Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

CyberArk Idira Privileged Session Manager 操作系统命令注入漏洞

CyberArk Idira Privileged Session Manager is a privileged session management platform developed by the American company CyberArk. Versions of CyberArk Idira Privileged Session Manager for SSH prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6 contained an operating system command injection vulnerability...

8.8CVSS5.9AI score0.0055EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

PostgreSQL Anonymizer SQL注入漏洞

PostgreSQL Anonymizer is an open-source extension developed by DALIBO in France, designed to mask or replace personally identifiable information PII or commercially sensitive data in PostgreSQL databases. PostgreSQL Anonymizer has a SQL injection vulnerability. This vulnerability arises from...

7.5CVSS5.7AI score0.00247EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability caused by an out-of-bound write issue in the GPU component. This vulnerability could allow remote attackers to execute sandbox escape through a specially...

8.3CVSS5.6AI score0.00191EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after they were released in DigitalCredentials, which could allow a remote attacker with...

8.3CVSS5.6AI score0.00246EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Cerebrate 安全漏洞

Cerebrate is an open-source platform developed by Cerebrate. It serves as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there were security vulnerabilities. These vulnerabilities stemmed from CRUD editing...

6.3CVSS5.3AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a resource management vulnerability. This vulnerability stemmed from a reuse issue within the WebMIDI component, which could allow remote attackers to execute a sandbox escape throu...

8.3CVSS5.5AI score0.00246EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser based on the Chromium kernel, primarily offering web browsing capabilities and a rich ecosystem of plugins. Google Chrome has a heap buffer overflow vulnerability. This vulnerability stems from the Codecs component failing to properly handle carefully crafted HTML...

8.3CVSS6.2AI score0.00253EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability caused by a heap buffer overflow in the GPU. This vulnerability could allow a remote attacker with access to the renderer process to execute a sandbox escap...

8.3CVSS5.9AI score0.00272EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

PenguinMod-BackendApi 输入验证错误漏洞

PenguinMod-BackendApi is a backend API service developed under the open source of PenguinMod, supporting storage using MongoDB and MinIO. Prior to version 1.0.0 of PenguinMod-BackendApi, there was a vulnerability related to input validation errors. This vulnerability stemmed from NoSQL injection ...

8.7CVSS5.3AI score0.00251EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Quest Bot 安全漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the “unban” and “unwarn” commands not being suppressed, allowing administrators to send...

2.3CVSS5.4AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

WordPress plugin UpdraftPlus: WP Backup & Migration Plugin 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. One...

8.1CVSS6.6AI score0.03578EPSS
Exploits3References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

WordPress plugin Hippoo Mobile App for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

9.8CVSS5.4AI score0.00514EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

certificate handling for haskell 安全漏洞

Certificate Handling for Haskell is a X509 certificate processing and verification tool developed by Kazu Yamamoto. There are security vulnerabilities in Certificate Handling for Haskell. These vulnerabilities stem from the lack of enforcement of X.509 name constraints. This may allow TLS clients...

9.1CVSS5.3AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Apple macOS 后置链接漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 and earlier contained a backlink vulnerability, which was caused by improper handling of symbolic links. This vulnerability could allow applications to...

5.5CVSS5.3AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Apple macOS 访问控制错误漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26.1 and earlier contained an access control error vulnerability. This vulnerability stemmed from an access issue that could allow malicious applications to acces...

5.5CVSS6.5AI score0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.12 contained security vulnerabilities. These vulnerabilities stemmed from shell option parsing; combining POSIX shell flags could bypass the exec revalidation check. Attackers c...

8.8CVSS5.3AI score0.00419EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.24 contained security vulnerabilities. These vulnerabilities stemmed from an authorization bypass issue in the MCP loopback function, allowing unauthorized users to circumvent t...

6.9CVSS5.6AI score0.00096EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

simpleble 安全漏洞

SimpleBLE is an open-source cross-platform Bluetooth low-power library and multilingual binding tool developed by SimpleBLE. Versions of SimpleBLE prior to 0.14.0 contained security vulnerabilities. These vulnerabilities stemmed from a stack overflow issue in the dongl backend’s...

8.7CVSS5.7AI score0.00333EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Assisted Migration Agent 后置链接漏洞

Assisted Migration Agent is an open-source virtualization environment data collection and migration planning tool developed by KubeV2V. Assisted Migration Agent has a post-installation vulnerability, which stems from an unauthenticated attacker located within the same network. This attacker...

9.6CVSS5.8AI score0.00291EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

image-size 资源管理错误漏洞

image-size is a lightweight image size retrieval tool developed by image-size. Versions of image-size 2.0.2 and earlier have security vulnerabilities. These vulnerabilities stem from infinite loops within the JXL or HEIF image parser, which could allow remote attackers to permanently block the...

8.7CVSS6AI score0.0043EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

ESP-IDF 输入验证错误漏洞

ESP-IDF is an open-source development framework for Espressif’s Espressif SoC, supported on Windows, Linux, and macOS. Versions 5.5.4 and 6.0 of ESP-IDF contain input validation vulnerabilities. These vulnerabilities stem from the ESP-TEE security service wrapper, which only validates the pointer...

7.1CVSS5.3AI score0.00117EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Spring Security 授权问题漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. Vulnerabilities related to authorization exist in versions 5.7.0 to 5.7.24, 5.8.0 to 5.8.26, 6.3.0 to 6.3.17, 6.4.0 to 6.4.17, and 6.5.0 to 6.5.10 of Spring Security...

8.1CVSS5.4AI score0.00116EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

JavaScript Cookie 安全漏洞

JavaScript Cookie is a lightweight JavaScript cookie operation library developed by js-cookie. Versions of JavaScript Cookie prior to 3.0.7 contained security vulnerabilities. These vulnerabilities stemmed from the use of the for...in loop and standard assignment methods to copy properties within...

7.5CVSS5.3AI score0.00432EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

S2OPC OPC UA Toolkit 信任管理问题漏洞

S2OPC OPC UA Toolkit is an open-source development toolkit for OPC UA communication, developed by Systerel. The S2OPC OPC UA Toolkit has a trust management vulnerability, which stems from improper comparison with a list of trusted certificates. This vulnerability may cause well-formatted, untrust...

7.3CVSS5.2AI score0.00119EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

NSA Ghidra 路径遍历漏洞

NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Prior to version 12.2 of NSA Ghidra, there was a path traversal vulnerability. This vulnerability stemmed from IsfServer not verifying the namespace strin...

6.5CVSS5.4AI score0.00457EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...

5.7CVSS5.9AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Atril 命令注入漏洞

Atril is a simple multi-page document viewer developed under the MATE Desktop open source project. Versions of Atril prior to 1.26.3 and 1.28.4 contained a command injection vulnerability. This vulnerability stemmed from the evspawn function in shell/ev-application.c, which did not apply...

8.4CVSS5.8AI score0.00529EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

ImageMagick 资源管理错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-50 and 7.1.2-25 contained a resource management vulnerability. This vulnerability stemmed from...

5.9CVSS5.3AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Roxy-WI 输入验证错误漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from the POST /waf///rule//save endpoint accepting the configfilename...

9.9CVSS5.5AI score0.00372EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

sharp 安全漏洞

Sharp is a personal development tool by Lovell, designed to convert large images in common formats into smaller, web-friendly JPEG, PNG, WebP, GIF, and AVIF images. Versions of Sharp prior to 9.22.0 contained a security vulnerability. This vulnerability stemmed from the general download endpoint...

7.7CVSS5.4AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Spring Security 加密问题漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. Spring Security has a data manipulation vulnerability, which stems from SAML decryption of SAML responses, as well as SAML logout requests and logout responses whose...

5.3CVSS5.8AI score0.00137EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Spring Security 输入验证错误漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. Spring Security has a vulnerability related to input validation. This vulnerability arises from the use of CookieRequestCache and CookieServerRequestCache, which store...

6.1CVSS5.4AI score0.00211EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Palo Alto Networks PAN-OS 操作系统命令注入漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. Palo Alto Networks PAN-OS has a vulnerability related to command injection. This vulnerability arises from command injections, which may allow authenticated administrators to bypass system...

8.6CVSS5.8AI score0.01187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-49 and 7.1.2-24 contained security vulnerabilities. These vulnerabilities were due ...

5.5CVSS5.3AI score0.00107EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Weblate 跨站脚本漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 2026.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from the real-time search preview feature, which rendered unit sources and contexts as HT...

4.6CVSS4.9AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Jenkins 输入验证错误漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have a vulnerability related...

7.4CVSS5.5AI score0.00364EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

FlashMQ 安全漏洞

FlashMQ is a fast and lightweight MQTT proxy server developed by Wiebe Cazemier. Versions of FlashMQ prior to 1.26.2 contained a security vulnerability. This vulnerability stemmed from the ability of authorized clients to submit excessive requests beyond the allowed buffer size, triggering an...

6.5CVSS5.5AI score0.00301EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

WordPress plugin Juicer 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.3AI score0.00158EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

ImageMagick 资源管理错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2.23 and 6.9.13-48 contained a resource management vulnerability. This vulnerability stemmed from...

7.5CVSS5.3AI score0.00301EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

WordPress plugin Schema and Structured Data for WP and AMP 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

9.1CVSS5.5AI score0.00426EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions, developed by Erlang/OTP. This library can catch exceptions caused by the built-in APIs of node.js. There were security vulnerabilities in versions of Erlang/OTP erts prior to 15.2.7.9, as well as in versions 16.4.0.2 and...

8.8CVSS5.8AI score0.00497EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by built-in APIs in node.js. Erlang/OTP’s erlinterface versions prior to 5.5.2.1, 5.7.0.1, and 5.8.1 have security vulnerabilities. These vulnerabilities arise from the eisprintterm...

6.9CVSS5.8AI score0.00136EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...

5.7CVSS5.9AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Lenovo ThinkPad 缓冲区错误漏洞

The Lenovo ThinkPad is a portable computer by the company Lenovo. The Lenovo ThinkPad has a buffer error vulnerability, which stems from an out-of-bounds write issue in the BIOS. This vulnerability may allow privileged local users to execute code in the system management mode...

8.4CVSS5.9AI score0.00121EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

SimpleSAMLphp-casserver 路径遍历漏洞

SimpleSAMLphp-casserver is an open-source CAS protocol-compatible Single Sign-On server module developed by SimpleSAMLphp. Versions prior to 7.0.3 of SimpleSAMLphp-casserver contained a path traversal vulnerability. This vulnerability stemmed from the direct concatenation of attacker-controlled...

8.6CVSS5.5AI score0.00422EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Roxy-WI 授权问题漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier have a vulnerability related to authorization. This vulnerability arises from using the API substring in the URL and unauthenticated /api/gpt endpoints,...

8.3CVSS5.4AI score0.00244EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Fission 访问控制错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained a access control vulnerability. This vulnerability stemmed from the lack of namespace validation using the access webhook in the Fission Function specification for...

7.7CVSS5.3AI score0.00265EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Adobe ColdFusion 授权问题漏洞

Adobe ColdFusion is a rapid application development platform provided by Adobe Inc. This platform includes an integrated development environment and a scripting language. Versions of Adobe ColdFusion such as 2023.19, 2025.8, and earlier versions have security vulnerabilities. These vulnerabilitie...

9.1CVSS5.8AI score0.07535EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

WordPress plugin Recover Exit For WooCommerce 安全漏洞

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed to enhance functionality of the platform. The "Recover Exit For WooCommerce"...

8.1CVSS6AI score0.00551EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Microsoft Windows Projected File System Filter Driver 缓冲区错误漏洞

Microsoft Windows is an operating system used on personal devices by the American company Microsoft. The Microsoft Windows Projected File System Filter Driver has a buffer error vulnerability. The following products and versions are affected: Windows Server 2019 Server Core installation, Windows ...

7.8CVSS6AI score0.00326EPSS
Exploits0References1
Total number of security vulnerabilities5000