Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

SourceCodester Class and Exam Timetabling System 注入漏洞

SourceCodester Class and Exam Timetabling System is an open-source classroom and exam scheduling system developed by SourceCodester. Version 1.0 of the SourceCodester Class and Exam Timetabling System has a SQL injection vulnerability, which stems from improper handling of the parameter "Password...

7.5CVSS7.5AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.15 views

OpenAI Atlas 安全漏洞

OpenAI Atlas is an AI browser developed by OpenAI in the United States, which integrates artificial intelligence assistants into the browsing experience. Versions of OpenAI Atlas prior to 1.2025.288.15 contained a security vulnerability. This vulnerability stemmed from exposing privileged browser...

6CVSS4.9AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.15 views

libinput 安全漏洞

libinput is an open-source library from freedesktop. It provides a complete input stack for applications that need to handle input devices provided by the kernel. There is a security vulnerability in libinput, which stems from the ability to inject arbitrary udev properties through the...

5.7AI score0.00019EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.15 views

HCL Digital Experience和HCL Digital Experience Compose 安全漏洞

HCL Digital Experience and HCL Digital Experience Compose are both products of the Indian company HCL. HCL Digital Experience is a digital experience platform and content delivery solution. HCL Digital Experience Compose is an enterprise-level content creation and digital experience management...

6.1CVSS5.5AI score0.00144EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.15 views

joomlacontenteditor.net Joomla Content Editor (JCE) extension for Joomla 权限许可和访问控制问题漏洞

JCE Joomla Component is an editor component used within the Joomla content management system. The JCE Joomla Component has a security vulnerability related to access control. This vulnerability stems from allowing unauthenticated users to create new editor profiles, ultimately leading to the uplo...

10CVSS7.7AI score0.80425EPSS
Exploits18References3
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.15 views

Desktop Commander MCP 安全漏洞

Desktop Commander MCP is an MCP server developed by Eduard Ruzga. Version 0.2.37 of Desktop Commander MCP contains a security vulnerability. This vulnerability stems from the handling of the url parameter in the readFileFromUrl function found in the src/tools/filesystem.ts file. This vulnerabilit...

6.5CVSS6.3AI score0.00209EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.15 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 151.0.3 contained a security vulnerability, which was caused by a compilation error in the JavaScript Engine’s JIT component...

7.5CVSS5.3AI score0.00293EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.15 views

OpenTelemetry eBPF Instrumentation 安全漏洞

OpenTelemetry eBPF Instrumentation is an open-source eBPF-based lightweight telemetry data collection tool developed by OpenTelemetry. Versions of OpenTelemetry eBPF Instrumentation prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the Postgres protocol parser’...

7.5CVSS5.4AI score0.00342EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.15 views

MediaTek Chipsets 安全漏洞

MediaTek Chipsets are a series of chips developed by MediaTek Corporation in China. The MediaTek Chipsets contain security vulnerabilities. These vulnerabilities stem from competitive conditions in the geniezone mechanism, which lead to unauthorized writing operations. This can result in an...

6.4CVSS5.3AI score0.00078EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.15 views

MediaTek Chipsets 安全漏洞

MediaTek Chipsets are a series of chips developed by MediaTek Corporation in China. The MediaTek Chipsets contain security vulnerabilities, which stem from buffer overflow attacks. These vulnerabilities may lead to remote code execution, requiring user execution privileges for exploitation...

8CVSS6.3AI score0.00435EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.15 views

Assimp 安全漏洞

Assimp is an open-source library developed by Assimp. It is used for importing and exporting various 3D model formats. Versions of Assimp 6.0.4 and earlier contained security vulnerabilities. These vulnerabilities stemmed from a zero-division error in the FBXExporter.cpp file’s...

4.8CVSS4.6AI score0.00112EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.15 views

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contain code vulnerabilities. These vulnerabilities stem from a server-side request forgeing vulnerability in the...

6.5CVSS6.6AI score0.0027EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.15 views

StrongDM 安全漏洞

StrongDM is an infrastructure access management platform developed by the US company StrongDM. Versions of StrongDM prior to 23.74.0 contained security vulnerabilities. These vulnerabilities stemmed from the storage of authentication status in plaintext, including JSON Web Tokens and key material...

2CVSS5.8AI score0.00132EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.15 views

Red Hat assisted-service 安全漏洞

Red Hat Assisted-Service is a backend service component provided by Red Hat Inc. in the United States, which offers REST APIs. It primarily serves the OpenShift ecosystem. There is a security vulnerability in Red Hat Assisted-Service. This vulnerability arises from writing the original key conten...

6.3CVSS5.8AI score0.00182EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.15 views

GitHub CLI 安全漏洞

GitHub CLI is an open-source command-line interface for GitHub. Prior to version 2.93.0 of GitHub CLI, there was a security vulnerability. This vulnerability stemmed from incorrect authorization headers in API requests to the TUF repository via the gh attestation, gh release verify, and gh releas...

7.4CVSS5.8AI score0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.15 views

FreeRDP 缓冲区错误漏洞

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.26.0 contained a buffer error vulnerability. This vulnerability stemmed from the plane bitmap decoder’s inability to prevent out-of-bounds write-ups during RLE plane data decoding...

9.8CVSS6AI score0.0049EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

WordPress plugin Advanced Custom Fields: Extended 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.8CVSS5.8AI score0.008EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Automad 访问控制错误漏洞

Automad is a flat-file content management system and template engine developed by Marc Anton Dahmen. Versions of Automad from 2.0.0-alpha.1 to 2.0.0-beta.27 contain access control vulnerabilities. These vulnerabilities stem from ineffective access control mechanisms, allowing unauthorized attacke...

7.5CVSS5.8AI score0.00298EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of prohibition for private IOCTL commands in the atomic ISP driver, potentially leading ...

7.8CVSS5.8AI score0.00141EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Zed 安全漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.229.0 contained security vulnerabilities. These vulnerabilities stemmed from the terminal tool permission system’s ability to bypass the bash variable expansion chain, allowing for the execution of arbitrary commands und...

6.4CVSS6.1AI score0.00438EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Hono 授权问题漏洞

Hono is a web framework built with TypeScript in the Hono community. Versions of Hono prior to 4.12.21 had an authorization issue vulnerability. This vulnerability stemmed from the jwt and jwk middleware not verifying the Authorization header values using the Bearer scheme. As a result, JWT...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Samba 操作系统命令注入漏洞

Samba is an open-source suite of standard Windows interoperability programs for Linux and Unix systems. Samba has a vulnerability related to operating system command injection, which stems from the incorrect escaping of shell metacharacters when the “check password” script uses the %u character...

9CVSS5.8AI score0.02501EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Acer NitroSense 安全漏洞

Acer NitroSense is a gaming device performance management software developed by Acer of Taiwan, China. Versions of Acer NitroSense prior to 3.01.3052 contained security vulnerabilities. These vulnerabilities stemmed from the PSAdminAgent service creating named pipes with weak access control lists...

8.5CVSS5.9AI score0.00152EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

rustfs 访问控制错误漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained an access control vulnerability. This vulnerability stemmed from the fact that the GET /rustfs/console/license endpoint did not require authentication, allowing any client th...

6.9CVSS5.8AI score0.0031EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Local Path Provisioner 安全漏洞

Local Path Provisioner is a Kubernetes local storage dynamic provisioning tool developed by Rancher. Versions of Local Path Provisioner prior to 0.0.36 contained security vulnerabilities. These vulnerabilities stemmed from insufficient validation of the helperPod.yaml template. Malicious users...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the xegemprimeimport function in the drm xe framework. This function fails when xedmabufinitobj...

7.8CVSS5.8AI score0.00138EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a double deallocation in the error path of the icesfethactivate function...

5.8AI score0.00138EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the non-active timer cleanup path in the HID applet b-kbd driver, allowing for reuse of resources after...

5.8AI score0.00124EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the cgroup setter in schedext reading scxroot before acquiring a lock. This could lead to reusing...

7CVSS5.8AI score0.0012EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the kmempath function in mm/damon/sysfs-schemes that is not protected by damonsysfslock. This...

5.8AI score0.00125EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

InHand IR Series 安全漏洞

The InHand IR Series is a series of industrial-grade cellular wireless routers produced by InHand Corporation in the United States. Several products in the InHand IR Series have security vulnerabilities. These vulnerabilities stem from command injection in the Admin Access function, which may all...

9.8CVSS5.9AI score0.01243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.15 views

WordPress plugin Responsive Check 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.8AI score0.00204EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.15 views

Northern.tech Mender Enterprise Server 安全漏洞

Northern.tech Mender Enterprise Server is an enterprise-level device remote update and management platform developed by Northern.tech Corporation. Versions of Northern.tech Mender Enterprise Server prior to version 4.1.1 contained security vulnerabilities, which were caused by improper access...

3.7CVSS5.8AI score0.00251EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.15 views

GDAL 安全漏洞

GDAL is an open-source geospatial data abstraction library developed by the GDAL community. Versions 3.1.0 to 3.13.0 of GDAL contain security vulnerabilities. These vulnerabilities stem from the scanForGeometryContainers function in the netCDF driver, which reads geometric properties into a...

7.4CVSS6AI score0.00102EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.15 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a buffer overflow vulnerability, which was caused by GPU out-of-bound writes. This vulnerability could allow remote attackers to execute a sandbox escape through a specially crafted...

9.6CVSS6.2AI score0.00243EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability arises from arenavmopen only increasing vml-mmapcount without registering the sub-VMA regions in...

5.8AI score0.00116EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.15 views

IBM Db2 安全漏洞

IBM Db2 is a relational database management system developed by IBM. Versions 11.5.0 to 11.5.9 and 12.1.0 to 12.1.4 of IBM Db2 contain security vulnerabilities, which stem from memory exhaustion during the execution of certain MDC table queries...

7.5CVSS5.9AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.15 views

IBM Db2 授权问题漏洞

IBM Db2 is a relational database management system developed by IBM Corporation. Versions 12.1.0 to 12.1.4 of IBM Db2 contain an authorization vulnerability. This vulnerability arises from an authorization bypass that occurs when data is uploaded to a remote object storage path...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.15 views

WordPress plugin TableOn SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.3CVSS5.9AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.15 views

pam_usb 输入验证错误漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.1 contained a input validation vulnerability. This vulnerability stems from the lack of an upper limit on the number of ndevices being counted in...

6.7CVSS5.9AI score0.00149EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.15 views

go-ipld-prime 安全漏洞

go-ipld-prime is an implementation of the IPLD open-source specification interface. Versions of go-ipld-prime prior to 0.23.0 contained security vulnerabilities. These vulnerabilities stemmed from the DAG-CBOR and DAG-JSON decoders having no depth limit when decoding nested mappings or lists, whi...

6.2CVSS5.8AI score0.0012EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.15 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. In versions prior to 148.0.7778.216 for Linux, there was a resource management vulnerability. This vulnerability stemmed from the WebRTC component’s ability to be reused after being released, potentially allowing remote attackers to exploit...

8.3CVSS5.8AI score0.00173EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.15 views

UFO³ 安全漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains a security vulnerability. This vulnerability arises from the reuse of existing sessionid, leading to the return of expired results, which may resul...

5.3CVSS5.8AI score0.00422EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from ALSA’s caiaq library failing to properly release ep1inurb at the wrong path, potentially leading ...

5.8AI score0.00032EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition between the cleanup of the hwrngfill function and the thread termination in the...

5.8AI score0.00088EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from failing to check the return value of inputffcreatememless. This could lead to incorrect behavior ...

5.8AI score0.00123EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the catcprobe function in the net/usb/catc driver. This function uses hardcoded endpoint pipelines to...

5.8AI score0.0016EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the gfs2 module failing to remove quota data objects from the LRU list in the qdput function. Thi...

7.8CVSS5.8AI score0.00159EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

Easyelife App Lock 安全漏洞

Easyelife App Lock is a mobile application security management tool developed by Easyelife Corporation. Version 1.9.2 of Easyelife App Lock contains a security vulnerability. This vulnerability stems from the PIN lock being implemented as a overlay rather than using Android security authenticatio...

2.4CVSS5.8AI score0.00179EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

Google Cloud Apigee 安全漏洞

Google Cloud Apigee is an API management platform provided by Google Inc. It supports features such as API gateways, traffic governance, and interface security management. There are security vulnerabilities in Google Cloud Apigee. These vulnerabilities stem from allowing remote attackers to execu...

9.2CVSS6AI score0.0036EPSS
Exploits0References1
Total number of security vulnerabilities5000