Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/05/12 12:0 a.m.17 views

Hugo 路径遍历漏洞

Hugo is a framework based on the Go language used by the Gohugoio community for quickly generating static websites. Versions of Hugo from 0.43 to 0.161.0 had a path traversal vulnerability. This vulnerability occurred due to the lack of restrictions on file system access when calling Node tools,...

8.6CVSS5.9AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.17 views

Adobe Commerce 代码问题漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a code vulnerability in Adobe Commerce, which stems from server-side request forgeing. This vulnerability may allow security features to be bypassed, enabling...

7.4CVSS5.9AI score0.00471EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.17 views

Microsoft Windows Ancillary Function Driver for WinSock 安全漏洞

The Microsoft Windows Ancillary Function Driver for WinSock is a accessibility driver for Winsock from Microsoft Corporation. There are security vulnerabilities associated with the Microsoft Windows Ancillary Function Driver for WinSock. Attackers can exploit these vulnerabilities to gain elevate...

7.8CVSS5.8AI score0.00319EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.17 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have security vulnerabilities; these...

6.2CVSS6AI score0.00166EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.17 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.1CVSS5.8AI score0.00458EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.17 views

Control Web Panel 操作系统命令注入漏洞

Control Web Panel is a Linux virtual host control panel. Versions of Control Web Panel prior to 0.9.8.1209 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the key parameter in /admin/index.php, allowing unauthenticated...

7.3CVSS6.1AI score0.01186EPSS
Exploits3References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.17 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of signed integers in bloblen and nummon functions within cephmonmapdecode. This can lead...

7.5CVSS5.8AI score0.0049EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.17 views

ZTE Cloud PC client uSmartView 代码问题漏洞

ZTE Cloud PC client uSmartView is a cloud desktop remote access client software developed by ZTE Corporation. There is a code vulnerability in ZTE Cloud PC client uSmartView, which stems from a DLL hijacking vulnerability. Since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful...

7.8CVSS6AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.17 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from insufficient blacklists for execution environment policy environment variables, which might allow...

8.8CVSS5.9AI score0.00392EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.17 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the uninitialized payload of NLMSGDONE in the nfnetlinklog, leading to a leak of kernel heap data...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.17 views

Code-MCP 路径遍历漏洞

Code-MCP is an AI-integrated tool for terminal and file operations developed by Steven Yu. Versions of Code-MCP 4cfc4643541a110c906d93635b391bf7e357f4a8 and earlier have a path traversal vulnerability. This vulnerability stems from a problem with the MCP File Handler component in the issafepath...

7.5CVSS7.1AI score0.00418EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.17 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from improper implementations in Cast, and could allow remote attackers with access to the damaged rendering process to bypass...

5CVSS5.8AI score0.0012EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.17 views

PhpSpreadsheet 代码问题漏洞

PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. Code vulnerabilities exist in versions 1.30.2 and earlier, as well as versions 2.0.0 to 2.1.14, 2.2.0 to 2.4.3, 3.3.0 to 3.10.3, and 4.0.0 to 5.5.0 of PhpSpreadsheet. These vulnerabilities...

9.8CVSS6.4AI score0.00712EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.17 views

Python Notebook MCP 路径遍历漏洞

Python Notebook MCP is an interactive tool developed by Usama Khatab, allowing AI assistants to operate Jupyter notebooks. Python Notebook MCP has a path traversal vulnerability, which stems from issues with the functions createnotebook/readnotebook/editcell/addcell in the file server.py,...

7.5CVSS7.1AI score0.0041EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.17 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities were caused by environmental variable injection, allowing malicious workarea.env files to set runtime control...

8.8CVSS5.8AI score0.00203EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.17 views

Oracle MCP Server Helper Tool SQL注入漏洞

The Oracle MCP Server Helper Tool is a server assistance tool developed by Oracle Corporation. Versions 1.0.1 to 1.0.156 of the Oracle MCP Server Helper Tool contain SQL injection vulnerabilities. These vulnerabilities stem from issues with the helper tool component, allowing unauthenticated...

8.7CVSS6AI score0.00221EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.17 views

Claude SDK for TypeScript 安全漏洞

Claude SDK for TypeScript is an open-source development toolkit by Anthropic, designed for calling the Claude API using TypeScript. There were security vulnerabilities in versions of Claude SDK for TypeScript from 0.79.0 to 0.91.1. These vulnerabilities stemmed from BetaLocalFilesystemMemoryTool...

4.8CVSS5.8AI score0.00119EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.17 views

Apache Neethi 代码问题漏洞

Apache Neethi is a policy processing framework library developed by the Apache Foundation. Apache Neethi has code-related vulnerabilities; these vulnerabilities arise from the lack of restrictions on URIs when manually retrieving remote policy references via the PolicyReference API. This could le...

7.2CVSS5.9AI score0.00497EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.17 views

Wireshark 代码问题漏洞

Wireshark is a set of network packet analysis tools developed by the Wireshark team. The software’s function is to capture network packets and display detailed data for analysis. Versions of Wireshark from 4.6.0 to 4.6.4 had code vulnerabilities that could lead to a denial-of-service attack due t...

5.5CVSS5.9AI score0.00124EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.17 views

zserio 输入验证错误漏洞

Zserio is an open-source framework for efficiently serializing structured data by Navigation Data Standard e.V. Versions of Zserio prior to 2.18.1 contained a vulnerability related to input validation errors. This vulnerability occurred due to the setBitPosition boundary check in the...

7.5CVSS6AI score0.00328EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.17 views

GNU C Library 安全漏洞

The GNU C Library is an open-source, free C-language compiler program published by the GNU community under the LGPL license. Versions of the GNU C Library from 2.7 to 2.43 contained security vulnerabilities. These vulnerabilities stemmed from the use of %mc and format specifiers with a width...

9.8CVSS5.9AI score0.00451EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.17 views

phpBB 安全漏洞

phpBB is a set of web forum software developed by Ariefibis. Version phpBB 3.3.15 has a security vulnerability, which stems from cross-site request forgery in the login function and authentication mechanism. This vulnerability could allow for the execution of arbitrary code...

8.8CVSS6AI score0.00246EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.17 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the fal provider image-generation-provider.ts component...

8.3CVSS5.8AI score0.00227EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.17 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by attackers to cause network acquisition and disk writes to be forced by unauthorized senders...

6.9CVSS5.8AI score0.00355EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.17 views

WWBN AVideo 跨站请求伪造漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF token verification at the administrator plugin configuration endpoint...

8.1CVSS5.7AI score0.00233EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.17 views

Netty 环境问题漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.132.Final and 4.2.10.Final contained environmental issues. These issues were caused by...

7.5CVSS6.6AI score0.0064EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.17 views

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.7.0 had code vulnerabilities. These vulnerabilities stemmed from incomplete SSRF protections, and the save endpoint did not apply the validatewebhookurlforssrf protection. This allowe...

7.7CVSS7.4AI score0.00282EPSS
Exploits3References2
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.17 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions prior to 4.17.8 and 5.9.14 of Craft CMS had security vulnerabilities. These vulnerabilities stemmed from lack of resource-based authorization verification, which could allow unauthorized access to private asset...

5.3CVSS5.8AI score0.00215EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.17 views

Nexxt Solutions Nebula 300+ 安全漏洞

The Nexxt Solutions Nebula 300+ is a wireless router produced by the American company Nexxt Solutions. Versions of the Nebula 300+ prior to 12.01.01.37 contain security vulnerabilities. These vulnerabilities stem from the lack of cross-site request forgery protection in the status change manageme...

7.2CVSS5.7AI score0.00117EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.17 views

WordPress plugin Multi Post Carousel by Category 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00235EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.17 views

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio 5.0.6 and earlier have security vulnerabilities; these vulnerabilities st...

8CVSS5.9AI score0.00279EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.17 views

OPEXUS eComplaint和OPEXUS eCASE 安全漏洞

OPEXUS eComplaint and OPEXUS eCASE are products of the American company OPEXUS. OPEXUS eComplaint is a complaint and appeal management platform. OPEXUS eCASE is an case management system. There were security vulnerabilities in versions of OPEXUS eComplaint and OPEXUS eCASE before 10.2.0.0. These...

5.5CVSS5.7AI score0.00141EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.17 views

SuiteCRM SQL注入漏洞

SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Versions of SuiteCRM prior to 7.15.1 and 8.9.3 contained an SQL injection vulnerability. This vulnerability occurred when creating or editing reports, where the fieldfunction parameter in the POST data was saved...

8.1CVSS6AI score0.00316EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.17 views

WordPress plugin Sprout Clients 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.00161EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.17 views

Inductive Automation Ignition 代码问题漏洞

Inductive Automation Ignition is an integrated software platform developed by Inductive Automation in the United States, designed for SCADA systems. This platform supports SCADA Supervisory Control and Data Acquisition and HMI Human Machine Interface applications. Inductive Automation Ignition ha...

6.3CVSS5.9AI score0.00345EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.17 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.6.0-alpha.12 and 8.6.38 contain security vulnerabilities. These vulnerabilities stem from unvalidated user identifier formats,...

9.8CVSS5.8AI score0.00627EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.17 views

WordPress plugin Court Reservation 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

4.3CVSS5.7AI score0.00124EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.17 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Vulnerabilities exist in versions 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and...

8.8CVSS6.4AI score0.24462EPSS
Exploits5References7
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.17 views

Ibexa eZ Platform 安全漏洞

Ibexa eZ Platform is a content management system and website building tool provided by the Norwegian company Ibexa. The Ibexa eZ Platform 2.x version has a security vulnerability, which stems from improper access control in the REST API. This vulnerability could allow unverified attackers to acce...

7.5CVSS5.8AI score0.0024EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.17 views

GitHub Copilot CLI 操作系统命令注入漏洞

GitHub Copilot CLI is a terminal AI programming assistant open sourced by GitHub. Versions of GitHub Copilot CLI 0.0.422 and earlier had an operating system command injection vulnerability. This vulnerability stemmed from defects in shell security assessments, which could lead to arbitrary code...

7.8CVSS6.1AI score0.00363EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.17 views

OliveTin 数据伪造问题漏洞

OliveTin is an open-source web application developed by OliveTin. Versions of OliveTin prior to 3.00.11.1 had a data manipulation vulnerability. This vulnerability stemmed from the lack of enforcing the audience value during JWT authentication configuration, which could lead to authentication usi...

8.8CVSS7.2AI score0.00301EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.17 views

WordPress plugin Seraphinite Accelerator 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.17 views

OpenEXR 安全漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions 3.3.0 to 3.3.6 and 3.4.0 to 3.4.4 of OpenEXR contain security vulnerabilities. These vulnerabilities stem from integer underflow during the parsing of malformed EXR...

6.5CVSS5.9AI score0.00523EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.17 views

WordPress plugin Grand Conference 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

7.1CVSS5.7AI score0.00151EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.17 views

WordPress plugin iThemes Sync 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.17 views

WordPress plugin User Submitted Posts – Enable Users to Submit Posts from the Front End 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.17 views

melange 操作系统命令注入漏洞

Melange is a software developed by Chainguard for building APKs from source code. Versions of Melange from 0.10.0 to 0.40.3 had an operating system command injection vulnerability. This vulnerability stemmed from the patch pipeline incorrectly referencing or verifying input-derived values when...

7.8CVSS5.9AI score0.00175EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.17 views

WordPress Plugin Interactions: Cross-Site Script Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

6.4CVSS5.7AI score0.00218EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/25 12:0 a.m.17 views

Linux Kernel Security Vulnerabilities

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the issue of not releasing device references when binding and unbinding devices. This vulnerabili...

5.5CVSS6AI score0.00193EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.17 views

Microsoft Windows Remote Assistance 安全漏洞

Microsoft Windows Remote Assistance is a windows feature from Microsoft Corporation USA for viewing or controlling a remote Windows computer to solve a problem without having to touch the device directly. A security vulnerability exists in Microsoft Windows Remote Assistance. An attacker exploiti...

5.5CVSS5.8AI score0.00884EPSS
Exploits0References1
Total number of security vulnerabilities5000