Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2025/11/13 12:0 a.m.17 views

WordPress plugin WP Headless CMS Framework 安全漏洞

The WordPress WP Headless CMS Framework plugin is a tool for converting WordPress to HeadlessCMS Headless Content Management System, separating content management from front-end presentation via RESTAPI or GraphQL interfaces. The WordPress WP Headless CMS Framework plugin suffers from a protectio...

5.3CVSS6.5AI score0.00329EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.17 views

Survision LPR Camera 访问控制错误漏洞

Survision LPR Camera is a license plate recognition camera from Survision France. An access control error vulnerability exists in Survision LPR Camera that stems from password protection not being enforced by default, which could lead to unauthorized access...

9.3CVSS6.7AI score0.0044EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.17 views

OPEXUS FOIAXpress 安全漏洞

OPEXUS FOIAXpress is an information disclosure management software from OPEXUS Corporation. A security vulnerability exists in OPEXUS FOIAXpress versions prior to 11.13.3.0 that originates from an administrative user being able to inject JavaScript or other content into the annual report template...

4.8CVSS5.6AI score0.00225EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/04 12:0 a.m.17 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a defrag path triggering a jbd2 assertion failure, which could lead to a system crash...

4.9AI score0.00136EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/09/29 12:0 a.m.17 views

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component of Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS version 11.4 and earlier, which stems from a remote...

4.8CVSS5.8AI score0.00209EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/25 12:0 a.m.17 views

Flock Safety The Bravo Compute Box 安全漏洞

Flock Safety The Bravo Compute Box is an edge computing device from Flock Safety USA. A security vulnerability exists in Flock Safety The Bravo Compute Box BRAVO00.00local20241017 version, which stems from a disabled secure boot, which could lead to an attacker flashing specially crafted firmware...

7.3CVSS6.6AI score0.00234EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.17 views

WordPress plugin DethemeKit For Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.5AI score0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.17 views

OpenAI Codex CLI 输入验证错误漏洞

OpenAI Codex CLI is an OpenAI open source lightweight coding agent software that runs in the terminal. An input validation error vulnerability exists in OpenAI Codex CLI versions 0.2.0 through 0.38.0, which stems from an error in the sandbox configuration logic and could lead to arbitrary file...

8.6CVSS7AI score0.00815EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/09/18 12:0 a.m.17 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly handling the debugfslookup return value, which could lead to a memory leak...

5.5CVSS6.3AI score0.00135EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.17 views

The Bastion 安全漏洞

The Bastion is an open source authentication system from OVHcloud. A security vulnerability exists in The Bastion that stems from a script that fails to properly sign a file, potentially leading to data integrity issues...

4.4CVSS6.9AI score0.00094EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.17 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unvalidated USB endpoint type that could lead to an internal error...

5.5CVSS6.3AI score0.00149EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.17 views

Zabbix 安全漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix that stems from the hostprototype.get method listing all host prototypes to users with unassign...

3.5CVSS6.2AI score0.00169EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/11 12:0 a.m.17 views

WordPress plugin WP Scriptcase 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...

6.4CVSS5.8AI score0.00216EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/11 12:0 a.m.17 views

WordPress plugin PhpList Subber 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS6.3AI score0.00149EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.17 views

Microsoft Windows Routing and Remote Access Service 安全漏洞

Microsoft Windows Routing and Remote Access Service is a network service from Microsoft Corporation USA that is used to perform functions such as network routing, virtual private networks VPNs, and dial-up connections. A security vulnerability exists in Microsoft Windows Routing and Remote Access...

8.8CVSS6.4AI score0.00843EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/08 12:0 a.m.17 views

Vite 访问控制错误漏洞

Vite is a new front-end build tool from Vite Open Source. An access control error vulnerability exists in Vite versions prior to 7.1.5, 7.0.7, 6.3.6, and 5.4.20, which stems from file access that bypasses the server.fs setting...

5.3CVSS6.4AI score0.0118EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.17 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the wifi: ath12k module accessing uninitialized arvif-ar in the event of beacon loss...

5.5CVSS6.5AI score0.00139EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/18 12:0 a.m.17 views

Komari 跨站脚本漏洞

Komari is a simple server monitoring tool from the Komari Moniter open source. A cross-site scripting vulnerability exists in versions prior to Komari 1.0.4-fix1, which stems from the WebSocket updater disabling origin checking, and could lead to cross-site WebSocket hijacking and remote code...

8.6CVSS7.1AI score0.00515EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/16 12:0 a.m.17 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from failure to prevent A-MSDU attacks in mesh networks, which could lead to spoofing vulnerabilities...

7.8CVSS8.1AI score0.00147EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.17 views

Microsoft Windows Ancillary Function Driver for WinSock 代码问题漏洞

Microsoft Windows Ancillary Function Driver for WinSock is a helper function driver for Winsock from Microsoft Corporation USA. A code issue vulnerability exists in Microsoft Windows Ancillary Function Driver for WinSock. An attacker could exploit the vulnerability to elevate privileges. The...

7.8CVSS6.5AI score0.00401EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/06 12:0 a.m.17 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from an information disclosure vulnerability that can be exploited by an attacker to compromise confidentiality...

6.2CVSS6.2AI score0.00105EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.17 views

Apple macOS 安全漏洞

Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia suffers from an out-of-bounds read vulnerability that stems from insufficient input validation, which can be exploited by an attacker to cause the contents of memory to be disclosed when processi...

5.5CVSS6.4AI score0.00213EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/26 12:0 a.m.17 views

CampCodes Courier Management System 注入漏洞

CampCodes Courier Management System is a courier management system from CampCodes Philippines. An injection vulnerability exists in CampCodes Courier Management System version 1.0, which originates from a SQL injection due to a mishandling of the parameter ID in the file /edituser.php...

8.8CVSS6.9AI score0.00382EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.17 views

WordPress plugin Gutentor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Gutentor plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, whi...

6.4CVSS6AI score0.00221EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/20 12:0 a.m.17 views

Mercusys MW301R 安全漏洞

Mercusys MW301R is a router from Mercusys, China. A security vulnerability exists in Mercusys MW301R version 1.0.2 Build 190726 Rel.59423n, which stems from an improperly restricted authentication attempt in the Login component...

3.1CVSS4.5AI score0.00291EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/20 12:0 a.m.17 views

Metasoft MetaCRM 代码问题漏洞

Metasoft MetaCRM is a customer relationship management system software from China Metasoft Metasoft. A code issue vulnerability exists in Metasoft MetaCRM 6.4.2 and prior versions, which stems from an incorrect operation of the File parameter in the file mobileupload.jsp that results in an...

9.8CVSS6.7AI score0.00501EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/07/19 12:0 a.m.17 views

Jinher OA 代码问题漏洞

Jinher OA is a collaborative management software from China Jinher Jinher Company. A code issue vulnerability exists in Jinher OA version 1.1, which stems from an incorrect operation of the file XmlHttp.aspx resulting in an XML external entity reference...

9.8CVSS7.6AI score0.00483EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.17 views

Broadcom Brocade SANnav 安全漏洞

Broadcom Brocade SANnav is a storage area network management and automation software platform from Broadcom, Inc. A security vulnerability exists in Broadcom Brocade SANnav versions prior to 2.4.0a, which stems from logging plaintext password phrases in the logs...

5.1CVSS6.8AI score0.00136EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/09 12:0 a.m.17 views

Jenkins plugin Testsigma Test Plan run security vulnerability

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

4.3CVSS5.8AI score0.00222EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/09 12:0 a.m.17 views

Docusaurus gists plugin 信息泄露漏洞

Docusaurus gists plugin is an automation plugin by Webber Takken Personal Developer. An information disclosure vulnerability exists in Docusaurus gists plugin versions prior to 4.0.0, which stems from a GitHub token disclosure that could lead to credential disclosure...

10CVSS5.8AI score0.01842EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.17 views

WordPress plugin Simple User Registration 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

9.8CVSS6.4AI score0.02055EPSS
Exploits5References2
CNNVD
CNNVD
added 2025/06/18 12:0 a.m.17 views

Versa Director 安全漏洞

Versa Director is a virtualization and service creation platform from Versa USA. that simplifies the creation, automation and delivery of services using Versa FlexVNF. A security vulnerability exists in Versa Director that stems from improperly restricted file upload permissions, which could lead...

7.2CVSS6.6AI score0.00463EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/12 12:0 a.m.17 views

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and Apple iPadOS that stems from insufficient input validation, which could...

6.5CVSS6.1AI score0.00436EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.17 views

WordPress plugin Solace Extra 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

4.9CVSS6.3AI score0.00184EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.17 views

IBM i 信任管理问题漏洞

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. IBM i is vulnerable to a trust management issue vulnerability that stems from improper handling of IBM i Netserver authentication, no details of the vulnerability are...

5.4CVSS6.7AI score0.00217EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/29 12:0 a.m.17 views

Docker Registry Access Management 安全漏洞

Docker Registry Access Management is a registry access management program from Docker Inc. in the United States. A security vulnerability exists in Docker Registry Access Management that stems from a MacOS configuration file that does not have a RAM policy applied, which could lead to the downloa...

4.3CVSS8.6AI score0.00131EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/09 12:0 a.m.17 views

XGrammar 安全漏洞

XGrammar is a fast, flexible and portable structured generation tool from mlc-ai open source. A security vulnerability exists in XGrammar versions prior to 0.1.18, which stems from unrestricted caching that could lead to a denial of service...

6.5CVSS6.3AI score0.00466EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/09 12:0 a.m.17 views

Juniper Networks Junos OS和Juniper Networks Junos OS Evolved 安全漏洞

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, Inc.Juniper Networks Junos OS is a network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper...

8.7CVSS6.8AI score0.004EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.17 views

Adobe Premiere Pro 安全漏洞

Adobe Premiere Pro is a set of non-linear editing video editing software from the American company Audobee Adobe. A buffer overflow vulnerability exists in Adobe Premiere Pro, which can be exploited by an attacker to execute arbitrary code...

7.8CVSS7.6AI score0.00372EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.17 views

Microsoft Office 安全漏洞

Microsoft Office is an office software suite product from the American company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and others. A security vulnerability exists in Microsoft Office. An attacker exploiting this vulnerabili...

7.5CVSS8.2AI score0.00443EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/04 12:0 a.m.17 views

WordPress plugin BWD Elementor Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.6AI score0.00367EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.17 views

Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. An input validation error vulnerability exists...

4.3CVSS6.6AI score0.00386EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.17 views

ZenML 资源管理错误漏洞

ZenML is an extensible open source MLOps framework from ZenML Open Source for creating portable, production-ready machine learning pipelines. A resource management error vulnerability exists in ZenML version 0.66.0, which stems from a flaw in the multipart request boundary handling mechanism that...

7.5CVSS7.3AI score0.00896EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/14 12:0 a.m.17 views

CamaleonCMS 安全漏洞

CamaleonCMS is an advanced dynamic content management system CMS based on RubyonRails by the CamaleonCMS team. A security vulnerability exists in CamaleonCMS that stems from a mass assignment that could lead to elevation of privilege...

9.4CVSS6.4AI score0.00566EPSS
Exploits17References3
CNNVD
CNNVD
added 2025/03/14 12:0 a.m.17 views

xml-crypto 数据伪造问题漏洞

NPM xml-crypto is a digital signature and encryption library from NPM. A security vulnerability exists in xml-crypto version 6.0.0 and earlier that stems from bypassing authentication or authorization mechanisms, allowing an attacker to modify valid signed XML messages...

9.3CVSS8.2AI score0.09378EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/03/13 12:0 a.m.17 views

Snowflake JDBC Driver 日志信息泄露漏洞

Snowflake JDBC Driver is an open source Snowflake JDBC driver from Snowflake Computing. A log information disclosure vulnerability exists in Snowflake JDBC Driver versions 3.0.13 through 3.23.0, which stems from the Driver locally logging the client-side encryption master key for the target phase...

3.3CVSS7AI score0.00112EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/12 12:0 a.m.17 views

Palo Alto Networks GlobalProtect 安全漏洞

Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides features such as firewall monitoring and threat prevention. A security vulnerability exists in Palo Alto Networks GlobalProtect that stems from a reliance on untrustworth...

7.1CVSS6.1AI score0.0015EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.17 views

Cordaware bestinformed 安全漏洞

Cordaware bestinformed is a mass notification system from Cordaware, Germany. A security vulnerability exists in Cordaware bestinformed that stems from a server address modification permission issue that could result in local privileges being elevated to SYSTEM...

8.5CVSS6.4AI score0.0016EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.17 views

Microsoft Office 资源管理错误漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

7.8CVSS8AI score0.0082EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.17 views

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A resource management error...

7.5CVSS6.8AI score0.00961EPSS
Exploits0References2
Total number of security vulnerabilities5000