Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/03/16 12:0 a.m.16 views

D-Link多款产品 命令注入漏洞

D-Link DNS-320, etc., are products of D-Link Corporation, a Chinese company. The D-Link DNS-320 is a NAS Network Attached Storage device. The D-Link DNS-120 is a network storage adapter. The D-Link DNS-315L is a network attached storage device. Several D-Link products have command injection...

9.8CVSS6.6AI score0.03774EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.16 views

PX4-Autopilot 安全漏洞

PX4-Autopilot is an open-source drone autopilot system developed by PX4. Versions prior to PX4-Autopilot 1.17.0-rc2 contained security vulnerabilities. These vulnerabilities stemmed from logical errors in the FTP session verification of PX4 Autopilot MAVLink. As a result, unverified attackers cou...

6.5CVSS5.8AI score0.00387EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.16 views

WordPress plugin Sprout Clients 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.00161EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.16 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.6.0-alpha.12 and 8.6.38 contain security vulnerabilities. These vulnerabilities stem from unvalidated user identifier formats,...

9.8CVSS5.8AI score0.00627EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.16 views

WordPress plugin ProfilePress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.16 views

WordPress plugin Builderall Builder for WordPress 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

9.9CVSS5.9AI score0.00469EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.16 views

File Browser 信息泄露漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.61.0 contained a vulnerability related to information leakage. This...

7.1CVSS7.2AI score0.00322EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.16 views

WordPress plugin Seraphinite Accelerator 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.16 views

WordPress plugin WP Recipe Maker 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.9AI score0.00253EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.16 views

FreeRDP 安全漏洞

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.23.0 contained security vulnerabilities. These vulnerabilities stemmed from the xfclipboardformatequal function, which allowed reusing of freed memory after it was released...

9.8CVSS7.3AI score0.00567EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.16 views

Progress Telerik UI 安全特征问题漏洞

Progress Telerik UI is a UI control suite for application development developed by the American company Progress. Versions of Progress Telerik UI for AJAX prior to version 2026.1.225 contained security feature vulnerabilities, which were caused by insufficient entropy in the RadAsyncUpload...

5.9CVSS5.8AI score0.00177EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.16 views

Intego Personal Backup 后置链接漏洞

Intego Personal Backup is a backup tool developed by the Intego company. Intego Personal Backup has a post-installation vulnerability that stems from the fact that backup task definitions are stored in a location that can be written to by non-privileged users. However, these tasks are processed...

8.5CVSS6.8AI score0.00181EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.16 views

AMD多款产品 安全漏洞

AMD EPYC and other products are developed by American semiconductor company AMD. AMD EPYC is a high-performance server processor. Amd Epyc™ Embedded Processors are embedded processors. AMD EPYC Processors are a series of multi-core processors. Several AMD products have security vulnerabilities;...

5.9CVSS5.8AI score0.00157EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.16 views

AutoGPT 代码问题漏洞

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. Previous versions of AutoGPT, including autogpt-platform-beta-v0.6.34, had code vulnerabilities. These vulnerabilities stemmed from the use of the third-party library urllib.request.urlopen...

9.8CVSS5.9AI score0.00357EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.16 views

Geopandas security vulnerabilities

Geopandas is an open-source Python tool for processing geospatial data. Versions of geopandas prior to 1.1.2 contained a security vulnerability. This vulnerability stemmed from a flaw in the topostgis function, which could allow attackers to access sensitive information when writing GeoDataFrames...

8.6CVSS5.8AI score0.00385EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.16 views

Malcontent security vulnerabilities

Malcontent is a supply chain attack detection tool developed by Chainguard. Versions prior to 1.20.3 of Malcontent contain security vulnerabilities. These vulnerabilities arise from the possibility of exposing Docker registry credentials during the scanning of specially crafted OCI image referenc...

6.5CVSS5.8AI score0.00336EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.16 views

OpenProject data falsification vulnerability

OpenProject is an open-source web-based project management software. In versions 17.0.0 to 17.0.2 of OpenProject, there was a data manipulation vulnerability. This vulnerability stemmed from the BlockNote editor extension not properly verifying work package IDs, allowing arbitrary GET requests to...

7.3CVSS5.9AI score0.00105EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.16 views

Kargo security vulnerabilities

Kargo is an open-source continuous delivery tool developed by Akuity. Versions of Kargo prior to 1.8.7, 1.7.7, and 1.6.3 contained security vulnerabilities. These vulnerabilities stemmed from defects in the authentication checks for the GetConfig and RefreshResource API endpoints, which could all...

7.2CVSS5.8AI score0.00342EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.16 views

ibaPDA security vulnerabilities

ibaPDA is an industrial process data acquisition and analysis system developed by the German company iba. There is a security vulnerability in ibaPDA, which allows unauthorized operations on the file system under certain conditions. This vulnerability may affect the confidentiality, integrity, or...

10CVSS5.8AI score0.00409EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.16 views

XDocReport security vulnerabilities

XDocReport is an open-source XML document reporting software developed by opensagres. There are security vulnerabilities in the XDocReport version 1.0.0 to 2.1.0; these vulnerabilities stem from server-side template injection in the FreeMarker component, which may allow arbitrary code to be...

9.8CVSS6AI score0.00504EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.16 views

Cal.com 安全漏洞

Cal.com is an open source scheduling software from Cal.com Open Source. A security vulnerability exists in Cal.com versions 3.1.6 through prior to 6.0.7, which stems from a flaw in the custom NextAuth JWT callback that could allow an attacker to gain full authentication access to any user account...

10CVSS6AI score0.004EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.16 views

Microsoft Windows Ancillary Function Driver for WinSock 安全漏洞

Microsoft Windows Ancillary Function Driver for WinSock is an ancillary function driver for Winsock from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Windows Ancillary Function Driver for WinSock, which is caused by freeing memory in the WinSock Ancillary Function...

7.8CVSS5.8AI score0.00475EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.16 views

TinyOS 安全漏洞

TinyOS is an operating system in the TinyOS open source. A security vulnerability exists in TinyOS 2.1.2 and earlier versions, which stems from improper use of the strcpy and strcat functions in the mcp2200gpio utility, and could lead to stack memory corruption and application crashes...

4.8CVSS5.8AI score0.00127EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.16 views

pypdf 安全漏洞

pypdf is py-pdf open source a free open source pure python PDF library . Able to split , merge , crop and convert pages of PDF files . pypdf versions prior to 6.6.0 has a security vulnerability , the vulnerability stems from the processing of incorrectly formatted startxref entries may generate a...

6.9CVSS6.4AI score0.00391EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.16 views

iccDEV 安全漏洞

iccDEV is a color configuration codebase open-sourced by the International Color Consortium ICC. A security vulnerability exists in iccDEV versions prior to 2.3.1.2, which stems from undefined behavior caused by passing a null pointer to memcpy in CIccTagSparseMatrixArray...

6.1CVSS6.6AI score0.00155EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.16 views

WordPress plugin WING WordPress Migrator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

9.6CVSS5.7AI score0.00171EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.16 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the rsi driver not checking the state of the WoWlan configuration in a shutdown hook, which could result in ...

6.1AI score0.00168EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.16 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from sysfs changing group attribute ownership without checking visibility, which could result in a warning message...

6.2AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.16 views

WordPress plugin Fancy Product Designer 信息泄露漏洞

WordPress Fancy Product Designer plugin is an e-commerce plugin designed for the WordPress platform, mainly used to implement the product online customization function. WordPress Fancy Product Designer plugin has an information disclosure vulnerability, the vulnerability stems from the url...

5.9CVSS6.2AI score0.0026EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.16 views

D-Link DCS-F5614-L1 安全漏洞

The D-Link DCS-F5614-L1 is a network camera from China Youxun D-Link. A security vulnerability exists in the D-Link DCS-F5614-L1 that originates from unauthenticated access to camera configuration information, including account credentials, when accessing a specific URL...

9.4CVSS7.7AI score0.00778EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.16 views

Xinhu RockOA 安全漏洞

Xinhu RockOA is an office OA system of China Xinhu Company. A security vulnerability exists in Xinhu RockOA version 2.7.0, which originates from the incorrect operation of the function phpinisaveAction in the file webmain/system/cogini/coginiAction.php on the parameter a, which may result in the...

4.3CVSS6.8AI score0.00212EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.16 views

WordPress plugin Kallyas 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.5AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.16 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an out-of-bounds memory read in the xfs symbolic link fix, which could lead to a system crash...

6AI score0.00172EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/27 12:0 a.m.16 views

Apache SkyWalking 安全漏洞

Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A cross-site scripting vulnerability exists in Apache SkyWalking version 10.2.0 and earlier, which stems from not...

6.1CVSS5.7AI score0.00625EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.16 views

ASUS Router 安全漏洞

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. An authentication bypass vulnerability exists in ASUS Router, which stems from an unexpected side effect of Samba functionality...

9.2CVSS7.2AI score0.15087EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.16 views

Roo Code 命令注入漏洞

Roo Code is an AI-based autonomous coding agent from Roo Code. A command injection vulnerability exists in Roo Code versions prior to 3.26.7 that stems from an authentication error and could lead to the execution of unauthorized commands...

8.1CVSS7.8AI score0.00621EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.16 views

AXIS OS 安全漏洞

AXIS OS is an edge device operating system from Axis Sweden. AXIS OS has a security vulnerability that stems from insufficient validation of ACAP configuration file inputs, which could lead to path traversal attacks and elevation of privilege...

6.7CVSS6.7AI score0.00149EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.16 views

DedeBIZ 安全漏洞

DedeBIZ is a content management system from China Muyun Intelligence DedeBIZ company. A security vulnerability exists in DedeBIZ 6.3.2 and earlier versions, which stems from an incorrect manipulation of the parameter orderby in the file /admin/freelistmain.php, which could lead to a SQL injection...

7.2CVSS5.5AI score0.00296EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/31 12:0 a.m.16 views

WordPress plugin Polylang 安全漏洞

WordPress Polylang plugin is a multilingual WordPress plugin for creating and managing multilingual websites, supports switching from 1 to 10 or more languages, the core functionality is fully integrated with WordPress built-in features e.g. taxonomies without additional dependency on external...

8.8CVSS7.4AI score0.00332EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.16 views

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization. It is primarily used as a router and firewall. A security vulnerability exists in IPFire versions prior to 2.29 that stems from insufficient cleaning and escaping of the CONNECTIONNAME parameter, which could lead to an SQL...

7.1CVSS7.6AI score0.00387EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.16 views

Flock Safety Android Collins 安全漏洞

Flock Safety Android Collins is an application module for managing cameras from Flock Safety USA. A security vulnerability exists in Flock Safety Android Collins version 6.35.31, which stems from a lack of authentication and could lead to denial of service, information disclosure, and remote code...

9.8CVSS7.9AI score0.01004EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/09/27 12:0 a.m.16 views

LlamaIndex 安全漏洞

LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex version 0.12.44 and earlier, which stems from the use of hard-coded paths and lack of security controls in the getcachedir function, which could lead to model stealin...

7.3CVSS7.2AI score0.00134EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.16 views

Novakon P series 安全漏洞

Novakon P series is a series of industrial panel PC operating pages from Taiwan, China-based Speedcom Novakon. A security vulnerability exists in Novakon P series version V2001.A.C518o2, which stems from improper authentication and could allow an unauthenticated attacker to upload and download...

10CVSS7.2AI score0.01396EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/18 12:0 a.m.16 views

SoftIron HyperCloud 安全漏洞

SoftIron HyperCloud is an intelligent cloud architecture from SoftIron. A security vulnerability exists in SoftIron HyperCloud versions 2.5.0 through 2.6.3 that stems from incorrectly adding a user SSH key to an administrator-level authorization key, which could lead to unauthorized elevation of...

1.8CVSS6.9AI score0.00114EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/11 12:0 a.m.16 views

WordPress plugin Responsive Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.4CVSS5.7AI score0.00216EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.16 views

Contao 安全漏洞

Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 5.3.38 and versions prior to 5.6.1, which stems from an unfiltered protected...

5.3CVSS6.3AI score0.00281EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.16 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by a lack of permission checking in handleBondStateChanged of AdapterService.java. An attacker can exploit this vulnerability to obtain sensitive...

7.5CVSS6AI score0.00297EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/18 12:0 a.m.16 views

Komari 跨站脚本漏洞

Komari is a simple server monitoring tool from the Komari Moniter open source. A cross-site scripting vulnerability exists in versions prior to Komari 1.0.4-fix1, which stems from the WebSocket updater disabling origin checking, and could lead to cross-site WebSocket hijacking and remote code...

8.6CVSS7.1AI score0.00515EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/18 12:0 a.m.16 views

Copier 路径遍历漏洞

Copier is a Copier open source library for rendering project templates. A path traversal vulnerability exists in Copier versions prior to 7.1.0 through 9.9.1, which stems from the fact that templates can be written to files outside of the target path, potentially leading to arbitrary file...

6.9CVSS6.9AI score0.00244EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/16 12:0 a.m.16 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uninitialized device structure that could cause the kernel to crash...

5.5CVSS6.2AI score0.00146EPSS
Exploits0References4
Total number of security vulnerabilities5000