Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2024/10/14 12:0 a.m.45 views

Splunk Enterprise 安全漏洞

Splunk Enterprise is a suite of data collection and analytics software from Splunk, Inc. in the United States. A security vulnerability exists in Splunk Enterprise versions 9.3.x prior to 9.3.1, 9.2.x prior to 9.2.3, and 9.1.x prior to 9.1.6, which originates from a low-privileged user being able...

8CVSS6.8AI score0.00535EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.45 views

Django 安全漏洞

Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django version 5.1 up to and including version 5.1.1,...

7.5CVSS6AI score0.25327EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.45 views

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. Fortinet FortiOS suffers from a...

7.8CVSS7.5AI score0.00281EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/20 12:0 a.m.45 views

Wiki.js 安全漏洞

Wiki.js is a suite of open source Wiki software from the Requarks.io team based on Node.js and written in the JavaScript language. A security vulnerability exists in Wiki.js versions prior to 2.5.303, which stems from a vulnerability that allows an attacker to inject malicious JavaScript into the...

7.1CVSS6.4AI score0.00395EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.45 views

Eclipse Dataspace Components 安全漏洞

Eclipse Dataspace Components is a development connector for Eclipse Dataspace Components open source. A security vulnerability exists in Eclipse Dataspace Components versions 0.2.1 through 0.6.2. An attacker exploiting this vulnerability could obtain OAuth2 client secrets from the repository...

6.8CVSS6.4AI score0.00411EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.45 views

WordPress plugin WordPress Backup & Migration security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

5.4CVSS6AI score0.00426EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/02/21 12:0 a.m.45 views

WordPress Plugin Video.js 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/12/02 12:0 a.m.45 views

D-Link DVG-G5402SP 操作系统命令注入漏洞

The D-Link DVG-G5402SP is a wireless router from China-based AUO D-Link. An operating system command injection vulnerability exists in the D-Link DVG-G5402SP firmware version GE1.03, which stems from its Maintenance function that allows an attacker to implement command injection...

9.8CVSS8.4AI score0.02705EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/11/01 12:0 a.m.45 views

Fortinet FortiOS 信息泄露漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A security vulnerabili...

7.5CVSS7.3AI score0.00608EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.45 views

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. Google TensorFlow suffers from a security vulnerability that stems from the fact that it crashes when mlir::tfg::ConvertGenericFunctionToFunctionDef is given the null...

7.5CVSS7.5AI score0.00547EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.45 views

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows Autopilot. The following products and editions are affected: Windows 10 Version 21H1 for x64-based Systems,Window...

6.5CVSS7.1AI score0.02543EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/02/18 12:0 a.m.45 views

Cobbler 安全漏洞

Cobbler is a network installation server suite that is primarily used to quickly set up Linux network installation environments. security vulnerabilities exist in versions of Cobbler prior to 3.3.1, stemming from files in /etc/cobbler that are publicly readable, two of which contain some sensitiv...

7.1CVSS5.6AI score0.00306EPSS
Exploits0References12
CNNVD
CNNVD
added 2021/12/15 12:0 a.m.45 views

YetiForceCrm 输入验证错误漏洞

YetiForceCrm is an open source crm system from the Polish company YetiForce. Yetiforcecrm suffers from a processing logic error vulnerability, which stems from Yetiforcecrm being vulnerable to business logic errors. No detailed vulnerability details are currently available...

7.7CVSS5.6AI score0.00708EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.45 views

Siemens JT2GO和Siemens Teamcenter Visualization 缓冲区错误漏洞

JT2Go, a 3D JT viewing tool, and Teamcenter Visualization software enable companies to enhance their Product Lifecycle Management PLM environments with a comprehensive family of visualization solutions. The software allows business users to access documents, 2D drawings and 3D models in a single...

7.8CVSS6AI score0.01564EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.44 views

Statamic 跨站脚本漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows for storing all content, templates, assets, and settings in files rather than in a database. Versions of Statamic 6.0.0 to 6.2.3 had a cross-site scripting vulnerability, which originated from stored cross-site...

8.7CVSS5.7AI score0.00293EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.44 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper resource cleanup in the probe error path, which could lead to the disclosure of warning messages...

5.5CVSS6.3AI score0.00145EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/11/20 12:0 a.m.44 views

WordPress plugin Extensions for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

7.1CVSS7.6AI score0.00265EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/19 12:0 a.m.44 views

WordPress plugin Persian Nested Show/Hide Text 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.5CVSS7.6AI score0.00374EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/19 12:0 a.m.44 views

WordPress plugin Elements kit Elementor addons security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS6.8AI score0.00296EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.44 views

VISAM VBASE 代码问题漏洞

VISAM VBASE is a data acquisition and monitoring system from VISAM Germany. A security vulnerability exists in VISAM VBASE Automation Base versions prior to 11.7.5 that stems from the presence of an information leak...

5.5CVSS5.7AI score0.00255EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/16 12:0 a.m.44 views

Apache Superset 跨站脚本漏洞

A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation. The vulnerability stems from a failure of the upload data form to properly render user input, which could be exploited by an attacker to cause a cross-sit...

5.4CVSS5.2AI score0.01302EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/13 12:0 a.m.44 views

Siemens Teamcenter Visualization 和 JT2Go 缓冲区错误漏洞

Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. Siemens JT2GO is a JT file viewer. Siemens Teamcenter Visualization and JT2Go are vulnerable to a memory corruption vulnerability that could be exploited by an attacker to...

7.8CVSS7.3AI score0.00413EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/25 12:0 a.m.44 views

Bank Management System 跨站脚本漏洞

Bank Management System is a bank management system. A cross-site scripting vulnerability exists in SourceCodester Blood Bank Management System version 1.0, which stems from an unknown function in the index.php?page=users file of its User Registration Handler component that operates on the paramet...

6.1CVSS4.5AI score0.00414EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/10 12:0 a.m.44 views

Vela 安全漏洞

Github Vela is an application open-sourced by Github in the United States. It provides an automation framework. Vela suffers from a security vulnerability that stems from its insecure default configuration that allows an attacker to achieve container escape...

9.9CVSS8.3AI score0.01067EPSS
Exploits0References12
CNNVD
CNNVD
added 2022/09/30 12:0 a.m.44 views

Bento4 安全漏洞

Bento4 is an open source C++ library for reading and writing MP4 files. A denial of service vulnerability exists in Bento4 version 1.6.0-639, which stems from excessive memory consumption in the AP4DataBuffer::ReallocateBuffer function in Core/Ap4DataBuffer.cpp. An attacker can exploit the...

5.5CVSS6.7AI score0.00297EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/07/26 12:0 a.m.44 views

Honeywell Saia Burgess PG5 PCD 加密问题漏洞

The Honeywell Saia Burgess PG5 PCD is a Honeywell USA solution that includes SBC Instrumentation, Control, and Automation ICA device implementation and operational automation. A cryptographic issue vulnerability exists in all versions of the Honeywell Saia Burgess PG5 PCD that stems from a...

4.3CVSS5.2AI score0.00243EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.44 views

Pimcore SQL注入漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A SQL injection vulnerability exists in Pimcore...

8.1CVSS6.1AI score0.01315EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/05/25 12:0 a.m.44 views

HashiCorp go-getter 输入验证错误漏洞

HashiCorp go-getter is a library for HashiCorp's Go golang for downloading files or directories from various sources using URLs as the primary form of input. An input validation error vulnerability exists in HashiCorp go-getter version 2.0.2 and prior versions, which stems from the inability to...

8.6CVSS6.9AI score0.01279EPSS
Exploits0References24
CNNVD
CNNVD
added 2022/04/21 12:0 a.m.44 views

WSO2 多个产品跨站脚本漏洞

WSO2 API Manager and others are products of WSO2, Inc.WSO2 API Manager is an API lifecycle management solution.WSO2 Dashboard Server is a dashboard server.WSO2 Identity Server IS is an identity server. A security vulnerability exists in several WSO2 products that stems from incorrect output...

6.1CVSS6.2AI score0.41078EPSS
Exploits5References7
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.44 views

Siemens Jt2go 安全漏洞

Siemens Jt2go, a JT file viewer, and Siemens Teamcenter Visualization, software that provides team collaboration capabilities for designing 2D and 3D scenes, are vulnerable to a denial-of-service vulnerability in Siemens Jt2go and Teamcenter Visualization, which stems from TiffLoader.dll is...

5.5CVSS5.6AI score0.00791EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/10/22 12:0 a.m.44 views

SuiteCRM 代码问题漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM Suitecrm team. A security vulnerability exists in SuiteCRM that stems from SuiteCRM prior to 7.11.19 that allows remote code execution to be set via the system settings log file name. An attacker can exploit the vulnerability...

9CVSS8.7AI score0.58945EPSS
Exploits5References8
CNNVD
CNNVD
added 2021/04/16 12:0 a.m.44 views

jose-node-esm-runtime 安全漏洞

npm jose-node-esm-runtime is an application from npm, Inc. json web almost everything uses the Node.jscrypto module for JWA, JWS, JWE, JWT, JWK with no dependencies. jose-node-esm-runtime is a security vulnerability in jose-node-esm-runtime prior to version 3.11.4 that arises from a significant...

5.9CVSS7AI score0.01238EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.43 views

MiniClaw 路径遍历漏洞

MiniClaw is an AI memory and evolution tool developed by a 8421bit individual developer. MiniClaw has a path traversal vulnerability, which stems from the function isPathInside in the executeSkillScript component’s src/kernel.ts file. This vulnerability may lead to path traversal attacks...

6.5CVSS5.8AI score0.00413EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.43 views

Calibre-Web Automated 安全漏洞

Calibre-Web Automated is a self-hosted digital library management tool developed by CrocodileStick’s individual developer. Versions of Calibre-Web Automated prior to 4.0.6 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization in the generateauthtoken functi...

6.5CVSS6.7AI score0.00272EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.43 views

Pimcore SQL注入漏洞

Pimcore is an open-source web content management platform developed by the Austrian company Pimcore. This platform integrates applications such as web content management, e-commerce frameworks, and product information management. Version 12.3.3 of Pimcore has a SQL injection vulnerability. This...

7CVSS5.8AI score0.00346EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.43 views

WordPress plugin Livemesh Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

6.5CVSS5.6AI score0.00161EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.43 views

Efacec QC 安全漏洞

Efacec QC is a series of electric vehicle charging posts from Efacec Portugal. A security vulnerability exists in Efacec QC that stems from a lack of privilege control over user XXX, which could lead to unlimited privilege elevation...

8.6CVSS6.8AI score0.00121EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.43 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper handling of i2cdesignware device interrupts, which could lead to null pointer dereferences...

5.5CVSS6.3AI score0.00189EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.43 views

Joomla! 授权问题漏洞

Joomla! is a free, open source content management system open-sourced by Joomla! An authorization issue vulnerability exists in Joomla! that stems from an insufficient status check that results in bypassing two-factor authentication checks...

7.5CVSS6.7AI score0.00393EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.43 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from staging: r8188eu in rtwwxsetscan could lead to a -Ssid overflow...

5.5CVSS5.1AI score0.00245EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.43 views

Cisco RoomOS Software和Cisco TelePresence Collaboration Endpoint Software 安全漏洞

Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software are both products of Cisco Corporation.Cisco RoomOS Software is a set of automated management software for Cisco devices. The software is mainly used for upgrading and managing the motherboard firmware of Cisco...

6.7CVSS6.3AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.43 views

WordPress plugin File Upload Types by WPForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin File Upload Typ...

6.4CVSS5.9AI score0.00373EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.43 views

Livewire 输入验证错误漏洞

Livewire is Livewire open source a full stack framework for Laravel that allows you to build dynamic UI components without leaving PHP. An input validation error vulnerability exists in Livewire prior to version v3.5.2, which stems from unvalidated actual file extensions for filenames...

9.8CVSS6.5AI score0.00823EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/09/23 12:0 a.m.43 views

WordPress plugin MDTF SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

9.9CVSS7.7AI score0.00482EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/07/10 12:0 a.m.43 views

Next.js Security Vulnerability

Next.js is a React framework open-sourced by Vercel. A security vulnerability exists in versions of Next.js prior to 13.4.0 through 13.5 that stems from the presence of a denial-of-service DoS condition, which could affect server availability...

7.5CVSS6.7AI score0.0049EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/21 12:0 a.m.43 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a vulnerability in the drivers:perf module...

3.3CVSS4.3AI score0.00209EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/29 12:0 a.m.43 views

WordPress Plugin MasterStudy LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

9.8CVSS8.8AI score0.0154EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.43 views

Silverpeas Security Vulnerabilities

Silverpeas is an open source business collaboration platform. The platform includes applications for project management, blogs, forums, and document management. A security vulnerability exists in Silverpeas Core version 6.3.1, which stems from the fact that the notification/messaging function doe...

7.5CVSS6.7AI score0.00766EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.43 views

Graylog 代码问题漏洞

Graylog is a centralized log management solution from Graylog USA. The product supports capturing, storing, and analyzing logs in real-time, among other things. Graylog suffers from a code issue vulnerability that stems from the fact that in a multi-node Graylog cluster, after a user is explicitl...

3.1CVSS4.9AI score0.00411EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/08/24 12:0 a.m.43 views

Rizin 输入验证错误漏洞

Rizin is a free open source reverse engineering framework from the Rizin organization. It is used for analyzing binary files, disassembling code, debugging programs, as a forensic tool, as a scriptable command-line hex editor capable of opening disk files, and more. An input validation error...

7.8CVSS7.2AI score0.0027EPSS
Exploits0References6
Total number of security vulnerabilities5000