3AI score0.00136EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Roxy-WI 代码问题漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier have a code vulnerability. This vulnerability stems from the /smon/agent/route function directly passing URL path components to requests.get, which may all...

6.5CVSS5.4AI score0.00218EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contain security vulnerabilities. These vulnerabilities stem from the SanitizeFilePath function, which uses string prefix checks instead of directory boundary checks. As a result,...

3.6CVSS5.3AI score0.00114EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

NSA Ghidra 安全漏洞

NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Previous versions of NSA Ghidra, up to version 12.1.1, contained security vulnerabilities. These vulnerabilities stemmed from the Mach-O binary parser,...

6.7CVSS5.3AI score0.00151EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Jenkins 输入验证错误漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have a vulnerability related...

4.3CVSS5.4AI score0.00239EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability stems from command injection, which...

8.6CVSS6AI score0.01049EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Palo Alto Networks Cortex XSIAM CommvaultSecurityIQ Marketplace和Palo Alto Networks Cortex XSOAR CommvaultSecurityIQ Marketplace 安全漏洞

Palo Alto Networks Cortex XSIAM CommvaultSecurityIQ Marketplace and Palo Alto Networks Cortex XSOAR CommvaultSecurityIQ Marketplace are both products of Palo Alto Networks. The Palo Alto Networks Cortex XSIAM CommvaultSecurityIQ Marketplace is a security operations integration extension package...

9.3CVSS5.4AI score0.00285EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

WordPress plugin Newsletters SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.5CVSS5.7AI score0.01382EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

ESP-IDF 输入验证错误漏洞

ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.5.4 and 6.0 of ESP-IDF contain input validation vulnerabilities. These vulnerabilities stem from issues with the security service wrapper component in the esptee module, which...

9.3CVSS5.3AI score0.00126EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Dulwich 操作系统命令注入漏洞

Dulwich is a Python-based Git repository management interface developed by Jelmer Vernooij. Versions of Dulwich from 0.24.0 to 1.2.5 had a vulnerability related to operating system command injection. This vulnerability stemmed from ProcessMergeDriver’s ability to replace file paths into the merge...

7.7CVSS5.8AI score0.00555EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Dulwich 路径遍历漏洞

Dulwich is a Python-based Git repository management interface developed by Jelmer Vernooij. Versions of Dulwich prior to 1.2.5 contained a path traversal vulnerability. This vulnerability occurred when deriving patch file names from the commit message, without properly cleaning path separators an...

3.3CVSS5.3AI score0.00139EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

SQLAlchemy Admin 安全漏洞

SQLAlchemy Admin is an open-source SQLAlchemy model management interface tool developed by Smithy HQ. Versions of SQLAlchemy Admin prior to 0.25.1 contained a security vulnerability. This vulnerability stemmed from the ajaxlookup endpoint in the application.py file, which bypassed the isaccessibl...

4.3CVSS5.3AI score0.00279EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Weblate 代码问题漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 2026.6 had code-related vulnerabilities. These vulnerabilities stemmed from the improper handling of some transition IPv6 ranges, multicast addresses, and partially...

5.9CVSS5.3AI score0.00291EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Fission 访问控制错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained a access control vulnerability. This vulnerability stemmed from the Fission Function’s access webhook verifying that the spec.secrets.namespace and spec.configmaps.namespace...

8.5CVSS5.3AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

WordPress plugin Easy Image Collage 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.1AI score0.00195EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Palo Alto Networks Prisma Access Agent for Linux 安全漏洞

Palo Alto Networks Prisma Access Agent for Linux is a Linux terminal security access client provided by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks Prisma Access Agent for Linux, which stems from a security control bypass. This vulnerability could allow local...

6.9CVSS5.3AI score0.00115EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

FTL 竞争条件问题漏洞

FTL is an open-source network advertising interception and statistics tool developed by Pi-hole. Versions of FTL prior to 6.6.1 contained a race condition vulnerability, which stems from race conditions in the HTTP session management subsystem. This vulnerability could allow attackers to perform...

8.8CVSS5.3AI score0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Kanidm 安全漏洞

Kanidm is a simple and secure identity management platform developed by Kanidm itself. Versions of Kanidm prior to 1.9.3 contained security vulnerabilities. These vulnerabilities were caused by the recursive descent PEG parser in SCIM endpoints, which led to a stack overflow when processing neste...

8.7CVSS5.5AI score0.00317EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

lmdeploy 代码注入漏洞

lmdeploy is a toolkit developed by InternLM for compressing, deploying, and serving LLMs. Versions of lmdeploy prior to 0.12.3 have a code injection vulnerability, which stems from the hard-coded trustremotecode=True setting. This vulnerability could lead to remote code execution within the...

7.8CVSS6.3AI score0.00148EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

lmdeploy 代码注入漏洞

lmdeploy is a toolkit developed by InternLM for compressing, deploying, and serving LLMs. Versions of lmdeploy prior to 0.12.3 have a code injection vulnerability. This vulnerability stems from the hardcoding of trustremotecode=True at multiple HuggingFace model loading points, which may allow...

7.8CVSS5.8AI score0.00142EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

BoxLite 安全漏洞

BoxLite is an open-source embedded microvirtual machine runtime developed by BoxLite. It provides hardware-isolated secure sandboxes for AI agents and code execution scenarios. Versions of BoxLite 0.8.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from using a...

6.5CVSS5.9AI score0.00268EPSS
Exploits0References1
Total number of security vulnerabilities5000