Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Spring Security 授权问题漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. Vulnerabilities related to authorization exist in versions 5.7.0 to 5.7.24, 5.8.0 to 5.8.26, 6.3.0 to 6.3.17, 6.4.0 to 6.4.17, and 6.5.0 to 6.5.10 of Spring Security...

8.1CVSS5.4AI score0.00116EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

VMware Spring for Apache Kafka 代码问题漏洞

VMware Spring for Apache Kafka is a Kafka messaging integration framework developed by VMware, Inc. Versions of VMware Spring for Apache Kafka prior to 4.0.0, as well as versions 3.3.0 and earlier, 3.2.0 and earlier, 2.9.0 and earlier, and 2.8.0 and earlier, contain code vulnerabilities. These...

8.1CVSS5.6AI score0.00489EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Lenovo ThinkPad 缓冲区错误漏洞

The Lenovo ThinkPad is a portable computer by the company Lenovo. The Lenovo ThinkPad has a buffer error vulnerability, which stems from an out-of-bounds write issue in the BIOS. This vulnerability may allow privileged local users to execute code in the system management mode...

8.4CVSS5.9AI score0.00121EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper handling of file backend mounting by the erofs file system. This issue may allow I/O...

5.5CVSS5.3AI score0.00114EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

tmux 缓冲区错误漏洞

tmux is an open-source terminal multiplexer developed by tmux. Versions of tmux 3.6a and earlier contained a buffer error vulnerability. This vulnerability stemmed from the imagefree function in image.c, which allowed reusing memory after it had been freed, potentially leading to local attacks...

4.5CVSS5.1AI score0.00124EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Adobe Acrobat Reader 资源管理错误漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability that ste...

7.8CVSS7.6AI score0.00285EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

SAP Business Objects 安全漏洞

SAP Business Objects is a business intelligence suite developed by the German company SAP. There is a security vulnerability in SAP Business Objects, which allows unauthorized attackers to access certain endpoints and thereby disclose sensitive information...

3.7CVSS5.2AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Adobe Acrobat Reader 资源管理错误漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability. This...

7.8CVSS5.9AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

GPAC MP4Box 代码问题漏洞

GPAC MP4Box is a open-source multimedia packager from GPAC. It is primarily used for processing ISOBMF files such as MP4 and 3GP, but it can also be used for importing/exporting media from container files like AVI, MPG, MKV, and MPEG-2 TS. Version 2.4 of GPAC MP4Box has a code vulnerability cause...

7.5CVSS5.3AI score0.00467EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Tenda W3 安全漏洞

The Tenda W3 is a wireless access point device produced by the Chinese company Tenda. Version 1.0.0.32204 of the Tenda W3 Wireless Router contains a security vulnerability. This vulnerability stems from an stack overflow in the wlradio parameter within the formwrlSSIDget function, which could all...

6.5CVSS5.5AI score0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Microsoft Windows Cryptographic Services 授权问题漏洞

Microsoft Windows Cryptographic Services are encryption services provided by Microsoft Corporation. There is an authorization issue vulnerability in Microsoft Windows Cryptographic Services. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions ar...

8.4CVSS5.3AI score0.00261EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Microsoft Remote Desktop Client 安全漏洞

Microsoft Remote Desktop Client is a remote desktop client developed by Microsoft Corporation. There are security vulnerabilities present in Microsoft Remote Desktop Client. Attackers can exploit these vulnerabilities to execute code. The following products and versions are affected: Windows 10...

7.5CVSS5.6AI score0.00461EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Netcad E-İmar SQL注入漏洞

Netcad E-İmar is a GIS-based urban planning information query platform developed by the Turkish company Netcad. Versions of Netcad E-İmar from 2.10.1.0 to 3.0.2 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of special elements within SQL commands, whic...

9.8CVSS5.7AI score0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Tenda O3 安全漏洞

The Tenda O3 is an outdoor wireless bridge produced by the Chinese company Tenda. The Tenda O3v3 1.0.0.5 version contains a security vulnerability. This vulnerability stems from a stack overflow issue in the savelistdata parameter of the formSetCfm function, which could allow attackers to cause...

7.5CVSS5.5AI score0.00397EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

OpenSSL 加密问题漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables the implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure has...

9.1CVSS5.8AI score0.00237EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

3.7CVSS5.4AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Adobe Acrobat Reader 缓冲区错误漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a buffer error vulnerability. This vulnerability stems from...

5.5CVSS5.5AI score0.00154EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Microsoft Windows NTLM 日志信息泄露漏洞

Microsoft Windows is an operating system used on personal devices by the American company Microsoft. Microsoft Windows NTLM has a vulnerability that allows for information leakage. Attackers can exploit this vulnerability to obtain sensitive information. The following products and versions are...

7.5CVSS6.6AI score0.00662EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Dell/Alienware Purchased Apps 后置链接漏洞

Dell/Alienware Purchased Apps is a pre-installed software management tool developed by the American company Dell. Versions of Dell/Alienware Purchased Apps prior to 1.1.32.0 contained a backlink vulnerability. This vulnerability stemmed from improper link resolution before file access, which coul...

6.3CVSS5.5AI score0.00097EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Schneider Electric Data Center Expert 代码问题漏洞

Schneider Electric Data Center Expert is a data monitoring software developed by Schneider Electric, a multinational technology company. Schneider Electric Data Center Expert has a code vulnerability caused by improper restrictions on XML external entity references. This vulnerability could allow...

7.1CVSS5.4AI score0.00233EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Apptha Slider Gallery SQL注入漏洞

Apptha Slider Gallery is a website image carousel and gallery display plugin provided by Apptha Corporation. Version 1.0 of Apptha Slider Gallery has a SQL injection vulnerability. This vulnerability stems from insufficient cleaning of the albid parameter, which may allow unauthenticated attacker...

8.8CVSS5.7AI score0.00295EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

FreeSWITCH 授权问题漏洞

FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and short message-based products and applications. Prior to FreeSWITCH version 1.11.1, there was an...

4.3CVSS5.4AI score0.00172EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Microsoft Windows 权限许可和访问控制问题漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a access control vulnerability in Microsoft Windows. Attackers can exploit this vulnerability to bypass certain features. The following products and versions are affected: Windows 11...

7.8CVSS5.9AI score0.00291EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

SEMCMS 访问控制错误漏洞

SEMCMS is an open-source content management system CMS for foreign trade websites that supports multiple languages. Version SEMCMS 5.0 has a access control vulnerability, which stems from an unauthorized access vulnerability in the SEMCMScopy.php file...

7.5CVSS5.3AI score0.00232EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

lldpd 缓冲区错误漏洞

LLDPD is a daemon capable of receiving and sending LLDP frames. Versions of LLDPD prior to 1.0.22 contained a buffer error vulnerability. This vulnerability stemmed from an error in the memmove byte count calculation by the lldpddecode function when stripping the 802.1Q VLAN tag, which could lead...

6.5CVSS5.6AI score0.00225EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Adobe Dreamweaver Desktop 访问控制错误漏洞

Adobe Dreamweaver Desktop is a web design and development software provided by Adobe, a company based in America. Versions of Adobe Dreamweaver Desktop starting from 21.7 and earlier contain an access control vulnerability. This vulnerability stems from improper access control mechanisms, which m...

8.6CVSS5.4AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Adobe Experience Manager Forms 跨站脚本漏洞

Adobe Experience Manager Forms is a form content management solution developed by Adobe, a company based in America. This product includes features for form creation, management, publishing, as well as communication management, document security, and integration analysis. The Adobe Experience...

4.8CVSS5.1AI score0.00175EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

NETGEAR 多款产品输入验证错误漏洞

NETGEAR is a router product from the American company NETGEAR. It is a hardware device used to connect two or more networks, acting as a gateway between them. Several NETGEAR products have a vulnerability related to input validation. This vulnerability allows attackers to intercept and tamper wit...

9.1CVSS6AI score0.00397EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Tenda W15E 安全漏洞

The Tenda W15E is a wireless router produced by the Chinese company Tenda. The version 15.11.0.10 of the Tenda W15E contains a security vulnerability. This vulnerability stems from a buffer overflow in the picName parameter of the formDelwebAuthPic function, which could allow attackers to cause...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Dolibarr ERP CRM 安全漏洞

Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM prior to 23.0.2 contain security vulnerabilities. These vulnerabilities stem from unauthorized permissions granted to unknown functions in the...

6.5CVSS6.5AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Adobe InDesign Desktop 缓冲区错误漏洞

Adobe InDesign Desktop is a professional desktop publishing and design software, primarily used for page layout, graphic design, and publishing in print and digital media. There is a security vulnerability in Adobe InDesign Desktop. This vulnerability stems from an improper validation of the read...

5.5CVSS5.8AI score0.00155EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

WordPress plugin Single Personal Message SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blogs on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed to...

7.1CVSS5.8AI score0.00221EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Adobe Acrobat Reader 输入验证错误漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a vulnerability related to input validation...

5.5CVSS5.5AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Dell iDRAC Tools 后置链接漏洞

Dell iDRAC Tools are a series of tools developed by the American company Dell for managing and maintaining Dell servers. Versions of Dell iDRAC Tools prior to 11.4.1.0 contained a post-link vulnerability, which stemmed from improper link resolution before file access. This vulnerability could all...

6CVSS5.3AI score0.00095EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Tenda W15E 安全漏洞

The Tenda W15E is a wireless router produced by the Chinese company Tenda. The version 15.11.0.10 of the Tenda W15E contains a security vulnerability. This vulnerability stems from a buffer overflow in the webAuthWhiteID parameter within the formModifyWebAuthWhiteUser function, which could allow...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Adobe Acrobat Reader 资源管理错误漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability. This...

7.8CVSS5.9AI score0.00165EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Microsoft Windows 安全漏洞

Microsoft Windows is an operating system used on personal devices by the American company Microsoft. There are security vulnerabilities in Microsoft Windows, which stem from SecureBoot bypasses. These vulnerabilities could allow attackers with administrative privileges or those capable of modifyi...

7.8CVSS5.9AI score0.00097EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

WordPress plugin PICA Photo Gallery SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS5.8AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS5.1AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from the...

7.1CVSS5.3AI score0.00103EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

TYPO3 CMS SQL注入漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source framework. Versions of TYPO3 CMS from 14.0.0 to 14.3.3 contain SQL injection vulnerabilities. These vulnerabilities stem from backend users who have database table writing privileges and can directly create, update, or...

8.7CVSS5.8AI score0.00244EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Tenda G0 安全漏洞

Tenda G0 is a router produced by the Chinese company Tenda. The version 15.11.0.5 of Tenda G0 contains a security vulnerability. This vulnerability stems from multiple stack overflows in the enable, level, and module parameters of the formSetDebugCfgr function. It may allow attackers to cause...

6.5CVSS5.4AI score0.00301EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS6.1AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

gpac 缓冲区错误漏洞

GPAC MP4Box is a open-source multimedia packager developed by GPAC. It is primarily used for processing ISOBMF files such as MP4 and 3GP, but it can also be used for importing/exporting media from container files like AVI, MPG, MKV, and MPEG-2 TS. Version 2.4 of GPAC MP4Box contains a security...

7.5CVSS6.1AI score0.005EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Adobe Acrobat Reader 资源管理错误漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability. This...

7.8CVSS7.8AI score0.00257EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Microsoft Remote Desktop Client 竞争条件问题漏洞

Microsoft Remote Desktop Client is a remote desktop client developed by Microsoft Corporation. The Microsoft Remote Desktop Client has vulnerabilities related to race conditions. The following products and versions are affected: Windows 10 Version 1809 for 32-bit systems, Windows 10 Version 1809...

7.5CVSS5.4AI score0.00397EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Evoluted PHP Directory Listing Script 跨站脚本漏洞

Evoluted PHP Directory Listing Script is a PHP-based directory indexing and file browsing script developed by the British company Evoluted. Versions of Evoluted PHP Directory Listing Script 4.0.5 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the dir...

5.4CVSS5.2AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Tenda W20E 安全漏洞

The Tenda W20E is a router produced by the Chinese company Tenda. The version 15.11.0.6 of the Tenda W20E contains a security vulnerability. This vulnerability stems from a buffer overflow in the webAuthWhiteUserInfo parameter within the formAddWebAuthWhiteUser function. It is possible for...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Siemens多款产品 代码问题漏洞

Siemens SIPROTEC 5 6MD84, among others, are relay devices produced by the German company Siemens. Several Siemens products have code vulnerabilities. These vulnerabilities stem from allowing authenticated users to upload arbitrary files via the DIGSI 5 protocol, which may lead to denial of servic...

6.9CVSS5.8AI score0.00186EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Microsoft Dynamics 365 安全漏洞

Microsoft Dynamics 365 is a ERP business solution developed by the American company Microsoft, designed for multinational enterprises. It is used for financial management, production management, and business intelligence management, among other purposes. There are security vulnerabilities in...

8.8CVSS5.4AI score0.0063EPSS
Exploits0References2
Total number of security vulnerabilities5000