Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2023/05/11 12:0 a.m.43 views

Vitess 安全漏洞

Vitess is a database clustering system for horizontally scaling MySQL from Vitess. A security vulnerability exists in Vitess versions prior to 16.0.2 that stems from the fact that if VTAdmin creates a slice containing the / character, anyone attempting to create a new slice from VTAdmin will...

4.3CVSS5AI score0.00983EPSS
Exploits1References7
CNNVD
CNNVD
added 2023/05/02 12:0 a.m.43 views

Moodle 安全漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle that stems from allowing a user to control the path of old files to be created in the TinyMCE...

6.5CVSS6.1AI score0.06583EPSS
Exploits3References7
CNNVD
CNNVD
added 2023/03/22 12:0 a.m.43 views

WordPress plugin InPost Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS6.6AI score0.00441EPSS
Exploits2References3
CNNVD
CNNVD
added 2023/03/20 12:0 a.m.43 views

WordPress plugin WP OAuth Server 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS5.2AI score0.00262EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/03/07 12:0 a.m.43 views

Fortinet FortiOS 路径遍历漏洞

Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering, and antispam, etc. SSL...

7.1CVSS7.7AI score0.12316EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/15 12:0 a.m.43 views

Adobe Connect 访问控制错误漏洞

Adobe Connect is a software for creating meeting environments from Adobe. Adobe Connect has an access control error vulnerability that can be exploited by attackers to cause security features to be bypassed...

5.3CVSS6.7AI score0.81875EPSS
Exploits4References7
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.43 views

Lenovo Notebook 安全漏洞

Lenovo Notebook is a laptop computer from Lenovo, a Chinese company. The Lenovo Notebook suffers from a security vulnerability that originates from the execution of arbitrary code via the SystemBootManagerDxe driver...

7.8CVSS8.2AI score0.00342EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/29 12:0 a.m.43 views

Elvexys StreamX 路径遍历漏洞

Elvexys StreamX is a solution for managing and controlling real-time data collection processes from Elvexys. A path traversal vulnerability exists in Elvexys StreamX versions 6.02.01 through 6.04.34, which stems from the presence of a logic error...

9.8CVSS8.3AI score0.01194EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/01 12:0 a.m.43 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.7, which...

6.5CVSS6.3AI score0.00696EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.43 views

XWiki Platform 安全漏洞

XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. The XWiki Platform suffers from an information disclosure vulnerability that originates from the fact that when using XWiki's "Reset forgotten password" feature, passwords are stored in...

6.5CVSS5.9AI score0.0045EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/09/29 12:0 a.m.43 views

Discourse 代码问题漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A file upload vulnerability exists in versions of Discourse prior to 2.8.9 and prior to 2.9.0.beta10, which stems from a lack of valid validation of uploaded files by the...

9.1CVSS8.1AI score0.01578EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/28 12:0 a.m.43 views

Veritas NetBackup 安全漏洞

Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports the detection of ransomware and backup protection of environmental data such as metadata and virtual environments. A security...

8.5CVSS6.5AI score0.00553EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.43 views

Microsoft SQL Server 安全漏洞

Microsoft SQL Server is a large-scale commercial database system from Microsoft that is used on Microsoft Windows systems. A security vulnerability exists in Microsoft SQL Server. The following products and versions are affected:Microsoft SQL Server 2017 for x64-based Systems GDR,Microsoft SQL...

7.5CVSS7.8AI score0.01974EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/05/30 12:0 a.m.43 views

WordPress plugin Smush 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in versions of WordPress Smush plugin prior to 3.9.9,...

6.1CVSS5.6AI score0.00757EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/05/02 12:0 a.m.43 views

ShopXO 安全漏洞

ShopXO is an open source enterprise-level open source e-commerce system. ShopXO version 2.2.5 and previous versions of a security vulnerability , the vulnerability stems from the app/install/controller/Index.php in the Add function found to contain the system reinstallation vulnerability...

9.8CVSS8.2AI score0.01351EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/04/26 12:0 a.m.43 views

Apache CouchDB 访问控制错误漏洞

Apache CouchDB is a document-oriented database system developed by the Apache Foundation using Erlang.An access control error vulnerability exists in versions prior to Apache CouchDB 3.2.2, which stems from a network system or product that does not properly restrict access to resources from...

10CVSS5.6AI score0.92335EPSS
Exploits9References17
CNNVD
CNNVD
added 2022/02/18 12:0 a.m.43 views

WordPress plugin MasterStudy LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

9.8CVSS8.2AI score0.84943EPSS
Exploits8References7
CNNVD
CNNVD
added 2021/12/30 12:0 a.m.43 views

Trendnet AC2600 信任管理问题漏洞

The Trendnet AC2600 TEW-827DRU is a wireless router that has a security vulnerability that could be exploited by attackers to back up and restore device configurations through the management web interface. The devices are encrypted using the hard-coded password "12345678"...

9.8CVSS5.5AI score0.01899EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/12/17 12:0 a.m.43 views

NumPy 缓冲区错误漏洞

NumPy is a Python scientific computing package. NumPy version 1.9 is vulnerable to a buffer overflow vulnerability caused by the lack of a limit on array length in the PyArrayNewFromDescrint function in ctor .c, which leads to a buffer overflow vulnerability that can be exploited to cause a denia...

5.3CVSS5.9AI score0.01074EPSS
Exploits1References12
CNNVD
CNNVD
added 2021/07/26 12:0 a.m.43 views

Apache Directory Studio 安全漏洞

Apache Directory Studio is a complete directory tool platform from the Apache Foundation USA, designed to be used with any LDAP server, but it is specifically designed for use with ApacheDS. A security vulnerability exists in Apache Directory Studio version 2.0.0.v20210213-M16 and prior versions...

7.5CVSS7.2AI score0.00793EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.43 views

Gotenberg 参数注入漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg 8.30.1 and earlier contained a parameter injection vulnerability. This vulnerability stemmed from the fact that the metadata writing...

10CVSS5.9AI score0.00611EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.42 views

Little CMS 输入验证错误漏洞

Little CMS lcms or liblcms is an open-source color management system developed by Marti Maria. This system offers features such as black-point compensation, processing of various pixel formats, and configuration file editing. Versions 2.16 to 2.18 of Little CMS, as well as earlier versions, had a...

4CVSS5.9AI score0.00128EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.42 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.2.26 to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from the system’s ability to execute pending pairing requests based on channel files rather than...

7.5CVSS6AI score0.00417EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.42 views

Orval code injection vulnerability

Orval is an open-source interface development tool developed by Orval. Versions of Orval from 7.19.0 to 7.21.0, as well as versions before 8.2.0, have a code injection vulnerability. This vulnerability stems from incomplete escape handling in the jsStringEscape function, which may lead to code...

9.8CVSS5.9AI score0.00603EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.42 views

Vivotek IP7137 安全漏洞

Vivotek IP7137 is an IP camera from China VIVOTEK Communications Vivotek. A security vulnerability exists in the Vivotek IP7137 version 0200a, which stems from the default situation where no password is required when logging in as administrator, which could lead to unauthorized access...

9.8CVSS6.5AI score0.00366EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.42 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from a script whitelist configuration bypass and a misconfigured Content-Security-Policy header, which can be exploited by an attacker to cause cross-site scripting and other...

6.1CVSS6.6AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.42 views

Microsoft SQL Server 安全漏洞

Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is used under Microsoft Windows. A security vulnerability exists in Microsoft SQL Server. An attacker can exploit the vulnerability to elevate privileges. The following products and versions are...

8.8CVSS6.9AI score0.00865EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.42 views

Microsoft SQL Server SQL注入漏洞

Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is applied under the Microsoft Windows system. A SQL injection vulnerability exists in Microsoft SQL Server. An attacker can exploit the vulnerability to elevate privileges. The following products and...

8.8CVSS7.5AI score0.01017EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/09 12:0 a.m.42 views

Palo Alto Networks GlobalProtect app 安全漏洞

Palo Alto Networks GlobalProtect app is a network protection software from Palo Alto Networks. A security vulnerability exists in the Palo Alto Networks GlobalProtect app, which stems from an improperly assigned privilege that could result in a locally authenticated non-administrative user...

6.8CVSS6.6AI score0.00127EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/02 12:0 a.m.42 views

Linksys多款产品 命令注入漏洞

Linksys RE6300 and others are products of Linksys, Inc.Linksys RE6300 is a wireless network signal extender.Linksys RE7000 is a wireless signal extender.Linksys RE6250 is a wireless extender. A command injection vulnerability exists in several Linksys products, which stems from incorrect operatio...

9.8CVSS6.9AI score0.30143EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.42 views

Navidrome 授权问题漏洞

Navidrome is a web-based open source music collection server and streamer from Navidrome Open Source. Used to freely listen to music collections from any browser or mobile device. An authorization issue vulnerability exists in Navidrome versions 0.52.0 up to and including 0.54.5, which stems from...

6.9CVSS6.3AI score0.00936EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.42 views

MikroTik RouterOS 安全漏洞

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in PCs to enable them to provide router functionality. A security vulnerability exists in MikroTik RouterOS versions v6.43 through v7.16.1, which stems from a differenc...

5.4CVSS6.4AI score0.00763EPSS
Exploits2References3
CNNVD
CNNVD
added 2024/10/12 12:0 a.m.42 views

WordPress plugin Bridge Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.5CVSS6.2AI score0.00303EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/10 12:0 a.m.42 views

WordPress plugin TI WooCommerce Wishlist 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.5CVSS7.2AI score0.00391EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.42 views

Microsoft ActiveX 安全漏洞

Microsoft ActiveX are small applications from Microsoft USA that allow websites to serve up content such as videos and games. They also let you interact with content such as toolbars and stock quotes while browsing the Web. A security vulnerability exists in Microsoft ActiveX. An attacker...

8.8CVSS6.4AI score0.01325EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.42 views

Jasmin The Ransomware 安全漏洞

Jasmin The Ransomware is a powerful ransomware security testing tool used by ReadTeams, a personal developer of Siddhant Gour. A security vulnerability exists in Jasmin The Ransomware version v.1.0.1. The vulnerability is exploited by attackers to obtain sensitive information via the...

6.5CVSS7AI score0.04611EPSS
Exploits7References3
CNNVD
CNNVD
added 2024/04/01 12:0 a.m.42 views

CasaOS 安全漏洞

CasaOS is a simple, easy to use and elegant open source home cloud system. A security vulnerability exists in CasaOS versions prior to 0.4.8 that stems from a username enumeration vulnerability in the Casa OS login page...

7.5CVSS6.2AI score0.00618EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/12/18 12:0 a.m.42 views

WordPress Plugin WP All Export Pro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

7.2CVSS7AI score0.01151EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/12/01 12:0 a.m.42 views

SourceCodester User Registration and Login System Cross-Site Scripting Vulnerability

User Registration and Login System is a user registration and login system by Remy Andrade, an individual developer. A cross-site scripting vulnerability exists in the SourceCodester User Registration and Login System, which originates from cross-site scripting in the firstname parameter of...

5.4CVSS6.1AI score0.00604EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/11/29 12:0 a.m.42 views

Progress MOVEit Transfer Security Vulnerability

Progress MOVEit Transfer is a secure hosted file transfer application from Progress. A security vulnerability exists in Progress MOVEit Transfer that stems from the presence of an elevation of privilege vulnerability. Affected products and versions: Progress MOVEit Transfer versions prior to...

7.2CVSS7AI score0.00696EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.42 views

memos 安全漏洞

memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in memos versions prior to 0.9.1, which can be exploited by an attacker to delete all notes across the application via the API...

8.1CVSS7.6AI score0.00761EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/07 12:0 a.m.42 views

Jenkins Gitea Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.1AI score0.00332EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/30 12:0 a.m.42 views

VMware Tools for Windows 安全漏洞

VMware Tools for Windows is a suite of Windows-based enhancements for VMWare virtual machines from VMware, Inc. It is a driver provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of the virtual machine with the host computer...

5.5CVSS6.1AI score0.00233EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.42 views

F5 BIG-IP 跨站请求伪造漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A security vulnerability exists in F5 BIG-IP. An attacker exploited the vulnerability to perform cross-site request forgery via iControl SOAP...

8.8CVSS8AI score0.87987EPSS
Exploits7References6
CNNVD
CNNVD
added 2022/11/15 12:0 a.m.42 views

Phoenix Contact FL MGUARD DM 安全漏洞

PHOENIX CONTACT FL MGUARD DM is centralized device management software for MGUARD devices from PHOENIX CONTACT, Germany, for any number of devices in the field. A security vulnerability exists in the PHOENIX CONTACT FL MGUARD and TC MGUARD driver version 8.9.0 and prior versions, which originates...

7.5CVSS7.4AI score0.00852EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/08 12:0 a.m.42 views

Microsoft Windows Subsystem for Linux 竞争条件问题漏洞

Microsoft Windows Subsystem for Linux WSL is a Microsoft Windows Subsystem for Linux, a compatibility layer capable of running native Linux binary executables ELF format. A vulnerability exists in the Microsoft Windows Subsystem for Linux for competitive conditions issue. The following products a...

7CVSS7.3AI score0.00322EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/10/26 12:0 a.m.42 views

Ruby on Rails 跨站脚本漏洞

Ruby on Rails is an open source web application framework based on the Ruby language by the American Rails team. A cross-site scripting vulnerability exists in Ruby on Rails. An attacker could exploit this vulnerability to perform a cross-site scripting attack...

5.4CVSS6.2AI score0.0068EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.42 views

Google TensorFlow 代码问题漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A code issue vulnerability exists in Google TensorFlow, which stems from the fact that if an empty sortedinputs input is provided for a LowerBound or UpperBound, it can cause nullptr dereference, an...

7.5CVSS6.8AI score0.00383EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/22 12:0 a.m.42 views

Falcon 安全漏洞

Falcon is an embedded programming language. A security vulnerability exists in Falcon versions 6.31.14505.0, 6.42.15610, which stems from a lack of authorization...

2.7CVSS4.8AI score0.03672EPSS
Exploits4References7
CNNVD
CNNVD
added 2022/08/08 12:0 a.m.42 views

WRTeam eShop 跨站脚本漏洞

WRTeam eShop is an e-commerce website from WRTeam India. A security vulnerability exists in WRTeam eShop version 3.0.4, which originates from an attacker exploiting a cross-site scripting vulnerability in the json search parsing and json response to inject arbitrary web scripts via the...

6.1CVSS6AI score0.01422EPSS
Exploits2References3
Total number of security vulnerabilities5000