Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2025/09/18 12:0 a.m.16 views

SoftIron HyperCloud 安全漏洞

SoftIron HyperCloud is an intelligent cloud architecture from SoftIron. A security vulnerability exists in SoftIron HyperCloud versions 2.5.0 through 2.6.3 that stems from incorrectly adding a user SSH key to an administrator-level authorization key, which could lead to unauthorized elevation of...

1.8CVSS6.9AI score0.00114EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/11 12:0 a.m.16 views

WordPress plugin Responsive Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.4CVSS5.7AI score0.00216EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.16 views

Contao 安全漏洞

Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 5.3.38 and versions prior to 5.6.1, which stems from an unfiltered protected...

5.3CVSS6.3AI score0.00281EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.16 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by a lack of permission checking in handleBondStateChanged of AdapterService.java. An attacker can exploit this vulnerability to obtain sensitive...

7.5CVSS6AI score0.00297EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/18 12:0 a.m.16 views

Komari 跨站脚本漏洞

Komari is a simple server monitoring tool from the Komari Moniter open source. A cross-site scripting vulnerability exists in versions prior to Komari 1.0.4-fix1, which stems from the WebSocket updater disabling origin checking, and could lead to cross-site WebSocket hijacking and remote code...

8.6CVSS7.1AI score0.00515EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/18 12:0 a.m.16 views

Copier 路径遍历漏洞

Copier is a Copier open source library for rendering project templates. A path traversal vulnerability exists in Copier versions prior to 7.1.0 through 9.9.1, which stems from the fact that templates can be written to files outside of the target path, potentially leading to arbitrary file...

6.9CVSS6.9AI score0.00244EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/16 12:0 a.m.16 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uninitialized device structure that could cause the kernel to crash...

5.5CVSS6.2AI score0.00146EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.16 views

soosyze 安全漏洞

soosyze is Soosyze open source a content management system . soosyze has a brute force vulnerability , the vulnerability stems from the /user/login endpoint lack of rate limiting and locking mechanism , an attacker can use this vulnerability to cause brute force attack...

5.4CVSS6.8AI score0.0081EPSS
Exploits3References6
CNNVD
CNNVD
added 2025/08/01 12:0 a.m.16 views

Pearcleaner 安全漏洞

Pearcleaner is a mac application cleaner tool by the individual developer Alin Lupascu. A security vulnerability exists in Pearcleaner versions 4.4.0 through 4.5.1, which stems from the XPC service exposing the Execute Arbitrary Command method, which could lead to elevation of privilege...

7.3CVSS6.6AI score0.00165EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/28 12:0 a.m.16 views

Copyparty 跨站脚本漏洞

Copyparty is a portable file server for ed individual developers. A cross-site scripting vulnerability exists in Copyparty 1.18.4 and earlier versions, which stems from improper cleaning of the multimedia tags of music files and could lead to the execution of arbitrary JavaScript code...

6.1CVSS6AI score0.00395EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.16 views

WordPress 安全漏洞

WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress versions 3.5 through 6.8.2, which stems from mishandling of...

3.7CVSS6.2AI score0.00321EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/20 12:0 a.m.16 views

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi 4.8.1 and earlier versions, which originates from the incorrect operation of the File parameter File in the function uploadFile in the file...

6.5CVSS6.5AI score0.00304EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.16 views

RT-Thread 缓冲区错误漏洞

RT-Thread is an open source IoT real-time operating system RTOS from RT-Thread Open Source. A buffer error vulnerability exists in RT-Thread 5.1.0 and earlier versions, which stems from a memory corruption and could lead to a local attack...

8.5CVSS7.6AI score0.00248EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.16 views

Elecom多款产品 操作系统命令注入漏洞

Elecom WRC-X3000GS and others are a router from Elecom Japan. An operating system command injection vulnerability exists in the Elecom WRC-X3000GS, Elecom WRC-X3000GSA, and Elecom WRC-X3000GSN, which stems from a Connection Diagnostics page command injection leading to arbitrary OS command...

8.8CVSS9AI score0.00995EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.16 views

KnowledgeGPT 安全漏洞

KnowledgeGPT is a Sasmitha Individual Developer to provide accurate answers and instant citations for your documents. A security vulnerability exists in KnowledgeGPT version V.0.0.5, which stems from a flaw in the Document Display Component that could lead to remote execution of arbitrary code...

9.8CVSS6.9AI score0.00619EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.16 views

mezzanine 跨站脚本漏洞

mezzanine is a Django CMS framework by stephenmcd individual developers. A cross-site scripting vulnerability exists in mezzanine versions prior to 6.1.1, which stems from insufficient cleanup of the displayablelinksjs function and could lead to a stored cross-site scripting attack...

4.8CVSS5.7AI score0.00263EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/06/16 12:0 a.m.16 views

OpenNext opennextjs/cloudflare 安全漏洞

OpenNext opennextjs/cloudflare is an OpenNext open source Next.js adapter. A security vulnerability exists in OpenNext opennextjs/cloudflare that stems from a server-side request forgery issue that could result in loading arbitrary remote content...

9.1CVSS6.7AI score0.00832EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/30 12:0 a.m.16 views

FreeScout 跨站脚本漏洞

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that stems from not filtering the payload when creating translated phrases, no details of the vulnerability are...

6CVSS6.3AI score0.00222EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.16 views

WordPress plugin Save as Image Plugin by Pdfcrowd 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.8CVSS5.8AI score0.00266EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/05/09 12:0 a.m.16 views

Victure RX1800 安全漏洞

The Victure RX1800 is a wireless router from Victure. A security vulnerability exists in the Victure RX1800 ENV1.0.0r12110933 version, which stems from improper access control and could result in SSH and Telnet services being enabled without authentication...

8.8CVSS6.7AI score0.00473EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.16 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a null pointer dereference in dpuplanevirtualatomiccheck...

5.5CVSS6.3AI score0.0013EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/28 12:0 a.m.16 views

Snowflake snowflake-connector-nodejs 安全漏洞

Snowflake snowflake-connector-nodejs is a Snowflake connector for NODEJS from Snowflake, Inc. A security vulnerability exists in Snowflake snowflake-connector-nodejs versions prior to 1.10.0 through 2.0.4, which stems from a TOCTOU competitive condition that could result in log configuration bein...

7CVSS6.4AI score0.00141EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.16 views

SourceCodester Web-based Pharmacy Product Management System 代码问题漏洞

SourceCodester Web-based Pharmacy Product Management System is a SourceCodester open source Web-based pharmacy product management system. A code issue vulnerability exists in version 1.0 of the SourceCodester Web-based Pharmacy Product Management System, which stems from insufficient validation o...

8.8CVSS6.8AI score0.00478EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.16 views

Siemens TeleControl Server Basic SQL注入漏洞

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from an SQL injection vulnerability that originates from an SQL injection in the UnlockTraceLevelSettings method, which can be exploited by an attacker to bypass...

8.8CVSS8.4AI score0.00554EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.16 views

WordPress plugin FS Poster 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.3CVSS8.4AI score0.00279EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/09 12:0 a.m.16 views

GraphicsMagick 安全漏洞

GraphicsMagick is GraphicsMagick open source set of simple image processing tools. It provides resizing, rotation, highlighting, and more. A security vulnerability exists in GraphicsMagick versions prior to 8e56520, which stems from a heap buffer over-read...

4CVSS4.8AI score0.00339EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/03/23 12:0 a.m.16 views

FoxCMS 安全漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS Company. A security vulnerability exists in FoxCMS version 1.25, which originates from improper authorization...

5.3CVSS4.9AI score0.00303EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/11 12:0 a.m.16 views

Adobe Illustrator 安全漏洞

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A security vulnerability exists in Adobe Illustrator versions 29.2.1, 28.7.4 and earlier, which originates from a stack buffer overflow that can be exploited by an attacker to cause arbitra...

7.8CVSS7.8AI score0.00266EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/11 12:0 a.m.16 views

Adobe Illustrator 代码问题漏洞

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A null pointer dereference vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to cause a denial of service...

5.5CVSS6.5AI score0.0019EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.16 views

Cordaware bestinformed 安全漏洞

Cordaware bestinformed is a mass notification system from Cordaware, Germany. A security vulnerability exists in Cordaware bestinformed that stems from a server address modification permission issue that could result in local privileges being elevated to SYSTEM...

8.5CVSS6.4AI score0.0016EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/01/31 12:0 a.m.16 views

OpenPanel 安全漏洞

OpenPanel is a web hosting panel from OpenPanel, Inc. A security vulnerability exists in OpenPanel v0.3.4, which originates in the File Manager component of OpenPanel, and can be exploited to access and view a directory traversal operation by constructing a malicious HTTP request and utilizing th...

9.1CVSS8.9AI score0.02279EPSS
Exploits3References3
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.16 views

1000 Projects Employee Task Management System SQL注入漏洞

1000 Projects Employee Task Management System is an open source employee task management system from 1000 Projects. A SQL injection vulnerability exists in 1000 Projects Employee Task Management System version 1.0, which is caused by SQL injection due to parameter email...

9.8CVSS7.9AI score0.00506EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/01/13 12:0 a.m.16 views

SAP NetWeaver AS SQL注入漏洞

SAP NetWeaver AS is a SAP web application server from SAP, Germany. SAP NetWeaver AS suffers from a SQL injection vulnerability that originates from a program that does not properly check for authorization, which could be exploited by an attacker to gain control over data in an Informix database,...

8.8CVSS8AI score0.00718EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/11 12:0 a.m.16 views

WordPress plugin Dominion 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS7.6AI score0.00306EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.16 views

WordPress plugin Asgard Security Scanner 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.1CVSS7.7AI score0.0037EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.16 views

Drupal 安全漏洞

Drupal is an open source content management system developed in the Drupal community using the PHP language. A security vulnerability exists in Drupal OAuth & OpenID Connect Single Sign On - SSO OAuth/OIDC Client versions 3.0.0 through 3.44.0, and 4.0.0 through 4.0.19, which stems from improperly...

6.1CVSS6.2AI score0.00238EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.16 views

WordPress plugin Error Log Viewer By WP Guru 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in...

7.5CVSS7.9AI score0.46858EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/12/19 12:0 a.m.16 views

Chat2DB 安全漏洞

Chat2DB is an AI-driven SQL client open-sourced by CodePhiliaX. A security vulnerability exists in Chat2DB version v0.3.5, which stems from the presence of XML external entity injection in the component /datagrip/upload, allowing an attacker to execute arbitrary code by providing crafted XML inpu...

9.8CVSS8.4AI score0.00807EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.16 views

Adobe After Effects 安全漏洞

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. Adobe After Effects suffers from a buffer overflow vulnerability that...

7.8CVSS7.5AI score0.00459EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.16 views

WordPress plugin Redirects 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS8.7AI score0.00448EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/24 12:0 a.m.16 views

GL.iNet多款产品 安全漏洞

GL.iNet AX1800 and others are products of China Guanglian Zhitong GL.iNet company.GL.iNet AX1800 is a wireless router.GL.iNet AXT1800 is a router.GL.iNet MT6000 is a router.GL.iNet AXT1800 is a router.GL.iNet MT6000 is a router.GL.iNet MT6000 is a router. A security vulnerability exists in severa...

8CVSS6.7AI score0.0048EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/23 12:0 a.m.16 views

Botan 安全漏洞

Botan is a C++ cryptographic library by the individual developer Jack Lloyd. A security vulnerability exists in versions of Botan prior to 3.6.0, which stems from a compiler-caused secret dependency operation when compiling with some versions of GCC. An addition operation could be skipped if the...

5.9CVSS6.7AI score0.00542EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.16 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a null pointer dereference due to post-release reuse in hsci...

7.8CVSS6.5AI score0.00238EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/05 12:0 a.m.16 views

WordPress plugin BuddyForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS6.2AI score0.00254EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/03 12:0 a.m.16 views

PowerDNS 安全漏洞

PowerDNS is an open source DNS server from PowerDNS. PowerDNS uses Access mdb file to record DNS information under Win32, and MySQL to record DNS information under Linux/Unix. Whether it is mdb or MySQL, backup is very convenient. A security vulnerability exists in PowerDNS that allows an attacke...

7.5CVSS6.5AI score0.00698EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/03 12:0 a.m.16 views

TEM Opera Plus FM Family Transmitter 跨站请求伪造漏洞

The TEM Opera Plus FM Family Transmitter is a frequency modulation FM transmitter device from TEM. A cross-site request forgery vulnerability exists in TEM Opera Plus FM Family Transmitter version 35.45, which originates from allowing a user to perform certain actions via HTTP requests without...

8.6CVSS6.8AI score0.00245EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/09/28 12:0 a.m.16 views

Autel Energy MaxiCharger AC Elite Business C50 安全漏洞

Autel Energy MaxiCharger AC Elite Business C50 is a car charger from Autel Energy USA. A security vulnerability exists in the Autel Energy MaxiCharger AC Elite Business C50 that stems from an issue with the inclusion of a use of hard-coded credentials in BLE...

8.8CVSS6.8AI score0.00796EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.16 views

Proxmox Virtual Environment 安全漏洞

Proxmox Virtual Environment Proxmox VE is an open source server virtualization environment Linux distribution from Proxmox. A security vulnerability exists in Proxmox Virtual Environment, which stems from insufficient protection against malicious API response values, and allows an authenticated...

8.2CVSS6.6AI score0.00366EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/09/19 12:0 a.m.16 views

Kastle Access Control System 安全漏洞

Kastle Access Control System is an access control system from Kastle USA. A security vulnerability exists in Kastle Access Control System versions prior to 20240501 that stems from storing machine credentials in plaintext, which allows an attacker to access sensitive information...

8.7CVSS6.6AI score0.00248EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.16 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE versions prior to 16.4 through...

7.5CVSS6.5AI score0.39581EPSS
Exploits0References3
Total number of security vulnerabilities5000