Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/06/08 12:0 a.m.16 views

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a security vulnerability, which stemmed from issues with batch assignment during dataset creation and updating. This vulnerability could lead to...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.16 views

Nginx Proxy Manager 操作系统命令注入漏洞

Nginx Proxy Manager is an open-source Docker container developed by Nginx Proxy Manager. It is used to manage Nginx proxy hosts through a simple and powerful interface. Version 2.9.14 to 2.15.1 of Nginx Proxy Manager has a vulnerability related to operating system command injection. This...

7.7CVSS5.9AI score0.00921EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.16 views

student_management_system 跨站脚本漏洞

studentmanagementsystem is a student information management tool personally developed by Vivek Singh. studentmanagementsystem has a cross-site scripting vulnerability. This vulnerability stems from improper handling of parameters such as name, address, and fname by an unknown function in the...

5.1CVSS4.5AI score0.00199EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.16 views

SourceCodester Class and Exam Timetabling System 注入漏洞

SourceCodester Class and Exam Timetabling System is an open-source classroom and exam scheduling system developed by SourceCodester. Version 1.0 of the SourceCodester Class and Exam Timetabling System has a SQL injection vulnerability, which stems from improper handling of the parameter "Password...

7.5CVSS7.5AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.16 views

UTT HiPER 2610G 缓冲区错误漏洞

UTT HiPER 2610G is a high-end router designed for small and medium-sized enterprise networks by UTT Corporation. Versions of UTT HiPER 2610G 3.0.0-171107 and earlier contain a buffer overflow vulnerability. This vulnerability stems from the strcopy function in the...

9CVSS8.6AI score0.006EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.16 views

CodeAstro Student Attendance Management System 注入漏洞

The CodeAstro Student Attendance Management System is a student attendance management system developed by CodeAstro Corporation. Version 1.0 of the CodeAstro Student Attendance Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ...

6.5CVSS6.6AI score0.00204EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.16 views

HCL Digital Experience和HCL Digital Experience Compose 安全漏洞

HCL Digital Experience and HCL Digital Experience Compose are both products of the Indian company HCL. HCL Digital Experience is a digital experience platform and content delivery solution. HCL Digital Experience Compose is an enterprise-level content creation and digital experience management...

6.1CVSS5.5AI score0.00144EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.16 views

Cloud Foundry windows-utilities-release 安全漏洞

Cloud Foundry Windows-Utilities-Release is a collection of Windows platform maintenance tools provided by the Cloud Foundry company. There are security vulnerabilities in Cloud Foundry Foundation Windows-Utilities-Release; these vulnerabilities stem from the use of a predictable random number...

7.5CVSS5.4AI score0.00245EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.16 views

Mint 安全漏洞

Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.2.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the HTTP/2 server’s ability to insert unlimited entries through the PUSHPROMISE frame, which could lead to memo...

8.2CVSS5.4AI score0.00384EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.16 views

Sony PlayStation 4 安全漏洞

The Sony PlayStation 4 is a home video game console developed by the Japanese company Sony. There were security vulnerabilities in the versions 13.00 to 13.02 of the Sony PlayStation 4. These vulnerabilities stemmed from the BD-J sandbox feature, which could allow an abnormal JAR file to escape,...

7.4CVSS5.4AI score0.00085EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.16 views

OpenTelemetry eBPF Instrumentation 安全漏洞

OpenTelemetry eBPF Instrumentation is an open-source eBPF-based lightweight telemetry data collection tool developed by OpenTelemetry. Versions of OpenTelemetry eBPF Instrumentation prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the Postgres protocol parser’...

7.5CVSS5.4AI score0.00342EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.16 views

OTRS 安全漏洞

OTRS is a service management solution developed by the German company OTRS. Versions 8.0.X, 2023.X, 2024.X, 2025.X, and 2026.X up to version 2026.4.X of OTRS contained security vulnerabilities. These vulnerabilities were due to uncontrolled resource allocation during email processing, which could...

5.7CVSS5.3AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.16 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 RX Host contains an operating system command injection vulnerability. This...

8.6CVSS6.1AI score0.00882EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.16 views

arcane 操作系统命令注入漏洞

Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane 1.18.1 and earlier contain a vulnerability related to operating system command injection. This vulnerability stems from the path cleaner in the GET /environments/id/volumes/volumeName/browse endpoint not...

6.3CVSS6.1AI score0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.16 views

PHP-SHOP 跨站请求伪造漏洞

PHP-SHOP is an online shopping system developed by joeyrush, based on PHP. Version 1.0 of PHP-SHOP has a cross-site request forgeing vulnerability. This vulnerability stems from the lack of verification of the request source, which may allow unauthenticated attackers to add administrative users...

6.9CVSS5.7AI score0.00162EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.16 views

MENNEKES AMTRON 安全漏洞

MENNEKES AMTRON is a series of electric vehicle AC charging stations and wall-mounted charging systems from MENNEKES Corporation. Versions of MENNEKES AMTRON 5.22.3 and earlier contain security vulnerabilities. These vulnerabilities stem from authentication bypasses, which may allow unauthenticat...

10CVSS5.8AI score0.00612EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.16 views

WordPress plugin Photo Gallery by 10Web SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.5CVSS5.9AI score0.00504EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.16 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained a security vulnerability. This vulnerability stemmed from logical flaws in the social login binding process, allowing users to...

5.3CVSS5.9AI score0.00322EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.16 views

Music Player Daemon 安全漏洞

Music Player Daemon is an open-source music playback daemon. Versions of Music Player Daemon prior to 0.24.11 contained a security vulnerability. This vulnerability stemmed from the pcmunpack24be function in src/pcm/Pack.cxx, which had a stack buffer overflow issue. This could allow unauthorized...

8.8CVSS6.2AI score0.0051EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.16 views

InHand IR Series 安全漏洞

The InHand IR Series is a series of industrial-grade cellular wireless routers produced by InHand Corporation in the United States. The InHand IR Series contains a security vulnerability, which stems from command injection in the WireGuard VPN function. This vulnerability may allow attackers to...

9.8CVSS5.9AI score0.01269EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.16 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of prohibition for private IOCTL commands in the atomic ISP driver, potentially leading ...

7.8CVSS5.8AI score0.00141EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.16 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an issue with the switch case statement in the loongsongpufixupdmahang function within LoongArch...

5.8AI score0.00095EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.16 views

WordPress plugin WPBakery Page Builder Addons by Livemesh 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application add-on. The WordPre...

6.4CVSS5.7AI score0.00235EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.16 views

OpenStack Swift 安全漏洞

OpenStack Swift is an open-source distributed object storage system under OpenStack. There were security vulnerabilities in versions of OpenStack Swift prior to 2.36.2 and 2.37.2. These vulnerabilities stemmed from the s3api middleware handling truncated aws-chunked PUT request bodies, leading to...

7.1CVSS5.8AI score0.00322EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.16 views

WordPress plugin Smart Online Order for Clover 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.3CVSS5.8AI score0.00229EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.16 views

WordPress plugin WPComplete 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.16 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.16 views

WordPress plugin ShopLentor - WooCommerce Builder for Elementor & Gutenberg 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.4CVSS5.8AI score0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.16 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system CMS developed by Craft CMS. Versions of Craft CMS 5.9.5 and earlier contained security vulnerabilities, which were caused by a lack of authorization verification at the migrate endpoint...

7.3CVSS5.8AI score0.00283EPSS
Exploits3References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.16 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the pushbuf relocation boundary check in the nouveau driver. This vulnerability results in an...

7.8CVSS5.9AI score0.00143EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.16 views

Dozzle 代码问题漏洞

Dozzle is a small, lightweight application developed by Amir Raminfar as an individual project. Versions of Dozzle prior to 10.5.2 had code vulnerabilities. These vulnerabilities stemmed from the fact that the POST /api/notifications/test-webhook endpoint was not authenticated during default...

8.6CVSS5.8AI score0.01491EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.16 views

IBM Db2 日志信息泄露漏洞

IBM Db2 is a relational database management system developed by IBM. Versions 11.5.0 to 11.5.9 and 12.1.0 to 12.1.4 of IBM Db2 contain a vulnerability related to log information leakage. This vulnerability stems from the storage of potentially sensitive information in log files, which may allow...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.16 views

Joomla! CMS 路径遍历漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. Joomla! CMS has a path traversal vulnerability, which stems from improper input validation provided to users, potentially leading to local file inclusion...

9.8CVSS5.8AI score0.00482EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.16 views

mistune 跨站脚本漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune 3.2.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the renderfigure function in src/mistune/directives/image.py, which directly concatenated the...

6.1CVSS5.7AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.16 views

eml_parser 安全漏洞

EmlParser is an open-source Python library for parsing email files, developed by GOVCERT.LU. Versions of EmlParser prior to 3.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of EmlParser.getrawbodytext, which performed unrestricted recursive processing on nested...

6.3CVSS5.8AI score0.00395EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.16 views

Tiandy Easy7 Integrated Management Platform 授权问题漏洞

Tiandy Easy7 Integrated Management Platform is a video surveillance integrated management platform from Tiandy, China. An authorization issue vulnerability exists in Tiandy Easy7 Integrated Management Platform version 7.17.0, which originates from the handling of the file...

6.9CVSS6AI score0.00352EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.16 views

OutSystems Lifetime 安全漏洞

OutSystems Lifetime is a low-code platform management control center from OutSystems USA. A security vulnerability exists in OutSystems Lifetime versions prior to 11.28.2.3955, which stems from the presence of the ApplicationID parameter to bypass authorization via a user control key, which could...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.16 views

Edimax EW-7438RPn 操作系统命令注入漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Versions of Edimax EW-7438RPn prior to 1.31 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the formWizSurvey function in the webs component files or...

6.5CVSS6.6AI score0.01519EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.16 views

GNU SASL 代码问题漏洞

GNU SASL is a simple authentication and security layer framework from the GNU community in the United States, which implements several common SASL mechanisms. Versions of GNU SASL prior to 2.2.3 had code vulnerabilities; these vulnerabilities stemmed from a null pointer dereferencing in the...

7.5CVSS5.9AI score0.00455EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.16 views

Yakamara Media Redaxo CMS Mediapool Addon 安全漏洞

Yakamara Media Redaxo CMS Mediapool Addon is an extension for media resource management within the REDAXO content management system developed by Yakamara Media. Versions of Yakamara Media Redaxo CMS Mediapool Addon prior to version 5.5.1 contained security vulnerabilities. These vulnerabilities...

8.8CVSS6.1AI score0.00452EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.16 views

Microsoft Entra 安全漏洞

Microsoft Entra is an identity and access management system developed by the American company Microsoft. There is a security vulnerability in Microsoft Entra, which stems from using alternative paths or channels to bypass authentication. This could allow unauthorized attackers to gain elevated...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.16 views

Sunshine 信任管理问题漏洞

Sunshine is an Open Source Moonlight-based autonomous gaming streaming host developed by LizardByte. Earlier versions of Sunshine, such as 2026.516.143833, had vulnerabilities related to trust management. These vulnerabilities stemmed from improper handling of OpenSSL verification results. Custom...

9.8CVSS5.8AI score0.00291EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.16 views

Dell PowerFlex Manager 安全漏洞

Dell PowerFlex Manager is a software-defined infrastructure deployment and lifecycle management platform developed by the American company Dell. Versions of Dell PowerFlex Manager prior to 4.6.2 contain security vulnerabilities. These vulnerabilities stem from the exposure of directory list...

7.5CVSS5.8AI score0.00127EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.16 views

Netatalk 操作系统命令注入漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.1.0 to 4.4.2 of Netatalk have a vulnerability related to operating system command injection. This vulnerability stems fr...

6.7CVSS6.1AI score0.0013EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.16 views

PowerDNS Authoritative 命令注入漏洞

PowerDNS Authoritative is a DNS server software developed by PowerDNS Corporation. PowerDNS Authoritative has a command injection vulnerability, which stems from insufficient name validation during the AXFR process...

8.6CVSS5.8AI score0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.16 views

Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...

6.5CVSS5.8AI score0.00396EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.16 views

HCL BigFix Service Management 安全漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a security vulnerability, which stems from configuration issues. Using outdated or insecure base images may introduce known vulnerabilitie...

9.8CVSS5.8AI score0.00178EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.16 views

Veritas Technologies Infoscale Operations Manager 跨站请求伪造漏洞

Veritas Technologies Infoscale Operations Manager is a software developed by Veritas Technologies in the United States, used for managing the entire InfoScale deployment. This software offers features such as multi-cluster management, custom interfaces, and centralized audit logging. Version 9.1....

8.8CVSS5.7AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.16 views

WordPress plugin Email Encoder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

6.1CVSS5.9AI score0.00213EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.16 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the possibility for low-privilege users to bypass security controls and disable the implicit flow of OIDC clients, potentially leading to the leakage o...

7.1CVSS5.8AI score0.00344EPSS
Exploits0References2
Total number of security vulnerabilities5000