Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Roxy-WI 路径遍历漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a path traversal vulnerability. This vulnerability stems from the use of metagroup tests instead of substring containment in path traversal checks,...

8.1CVSS5.3AI score0.00316EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

libp2p 输入验证错误漏洞

libp2p is a modular peer-to-peer network framework developed under the open source license of libp2p. Prior to version 15.0.23, there was a vulnerability related to input validation errors in libp2p. This vulnerability stemmed from three overlooked permissions in @libp2p/gossipsub, allowing an...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Debusine 后置链接漏洞

Debusine is a software supply management platform for the Debian community, focused on package building, testing, analysis, and distribution. Debusine has a post-installation vulnerability that stems from allowing arbitrary user-controlled paths during the parsing of Debian source packages and th...

6.5CVSS5.4AI score0.00269EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

QNAP file station 缓冲区错误漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. QNAP Systems File Station 5 has a security vulnerability that stems from a buffer overflow issue. This vulnerability could allow remote attackers to modify memory or cause processe...

9.1CVSS6.2AI score0.00318EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

QNAP qts 异常处理不当漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. There are code-related vulnerabilities in QNAP Systems QTS and QNAP Systems QuTS hero, which stem from null pointer...

7.2CVSS5.9AI score0.00331EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...

5.7CVSS5.9AI score0.00245EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Roxy-WI 安全漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.6.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of authorization checks for the GET /history/ route when the service is set to user...

4.3CVSS5.3AI score0.00176EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Dulwich 操作系统命令注入漏洞

Dulwich is a Python-based Git repository management interface developed by Jelmer Vernooij. Versions of Dulwich from 0.24.0 to 1.2.5 had a vulnerability related to operating system command injection. This vulnerability stemmed from ProcessMergeDriver’s ability to replace file paths into the merge...

7.7CVSS5.8AI score0.00555EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Fission 输入验证错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained a input validation vulnerability. This vulnerability stemmed from the HTTPTriggerSpec.Validate method, which ignored the RelativeURL and Prefix fields during validation. As a...

4.3CVSS5.3AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Roxy-WI 授权问题漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier have a vulnerability related to authorization. This vulnerability arises from using the API substring in the URL and unauthenticated /api/gpt endpoints,...

8.3CVSS5.4AI score0.00244EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

WordPress plugin Easy Twitter Feeds 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

5.1CVSS5.2AI score0.00104EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

BSimVis 跨站脚本漏洞

BSimVis is a binary program similarity analysis and visualization tool developed by the MISP Project. Versions of BSimVis up to v0.2.0 contained a cross-site scripting vulnerability. This vulnerability allowed attackers to execute operations as victims, access data that the victims could access, ...

6.9CVSS5.1AI score0.00277EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

QNAP file station 异常处理不当漏洞

QNAP Systems File Station 6 is a file management software developed by QNAP Systems, a company based in Taiwan, China. There is a code vulnerability in QNAP Systems File Station 6, which stems from a null pointer dereferencing. This vulnerability could allow remote attackers to launch a...

6.5CVSS6AI score0.0028EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained security vulnerabilities. These vulnerabilities stemmed...

5.5CVSS5.3AI score0.00111EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Shopware 安全漏洞

Shopware is a set of open-source e-commerce software developed by the German company Shopware. Versions prior to Shopware 6.6.10.18 and 6.7.10.1 contained security vulnerabilities. These vulnerabilities stemmed from scheduled attacks that could allow attackers to enumerate the usernames of...

3.7CVSS5.3AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Atril 命令注入漏洞

Atril is a simple multi-page document viewer developed under the MATE Desktop open source project. Versions of Atril prior to 1.26.3 and 1.28.4 contained a command injection vulnerability. This vulnerability stemmed from the evspawn function in shell/ev-application.c, which did not apply...

8.4CVSS5.8AI score0.00529EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

VMware Spring Data REST 安全漏洞

VMware Spring Data REST is a data interface provided by the American company VMware. It is used to build HTTP resources that drive hypermedia, based on Spring Data repositories. These resources are designed to manage domain models of applications and provide hypermedia-driven services for...

8.1CVSS5.4AI score0.00393EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-23 contained security vulnerabilities. These vulnerabilities were caused by a lack of depth checks,...

6.2CVSS5.3AI score0.0012EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

WordPress plugin WP GDPR Cookie Consent 跨站脚本漏洞

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WP GDPR Cookie Consent plugin has a cross-site...

6.4CVSS5.9AI score0.00188EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in Huawei HarmonyOS, which stems from the permission management of the network management module...

6.3CVSS5.3AI score0.00067EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Microsoft Windows DHCP Server 输入验证错误漏洞

Microsoft Windows DHCP Server is a core service of the American company Microsoft, used for automatically retrieving network configuration information. There are security vulnerabilities in Microsoft Windows DHCP Server. The following products and versions are affected: Windows 10 Version 22H2 fo...

9.1CVSS5.8AI score0.00366EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Microsoft DWM Core Library 缓冲区错误漏洞

The Microsoft DWM Core Library is a core library of Microsoft Windows from the company Microsoft. There are security vulnerabilities in the Microsoft DWM Core Library. Attackers can exploit these vulnerabilities to obtain sensitive information. The following products and versions are affected:...

5.5CVSS5.8AI score0.00318EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...

5.4CVSS5.2AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Microsoft Office 资源管理错误漏洞

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. Microsoft Office has a resource management vulnerability that stems from type confusion, which...

8.4CVSS7.2AI score0.00438EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

NETGEAR Routers 缓冲区错误漏洞

NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a buffer error vulnerability; this vulnerability arises from unauthorized local network users sending specially crafted requests, which may cause the router to become unavailable. The...

7.1CVSS5.7AI score0.00357EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

WordPress plugin WP Meta Sort Posts 跨站请求伪造漏洞

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WP Meta Sort Posts plugin has a cross-site request...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Elixir 资源管理错误漏洞

Elixir is a functional programming language developed under open source, running on the BEAM virtual machine. Versions of Elixir from 1.5.0 to 1.20.1 contained a resource management vulnerability. This vulnerability stemmed from an uncontrolled resource consumption issue within the Version module...

5.1CVSS5.3AI score0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Microsoft Windows Shell 信息泄露漏洞

Microsoft Windows Shell is the graphical user interface of the Windows operating system developed by Microsoft Corporation. Key features of the Windows Shell include the desktop, taskbar, start menu, task switcher, and auto-play. There is an information leakage vulnerability present in Microsoft...

6.5CVSS5.3AI score0.00816EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Waves Central 安全漏洞

Waves Central is an audio software license and product management tool provided by the Waves company. There are security vulnerabilities in the version of Waves Central for macOS from 13.0.9 to 16.5.5. These vulnerabilities stem from the Privilege Assistant service using process identifiers to...

8.1CVSS5.9AI score0.00323EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Microsoft Office Sharepoint Server 输入验证错误漏洞

Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. There is a vulnerability in input validation of Microsoft Office SharePoint. Attackers exploit this vulnerability to execute cross-site scripting attacks. The...

5.4CVSS6.9AI score0.00505EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS5.1AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in Huawei HarmonyOS, which stems from a logic bypass in the file system. This vulnerability may...

2.4CVSS5.2AI score0.0011EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Hermes Web UI 安全漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.269 contained security vulnerabilities. These vulnerabilities were caused by a configuration file isolation bypass issue, which could allow authenticated users to acces...

7.1CVSS5.3AI score0.00272EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

FreeSWITCH 安全漏洞

FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and short message-based products and applications. Prior to FreeSWITCH version 1.11.0, there were security...

7.5CVSS5.4AI score0.00343EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Adobe InCopy 安全漏洞

Adobe InCopy is a text editing software for creative purposes developed by Adobe, Inc. Versions of Adobe InCopy such as 21.3, 20.5.3, and earlier versions have security vulnerabilities. These vulnerabilities stem from heap buffer overflow exploits, which could allow arbitrary code to execute with...

7.8CVSS6.2AI score0.00178EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

WordPress plugin WP ApplicantStack Jobs Display 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.4AI score0.00181EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Tenda O3 Wireless Router 安全漏洞

The Tenda O3 is an outdoor wireless bridge produced by the Chinese company Tenda. Version 1.0.0.54180 of the Tenda O3 Wireless Router contains a security vulnerability. This vulnerability stems from a stack overflow in the domain parameter within the fromNetToolGet function, which could allow...

7.5CVSS5.5AI score0.00397EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Huawei EMUI和Huawei HarmonyOS 授权问题漏洞

Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei. Huawei EMUI is a mobile operating system developed based on Android. Huawei HarmonyOS is an operating system that provides a full-scenario distributed operating system based on a microkernel. There are authorization...

6.6CVSS6AI score0.00079EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Adobe Experience Manager Forms 跨站脚本漏洞

Adobe Experience Manager Forms is a form content management solution developed by Adobe, a company based in America. This product includes features for form creation, management, publishing, as well as communication management, document security, and integration analysis. The Adobe Experience...

9.3CVSS5.1AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Microsoft Office 缓冲区错误漏洞

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a security vulnerability in Microsoft Office, which stems from type confusion. This...

8.4CVSS7.1AI score0.00438EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Microsoft Nuance PowerScribe 360 反序列化漏洞

Microsoft Nuance PowerScribe is a medical speech recognition and report generation system for radiologists developed by Microsoft. There are code-related vulnerabilities in Microsoft Nuance PowerScribe. Attackers can exploit these vulnerabilities to execute code remotely. The following products a...

9.8CVSS5.8AI score0.01914EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

NETGEAR Routers 输入验证错误漏洞

NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a vulnerability related to input validation. This vulnerability stems from insufficient authentication and input validation, which may allow unauthorized users on the local network to...

8.8CVSS5.4AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Huawei HarmonyOS 访问控制错误漏洞

Huawei HarmonyOS is a distributed operating system designed for various scenarios, primarily providing seamless experiences across devices and memory management capabilities. There is an access control vulnerability in the package management module of Huawei HarmonyOS. The cause of this...

5.2CVSS5.9AI score0.00078EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

FastApiAdmin 跨站脚本漏洞

FastApiAdmin is a full-stack rapid development platform based on FastAPI, developed by fastapiadmin. Version 2.2.0 of FastApiAdmin contains a cross-site scripting vulnerability. This vulnerability stems from the /system/notice/create endpoint, which has a cross-site scripting vulnerability relate...

6.1CVSS5.4AI score0.00181EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which can cause server...

7.1CVSS5.3AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

SQLite 安全漏洞

SQLite is a lightweight database developed under the open-source SQLite project. It is an ACID-compliant relational database management system. There was a security vulnerability in versions of SQLite prior to 3.53.2. This vulnerability stemmed from memory corruption in the FTS5 full-text search...

8.5CVSS5.9AI score0.00175EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Microsoft Office 缓冲区错误漏洞

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. Microsoft Office has a buffer overflow vulnerability, which stems from out-of-bounds reading,...

3.3CVSS7.3AI score0.00437EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Microsoft Office Excel 数字错误漏洞

Microsoft Excel is a spreadsheet software within the Office suite developed by the American company Microsoft. There is a code execution vulnerability in Microsoft Excel, and attackers can exploit this vulnerability to execute code locally...

7.8CVSS7.5AI score0.00372EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

QNAP QTS 缓冲区错误漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both products of QNAP Systems Corporation. QNAP Systems QTS is an entry-level operating system. QNAP Systems QuTS hero is another operating system. Both QNAP Systems QTS and QNAP Systems QuTS hero have security vulnerabilities; these vulnerabilities...

6.5CVSS6.2AI score0.00445EPSS
Exploits0References1
Total number of security vulnerabilities5000