Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

WordPress plugin Fediverse Embeds 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

7.5CVSS5.5AI score0.00234EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.6 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass in Telegram interaction callbacks, allowing authenticated users to bypass the...

8.8CVSS5.4AI score0.00312EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

ClipBucket V5 SQL注入漏洞

ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3 – including version 132 – contained an SQL injection vulnerability. This vulnerability stemmed from the number parameter in the POST /actions/subtitleedit.php reques...

8.8CVSS5.6AI score0.00307EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Sonatype Nexus Repository 安全漏洞

Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. There are security vulnerabilities in Sonatype Nexus Repository. These vulnerabilities stem from authentication endpoint issue...

8.7CVSS5.4AI score0.00503EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Quest Bot 安全漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.3 contained security vulnerabilities. These vulnerabilities stemmed from reminder messages that did not suppress mentions sent to @everyone or @here, potentially...

8.8CVSS5.3AI score0.00324EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

GitLab 处理逻辑错误漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions prior to 17.0, 18.11,...

4.3CVSS5.9AI score0.0022EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Guzzle 输入验证错误漏洞

Guzzle is a PHP HTTP client developed by the guzzlehttp developer. It allows for easy sending of HTTP requests and seamless integration with web services. Prior to version 2.10.2, Guzzle had an input validation vulnerability. This vulnerability stemmed from allowing ASCII control characters,...

5.3CVSS5.4AI score0.00189EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There are security vulnerabilities in versions of Apple macOS such as Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5. These vulnerabilities stem from permission issues, which may lead to...

5.5CVSS5.4AI score0.00121EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

VMware Spring Web Services 安全漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are security vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the...

5.3CVSS5.5AI score0.00366EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Cerebrate 信息泄露漏洞

Cerebrate is an open-source platform developed by Cerebrate. It aims to act as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there was a vulnerability involving information leakage, which stemmed from exposing...

5.1CVSS5.3AI score0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

GitLab Enterprise Edition(EE) 安全漏洞

GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. There were security vulnerabilities in versions prior to GitLab EE 13.9, as well as versions prior to 18.10.8, 18.11.5, and 19.0.2. These vulnerabilities stemmed from incorrect authorization...

4.3CVSS5.3AI score0.00182EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

GitLab 授权问题漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 12.0, 18.10.8, 18.11.5, and 19.0.2...

3.1CVSS5.8AI score0.00236EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.17.0 contain security vulnerabilities. These vulnerabilities stem from resource exhaustion. A remote attacker can exploit these vulnerabilities by bypassing the mandatory size lim...

5.3CVSS5.5AI score0.00329EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Vim 代码注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Prior to Vim 9.2.0561, there was a code injection vulnerability. This vulnerability stemmed from the Python omni-completion script, which executed import and from statements in the current buffer through the Python...

7.8CVSS5.6AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

VMware Spring for GraphQL 代码问题漏洞

VMware Spring for GraphQL is a GraphQL application development framework provided by the American company VMware. Versions of VMware Spring for GraphQL such as 2.0.0, 1.4.0, and 1.3.0 contain code vulnerabilities. These vulnerabilities stem from insecure deserialization during the processing of...

9.8CVSS6AI score0.0043EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

VMware Spring Boot 安全漏洞

VMware Spring Boot is an open-source framework developed by the American company VMware. There are security vulnerabilities in versions 4.0.0 to 4.0.6, 3.5.0 to 3.5.14, 3.4.0 to 3.4.16, 3.3.0 to 3.3.19, and 2.7.0 to 2.7.33 of VMware Spring Boot. These vulnerabilities stem from the use of fixed...

5.3CVSS5.3AI score0.00094EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

CyberArk Idira Secrets Manager Self-Hosted 访问控制错误漏洞

CyberArk Idira Secrets Manager Self-Hosted is an enterprise-level confidential information management platform developed by the CyberArk company. Versions of CyberArk Idira Secrets Manager Self-Hosted prior to 13.8.0 contained a access control vulnerability. This vulnerability stemmed from improp...

8.4CVSS5.3AI score0.00361EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Quest Bot 信息泄露漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.4 contained an information leakage vulnerability. This vulnerability stemmed from improper settings in the ticket recording channel, which could expose private...

5.7CVSS5.3AI score0.00251EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Axios 信息泄露漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios prior to 0.32.0 and 1.16.0 have a vulnerability known as information leakage. This vulnerability arises from the Node.js HTTP adapter, which may disclose proxy credentials during redirection, potentially leading to these...

7.5CVSS5.4AI score0.00532EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

boruta-server 安全漏洞

Boruta-Server is an open-source independent authorization server developed by Malach.it. Versions of Boruta-Server prior to 0.9.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of the Secure attribute for session cookies and remember-me cookies. In deployments whe...

8.8CVSS5.3AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of LightBlockchain::rebranch, which only updated self.head when a fork chain was adopted, without updating...

6.5CVSS5.4AI score0.00259EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Metrics::Any::Adapter::Statsd 注入漏洞

Metrics::Any::Adapter::Statsd is a Perl metric collection adapter module developed by PEVANS’s individual developers. Versions of Metrics::Any::Adapter::Statsd prior to version 0.04 contained an injection vulnerability. This vulnerability stemmed from the send method not verifying the content of...

8.2CVSS5.3AI score0.00323EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

WordPress plugin Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.3AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

WordPress plugin aThemes Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPress...

6.4CVSS5.1AI score0.002EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

NSA Ghidra SQL注入漏洞

NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Prior to version 12.1 of NSA Ghidra, there was a SQL injection vulnerability. This vulnerability stemmed from the BSim filter type, which directly...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Roxy-WI 跨站脚本漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of escaping of the wrapline and highlightword functions when...

6.1CVSS5.5AI score0.00149EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

National Security Agency Ghidra 代码问题漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Previous versions of National Security Agency Ghidra, such as version 12.1, had code vulnerabilities. These vulnerabilities stemmed from insecure deserialization in the RMI...

8.8CVSS6.2AI score0.0071EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Broadcom Layer7 API Gateway 代码问题漏洞

Broadcom Layer7 API Gateway is an enterprise-level API gateway platform provided by Broadcom Corporation. There are code-related vulnerabilities in the Broadcom Layer7 API Gateway. These vulnerabilities originate from the interaction between client applications and the API gateway server...

5.3CVSS6.2AI score0.00317EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities arise from the exposure of spec.runtime.podSpec and spec.builder.podSpec in the Environment CRD during merging, without filterin...

9.9CVSS5.4AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

NSA Ghidra 安全漏洞

NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Previous versions of NSA Ghidra, such as version 12.1, contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the...

6.7CVSS5.4AI score0.00151EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Roxy-WI 输入验证错误漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from HAProxy saving unvalidated and unescaped JSON field values direct...

9.9CVSS6AI score0.00439EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

VMware Spring Data Commons 安全漏洞

VMware Spring Data Commons is a data access abstraction framework developed by VMware, Inc. There is a security vulnerability in VMware Spring Data Commons. This vulnerability stems from the internal property lookup cache, which permanently retains strings provided by attackers as cache keys...

7.5CVSS5.4AI score0.00363EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

TP-LINK Archer 操作系统命令注入漏洞

TP-LINK Archer is a series of routers produced by TP-LINK Corporation. The TP-LINK Archer has a vulnerability related to operating system command injection, which stems from improper filtering of special characters in the VPN module. This vulnerability may allow adjacent, authenticated attackers ...

8.5CVSS5.9AI score0.01069EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Slate Digital Connect 安全漏洞

Slate Digital Connect is an audio plugin management and licensing client developed by Slate Digital. Version 1.37.0 of Slate Digital Connect contains a security vulnerability. This vulnerability stems from a check-time and usage-time race condition in the PID-based client authentication process. ...

8.4CVSS5.3AI score0.00131EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

QNAP qts 异常处理不当漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. There are code-related vulnerabilities in QNAP Systems QTS and QNAP Systems QuTS hero, which stem from null pointer...

7.2CVSS5.9AI score0.00331EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...

5.7CVSS5.9AI score0.00245EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Roxy-WI 安全漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.6.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of authorization checks for the GET /history/ route when the service is set to user...

4.3CVSS5.3AI score0.00176EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Dulwich 操作系统命令注入漏洞

Dulwich is a Python-based Git repository management interface developed by Jelmer Vernooij. Versions of Dulwich from 0.24.0 to 1.2.5 had a vulnerability related to operating system command injection. This vulnerability stemmed from ProcessMergeDriver’s ability to replace file paths into the merge...

7.7CVSS5.8AI score0.00555EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Fission 输入验证错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained a input validation vulnerability. This vulnerability stemmed from the HTTPTriggerSpec.Validate method, which ignored the RelativeURL and Prefix fields during validation. As a...

4.3CVSS5.3AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Roxy-WI 授权问题漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier have a vulnerability related to authorization. This vulnerability arises from using the API substring in the URL and unauthenticated /api/gpt endpoints,...

8.3CVSS5.4AI score0.00244EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

WordPress plugin Easy Twitter Feeds 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

5.1CVSS5.2AI score0.00104EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

BSimVis 跨站脚本漏洞

BSimVis is a binary program similarity analysis and visualization tool developed by the MISP Project. Versions of BSimVis up to v0.2.0 contained a cross-site scripting vulnerability. This vulnerability allowed attackers to execute operations as victims, access data that the victims could access, ...

6.9CVSS5.1AI score0.00277EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

QNAP file station 异常处理不当漏洞

QNAP Systems File Station 6 is a file management software developed by QNAP Systems, a company based in Taiwan, China. There is a code vulnerability in QNAP Systems File Station 6, which stems from a null pointer dereferencing. This vulnerability could allow remote attackers to launch a...

6.5CVSS6AI score0.0028EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained security vulnerabilities. These vulnerabilities stemmed...

5.5CVSS5.3AI score0.00111EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Shopware 安全漏洞

Shopware is a set of open-source e-commerce software developed by the German company Shopware. Versions prior to Shopware 6.6.10.18 and 6.7.10.1 contained security vulnerabilities. These vulnerabilities stemmed from scheduled attacks that could allow attackers to enumerate the usernames of...

3.7CVSS5.3AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Atril 命令注入漏洞

Atril is a simple multi-page document viewer developed under the MATE Desktop open source project. Versions of Atril prior to 1.26.3 and 1.28.4 contained a command injection vulnerability. This vulnerability stemmed from the evspawn function in shell/ev-application.c, which did not apply...

8.4CVSS5.8AI score0.00529EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

VMware Spring Data REST 安全漏洞

VMware Spring Data REST is a data interface provided by the American company VMware. It is used to build HTTP resources that drive hypermedia, based on Spring Data repositories. These resources are designed to manage domain models of applications and provide hypermedia-driven services for...

8.1CVSS5.4AI score0.00393EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-23 contained security vulnerabilities. These vulnerabilities were caused by a lack of depth checks,...

6.2CVSS5.3AI score0.0012EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Splunk多款产品 代码问题漏洞

Splunk is a product of the American company Splunk. Splunk is a suite of data collection and analysis software. The Splunk Cloud Platform offers powerful services for data collection, processing, and analysis. Splunk Enterprise is also a suite of data collection and analysis software. Several...

8.8CVSS6AI score0.00575EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

ESP-IDF 代码问题漏洞

ESP-IDF is an open-source development framework for Espressif’s Espressif SoC, supported on Windows, Linux, and macOS. Versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0 of ESP-IDF contain code vulnerabilities. These vulnerabilities stem from null pointer dereferencing in the WebSocket sub-protocol...

7.5CVSS5.4AI score0.00439EPSS
Exploits0References1
Total number of security vulnerabilities5000