Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Hermes Web UI 安全漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.303 contained security vulnerabilities, which were caused by a TOCTOU race condition in the gitdiscard function. This vulnerability could allow attackers to delete file...

5CVSS5.3AI score0.00081EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Microsoft Visual Studio Code 代码注入漏洞

Microsoft Visual Studio Code is an open-source code editor developed by the American company Microsoft. Microsoft Visual Studio Code has a code injection vulnerability. Attackers can exploit this vulnerability to gain higher privileges...

7.8CVSS5.5AI score0.00368EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

SAP S/4HANA SQL注入漏洞

SAP S/4HANA is a enterprise resource management software developed by SAP, a German company, based on the SAP HANA memory database system. SAP S/4HANA has a SQL injection vulnerability, which stems from SQL injections in remote enabled module components, potentially allowing unauthorized database...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Microsoft Windows Push Notifications 竞争条件问题漏洞

Microsoft Windows Push Notifications is a push notification service provided by the American company Microsoft. It provides a reliable way to deliver new updates. There are compatibility issues with Microsoft Windows Push Notifications. The following products and versions are affected: Windows 10...

7.8CVSS5.2AI score0.00204EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

bookcars 安全漏洞

BookCars is a car rental management platform developed by Akram El Assas. Version 8.3 of BookCars contains a security vulnerability. This vulnerability stems from the/api/create-car-image component, which has a vulnerability related to arbitrary file uploads. This could allow attackers to execute...

5.4CVSS5.9AI score0.00217EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Microsoft Windows Secure Boot 权限许可和访问控制问题漏洞

Microsoft Windows Secure Boot is a security boot feature provided by the American company Microsoft. There is an access control error vulnerability in Microsoft Windows Secure Boot. Attackers can exploit this vulnerability to bypass certain features. The following products and versions are...

7.9CVSS5.9AI score0.00309EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.17 views

WordPress plugin Seotheme 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.8CVSS6.8AI score0.00613EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.17 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a scan competition condition in KVM, and it could lead to system crashes...

5.5CVSS5.3AI score0.00112EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.17 views

SourceCodester Class and Exam Timetabling System 注入漏洞

SourceCodester Class and Exam Timetabling System is an open-source classroom and exam scheduling system developed by SourceCodester. Version 1.0 of the SourceCodester Class and Exam Timetabling System has a SQL injection vulnerability, which arises from incorrect handling of the parameter "sy" in...

7.5CVSS7.5AI score0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.17 views

WordPress plugin SEO Plugin by Squirrly SEO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.3AI score0.00296EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.17 views

Seagate openSeaChest 安全漏洞

Seagate openSeaChest is a set of cross-platform storage device management tools developed by Seagate Corporation. The version v26.03.0 of Seagate openSeaChest contains a security vulnerability. This vulnerability stems from out-of-bound writing during the Trim/Unmap operations, which may lead to...

4.6CVSS5.4AI score0.00114EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.17 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from the exhaustion of function resources in ubsanthrowingruntime.cpp. This vulnerability may lead to local persistent denial-of-service...

5.5CVSS5.3AI score0.00071EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.17 views

TRAC PDBM 安全漏洞

TRAC PDBM is an industrial automation process database management software developed by the Slovenian company TRAC. TRAC PDBM has a security vulnerability that stems from the use of static, hard-coded keys. This vulnerability could allow attackers to decrypt credentials stored in configuration...

6.4CVSS5.4AI score0.00065EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/31 12:0 a.m.17 views

TRENDnet TEW-432BRP 命令注入漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by the TRENDnet company. The TRENDnet TEW-432BRP 3.10B20 version has a command injection vulnerability. This vulnerability stems from the parameter sysCmd in the formSysCmd function within the goform/formSysCmd file, which allows for...

6.5CVSS6.6AI score0.0105EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/31 12:0 a.m.17 views

Aider 安全漏洞

Aider is an open-source terminal AI pair programming tool developed by Aider AI. Version 0.86.3 of Aider contains a security vulnerability. This vulnerability stems from the git-commit-verify operation in the Pre-commit Hook Handler component, which causes the protection mechanism to fail. An...

6.5CVSS6.7AI score0.00228EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.17 views

JetBrains PyCharm 跨站脚本漏洞

JetBrains PyCharm is an integrated development environment IDE for Python language developed by the Czech company JetBrains. Versions of JetBrains PyCharm prior to 2025.3.4 contained a cross-site scripting vulnerability, which originated from Markdown cells in Jupyter notebooks, where a...

6.1CVSS5.6AI score0.00181EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.17 views

XCharge C6 安全漏洞

XCharge C6 is a series of intelligent electric vehicle DC charging stations developed by the German company XCharge. There is a security vulnerability in the XCharge C6, which stems from a configuration flaw in the device’s remote management service. This flaw allows for the establishment of...

8.6CVSS5.8AI score0.00185EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.17 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the SPI/RSPI controller releases underlying resources such as DMA without properly...

5.8AI score0.00119EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.17 views

InHand IR Series 安全漏洞

The InHand IR Series is a series of industrial-grade cellular wireless routers produced by InHand Corporation in the United States. The InHand IR Series contains a security vulnerability, which stems from command injection in the ZeroTier VPN function. This vulnerability could allow attackers to...

9.8CVSS5.9AI score0.01243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.17 views

MENNEKES AMTRON 安全漏洞

MENNEKES AMTRON is a series of electric vehicle AC charging stations and wall-mounted charging systems from MENNEKES Corporation. Versions of MENNEKES AMTRON 5.22.3 and earlier contain security vulnerabilities. These vulnerabilities stem from authentication bypasses, which may allow unauthenticat...

10CVSS5.8AI score0.00612EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.17 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an issue with the switch case statement in the loongsongpufixupdmahang function within LoongArch...

5.8AI score0.00095EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.17 views

RELATE 跨站脚本漏洞

RELATE is a web-based course package developed by Andreas Klöckner. RELATE has a cross-site scripting vulnerability. This vulnerability stems from the getuser method in ParticipationAdmin, which uses marksafe for rendering user-controlled inputs, bypassing Django’s HTML escaping. This may lead to...

8.7CVSS5.6AI score0.0031EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.17 views

Jenkins LDAP Plugin 安全漏洞

The Jenkins LDAP Plugin is an open-source Jenkins directory service identity authentication plugin developed by Jenkins. The Jenkins LDAP Plugin version 807.v7d7de30930cf and earlier versions have security vulnerabilities, which stem from unvalidated deserialization of LDAP reference data...

6.6CVSS5.8AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.17 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of untrusted inputs by the WebGL component, which could allow a remote attacker...

8.3CVSS5.9AI score0.00228EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.17 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the uninitialized data in the RTMGETNEIGH response message in the net/mctp module. This could lead to t...

5.8AI score0.00128EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.17 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECT24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymbCONNECT24 is an internal...

7.1CVSS5.9AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.17 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.17 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a buffer overflow vulnerability, which was caused by out-of-bounds writes in the V8 engine. This vulnerability could allow remote attackers to execute arbitrary code within a sandbo...

8.8CVSS6.5AI score0.00291EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.17 views

dalfox 访问控制错误漏洞

Dalfox is an automated cross-site scripting scanning tool developed by HAHWUL. Versions of Dalfox prior to 2.13.0 contained a access control vulnerability. This vulnerability stemmed from the default binding of the REST API server to 0.0.0.0:6664, without the need for an API key. Additionally, th...

10CVSS5.9AI score0.01051EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.17 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ccrete function in ccree failing when ccmaphashrequestfinal fails, resulting in the omission ...

5.8AI score0.00123EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.17 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.17 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from nfsd’s improper handling of request delays during the idmap search process. This issue may cause...

5.8AI score0.00123EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.17 views

SourceCodester CET Automated Grading System with AI Predictive Analytics 安全漏洞

SourceCodester CET Automated Grading System with AI Predictive Analytics is an open-source English language assessment system based on artificial intelligence predictive analytics, developed by SourceCodester. Version 1.0 of the SourceCodester CET Automated Grading System with AI Predictive...

5.3CVSS5.6AI score0.00159EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.17 views

Joomla! CMS 访问控制错误漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has a vulnerability related to access control, which stems from improper access checks. As a result, users with low privileges can edit the task types of existing scheduling programs...

6.4CVSS5.8AI score0.00154EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.17 views

luci-app-https-dns-proxy 命令注入漏洞

Luci-app-https-dns-proxy is an OpenWrt DNS-over-HTTPS proxy with a web management interface, developed by Stan Grishin. Versions of Luci-app-https-dns-proxy dated back to December 29, 2025, and earlier have a command injection vulnerability. This vulnerability stems from command injection in the...

8.8CVSS6.1AI score0.06582EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.17 views

SourceCodester Hospitals Patient Records Management System SQL注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability stems from...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.17 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from using Render to render arbitrary HTML. This can lead to an unexpected HTML tree, and...

6.1CVSS5.9AI score0.00178EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.17 views

Concrete CMS 代码问题漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have code vulnerabilities. These vulnerabilities stem from insecure deserialization in the ExpressEntryList block controller. This could allow malicious administrators wi...

8.9CVSS6.2AI score0.0047EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.17 views

TYPO3 Extension Content Element Selector 代码问题漏洞

TYPO3 Extension Content Element Selector is an open-source extension for TYPO3 that allows users to select content elements. This extension has a code vulnerability that stems from the extension directly passing cookies controlled by the attacker to the PHP’s unserialize function without proper...

9.2CVSS6.1AI score0.02306EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.17 views

Cybertron Privacy Drive 代码问题漏洞

Cybertron Privacy Drive is a security software from Cybertron Corporation that supports disk encryption, creation of virtual encrypted volumes, and protection of privacy data. Version 3.17.0 of Cybertron Privacy Drive has a code vulnerability. This vulnerability stems from an unreferenced service...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.17 views

magento-lts 安全漏洞

Magento LTS is an open-source alternative to OpenMage, and it’s a reliable substitute for the official Magento CE version. Versions of Magento LTS prior to 20.18.0 had security vulnerabilities; these vulnerabilities stemmed from reflection-type cross-site scripting vulnerabilities in the data...

5.3CVSS5.7AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.17 views

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.32.0 contained security vulnerabilities. These vulnerabilities stemmed from timing issues in the DNS parsing of...

5.3CVSS5.8AI score0.00186EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.17 views

CKAN SQL注入漏洞

CKAN is an open-source data management system developed by CKAN itself. It is used to power data centers and data portals. Versions of CKAN prior to 2.10.10 and 2.11.5 contained a SQL injection vulnerability. This vulnerability stemmed from a flaw in datastoresearchsql, allowing attackers to inje...

9.8CVSS5.9AI score0.01815EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.17 views

Next.js 代码问题漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 13.4.13 to 15.5.16, as well as versions before 16.2.5, have code vulnerabilities. These vulnerabilities stem from the use of the built-in Node.js server for hosting. When a custom WebSocket upgrade request is made, it ma...

8.6CVSS5.9AI score0.38811EPSS
Exploits9References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.17 views

Netty 环境问题漏洞

Netty is a non-blocking I/O client-server framework developed by the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contained environmental issues. These issues stemmed...

9.8CVSS6.9AI score0.00607EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.17 views

Pandora FMS SQL注入漏洞

Pandora FMS is a monitoring system developed by the American company Pandora FMS. This system provides visual monitoring of networks, servers, virtual infrastructure, and applications. Versions 777 to 800 of Pandora FMS have a SQL injection vulnerability. This vulnerability arises from improper...

9.8CVSS5.9AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.17 views

Snorkel 安全漏洞

Snorkel is an open-source system developed by Snorkel that uses weak supervision to quickly generate training data. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the Trainer class’s Trainer.load method, which uses torch.load to load model...

8.8CVSS6.2AI score0.00392EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.17 views

Hugo 路径遍历漏洞

Hugo is a framework based on the Go language used by the Gohugoio community for quickly generating static websites. Versions of Hugo from 0.43 to 0.161.0 had a path traversal vulnerability. This vulnerability occurred due to the lack of restrictions on file system access when calling Node tools,...

8.6CVSS5.9AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.17 views

Adobe Commerce 代码问题漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a code vulnerability in Adobe Commerce, which stems from server-side request forgeing. This vulnerability may allow security features to be bypassed, enabling...

7.4CVSS5.9AI score0.00471EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.17 views

Microsoft Windows Ancillary Function Driver for WinSock 安全漏洞

The Microsoft Windows Ancillary Function Driver for WinSock is a accessibility driver for Winsock from Microsoft Corporation. There are security vulnerabilities associated with the Microsoft Windows Ancillary Function Driver for WinSock. Attackers can exploit these vulnerabilities to gain elevate...

7.8CVSS5.8AI score0.00319EPSS
Exploits0References2
Total number of security vulnerabilities5000