Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Adobe Substance3D Sampler 缓冲区错误漏洞

Adobe Substance3D Sampler is a rendering software for 3D scenes developed by Adobe Inc. Versions of Adobe Substance3D Sampler 6.0.0 and earlier contain a buffer error vulnerability. This vulnerability stems from an out-of-bounds write vulnerability, which could allow arbitrary code to be executed...

7.8CVSS6AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Adobe Acrobat Reader 安全漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have security vulnerabilities. These...

7.8CVSS6.1AI score0.00174EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS5.1AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

VMware Micrometer 资源管理错误漏洞

VMware Micrometer is an application monitoring metric collection framework developed by the American company VMware. Versions 1.16.0 to 1.16.5 and 1.15.0 to 1.15.11 of VMware Micrometer contain resource management vulnerabilities. These vulnerabilities stem from the ability for users to submit...

7.5CVSS5.3AI score0.00474EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Microsoft Office 缓冲区错误漏洞

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a security vulnerability in Microsoft Office, which stems from a heap buffer overflow...

7.8CVSS7.4AI score0.00455EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS6.1AI score0.00283EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

WordPress plugin WpMobi 跨站请求伪造漏洞

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed to enhance the functionality of the platform. The wpMobi plugin has a...

4.3CVSS6AI score0.00128EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iouring/waitid operation not clearing the waitid information before copying it to the user...

5.5CVSS5.3AI score0.00114EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of checks for whether minregionsz is a power of two in the damonstart function. This...

5.5CVSS5.3AI score0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

FastApiAdmin 跨站脚本漏洞

FastApiAdmin is a full-stack rapid development platform based on FastAPI, developed by the individual developer fastapiadmin. Version 2.2.0 of FastapiAdmin contains a cross-site scripting vulnerability. This vulnerability stems from the AI assistant chat feature, which has a cross-site scripting...

5.4CVSS5.5AI score0.00162EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

VMware Spring Framework 路径遍历漏洞

VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, a US-based company. This framework helps developers build high-quality applications. Versions of VMware Spring Framework from 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48...

5.9CVSS5.2AI score0.00341EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

bookcars 访问控制错误漏洞

Bookcars is a car rental management platform developed by Akram El Assas. Version 8.3 of Bookcars contains an access control vulnerability, which stems from improper permission settings. This vulnerability could allow authenticated attackers to elevate user permissions from the user level to the...

8.1CVSS5.3AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

OpenSSL 代码问题漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

5.9CVSS5.3AI score0.00349EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incomplete handling of rlimits by the AppArmor module regarding POSIX CPU timers. This could...

7.3CVSS5.3AI score0.00114EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Microsoft Office 缓冲区错误漏洞

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. Microsoft Office has a buffer overflow vulnerability, which stems from out-of-bounds reading,...

3.3CVSS7.3AI score0.00437EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Microsoft Office Excel 数字错误漏洞

Microsoft Excel is a spreadsheet software within the Office suite developed by the American company Microsoft. There is a code execution vulnerability in Microsoft Excel, and attackers can exploit this vulnerability to execute code locally...

7.8CVSS7.5AI score0.00372EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

QNAP QTS 缓冲区错误漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both products of QNAP Systems Corporation. QNAP Systems QTS is an entry-level operating system. QNAP Systems QuTS hero is another operating system. Both QNAP Systems QTS and QNAP Systems QuTS hero have security vulnerabilities; these vulnerabilities...

6.5CVSS6.2AI score0.00445EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Microsoft Windows Kernel Mode Drivers 缓冲区错误漏洞

Microsoft Windows is an operating system used on personal devices by the American company Microsoft. There are security vulnerabilities in Microsoft Windows. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affected: Windows Server 202...

7.8CVSS5.8AI score0.00286EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

WordPress plugin AJAX Report Comments 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Tenda W20E 安全漏洞

Tenda W20E is a router produced by the Chinese company Tenda. The Tenda W20E has a buffer overflow vulnerability in the formCropAndSetWewifiPic function, specifically with respect to the picCropName parameter. An attacker can exploit this vulnerability to cause a denial-of-service attack...

7.5CVSS7.4AI score0.00309EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Adobe InDesign Desktop 安全漏洞

Adobe InDesign Desktop is a professional publishing layout and page design software, primarily used for printing and digital publication creation. Adobe InDesign Desktop has a stack buffer overflow vulnerability, which stems from insufficient input validation, leading to out-of-bound writing of...

7.8CVSS6.5AI score0.00175EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

WordPress plugin Wow Forms SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS6AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Student-Management-System 访问控制错误漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. There is a security vulnerability in Student-Management-System, which stems from improper handling of the parameter “stimg” in the file service/RegisterService.php on the registration endpoin...

7.5CVSS7.2AI score0.00288EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of untrusted inputs...

6.5CVSS5.3AI score0.00225EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

SourceCodester Class and Exam Timetabling System 注入漏洞

SourceCodester Class and Exam Timetabling System is an open-source classroom and exam scheduling system developed by SourceCodester. Version 1.0 of the SourceCodester Class and Exam Timetabling System has a SQL injection vulnerability, which arises from incorrect handling of the parameter "sy" in...

7.5CVSS7.5AI score0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

jshERP(华夏ERP) 代码问题漏洞

jshERP Huaxia ERP is a domestic ERP system developed by Jishan Hua. Versions of jshERP 3.6 and earlier contained code vulnerabilities. These vulnerabilities stemmed from improper handling of the parameter platformValue in the platformConfig Add endpoint, specifically in the insertPlatformConfig...

5.8CVSS5AI score0.00232EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability, which stems from the reuse of WebCodecs after they are released...

8.8CVSS5.2AI score0.00307EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Apache HTTP Server 安全漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Vulnerabilities exist in Apache HTTP Server versions 2.4.0 to 2.4.67. These vulnerabilities ste...

7.5CVSS5.6AI score0.0071EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of untrusted inputs...

8.3CVSS5.3AI score0.00258EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the drm/vkms module’s conversion of the vblank timer into DRM. This conversion removes the...

5.5CVSS5.4AI score0.00112EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability for non-administrator users to have the "users.edit" permission, allowing them to...

7.1CVSS5.4AI score0.00194EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Flowise 访问控制错误漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a access control vulnerability. This vulnerability stemmed from insufficient server-side verification and authorization checks at the chat stream upda...

8.1CVSS5.1AI score0.00268EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

CodeAstro Student Attendance Management System 注入漏洞

The CodeAstro Student Attendance Management System is a student attendance management system developed by CodeAstro Corporation. Version 1.0 of the CodeAstro Student Attendance Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ...

6.5CVSS6.6AI score0.00204EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. There is a security vulnerability in Google Chrome, which stems from insufficient implementation of network policies...

3.1CVSS5.2AI score0.00171EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reuse of resources after Bluetooth is released...

7.5CVSS5.3AI score0.00275EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Apache HTTP Server 资源管理错误漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. There was a resource management vulnerability in Apache HTTP Server versions 2.4.0 to 2.4.67...

9.8CVSS5.2AI score0.00663EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

SourceCodester Inventory System 安全漏洞

The SourceCodester Inventory System is an open-source inventory system developed by SourceCodester. Version 1.0 of the SourceCodester Inventory System contains a security vulnerability. This vulnerability stems from the operation of the ROLE parameter in the Account Creation Handler component...

6.5CVSS6.4AI score0.00261EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

TP-Link Archer MR600 操作系统命令注入漏洞

The TP-Link Archer MR600 is a wireless router produced by TP-Link Corporation. The TP-Link Archer MR600 v5 version has a vulnerability related to operating system command injection. This vulnerability stems from improper handling of user-controlled inputs in the web management interface, leading ...

8.5CVSS5.9AI score0.00907EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

wacrm 安全漏洞

WACRM is a self-hosted CRM template based on WhatsApp, developed by Arnas Donauskas. The version WACRM 73041bf previously had a security vulnerability. This vulnerability stemmed from an authorization bypass issue in the automation engine, which could allow authentication attackers to access and...

7.1CVSS5.5AI score0.00216EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

itsourcecode Hospital Management System 跨站脚本漏洞

itsourcecode Hospital Management System is an open-source hospital management system developed by itsourcecode. Version 1.0 of itsourcecode Hospital Management System has a cross-site scripting vulnerability. This vulnerability stems from the handling of the patientid parameter in the billing.php...

5.3CVSS4.6AI score0.00273EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

grepai 加密问题漏洞

grepai is a semantic search-based code understanding tool developed by Yoan Bernabeu. Version 0.35.0 of grepai has an encryption vulnerability. This vulnerability stems from improper handling of files in the Qdrant backend component’s file indexer/chunker.go file, which may lead to the use of wea...

4.2CVSS5AI score0.0016EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Tenda AC18 缓冲区错误漏洞

The Tenda AC18 is a router produced by the Chinese company Tenda. The version 15.03.05.05 of the Tenda AC18 contains a buffer error vulnerability. This vulnerability stems from improper handling of parameters in the sub45304 function of the goform/getRebootStatus file within the Web Management...

9CVSS8.5AI score0.00466EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reusing of resources after they are released...

8.3CVSS5.3AI score0.00169EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Checkmk 安全漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.5.0p5 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization in the user message dashboard widgets. As a result, the message retrieval endpoint would return...

6.3CVSS5.4AI score0.00187EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the process of virtual device separation in genpd, and it may lead to null pointer dereferencing...

5.5CVSS5.3AI score0.00123EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from RTNL assertion warnings in the txgbe driver, potentially leading to system crashes...

5.5CVSS5.3AI score0.00122EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Code-Projects Online Music Site 注入漏洞

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of the Code-Projects Online Music Site has a vulnerability due to incorrect handling of parameters in the file /Administrator/PHP/AdminDeleteAlbum.php. This vulnerability may lead to...

7.5CVSS7.5AI score0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reusing of resources after they are released...

9.6CVSS5.3AI score0.00252EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

CodeAstro Student Attendance Management System 注入漏洞

CodeAstro Student Attendance Management System is a student attendance management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Student Attendance Management System has a SQL injection vulnerability. This vulnerability arises from incorrect operations with the parameter classId ...

6.5CVSS6.6AI score0.002EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

GL.iNet多款产品 加密问题漏洞

GL.iNet MT3000 and other products are developed by GL.iNet Corporation. The GL.iNet MT3000 is a portable router that uses the Wi-Fi 6 protocol. The GL.iNet AX1800 is a wireless router. The GL.iNet A1300 is a Wi-Fi 5 travel router. Several of GL.iNet’s products have encryption vulnerabilities, whi...

5CVSS5.5AI score0.00197EPSS
Exploits0References1
Total number of security vulnerabilities5000