Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

CODESYS Development System 安全漏洞

CODESYS Development System is a set of programming tools developed by the German company CODESYS, used in the fields of industrial controllers and automation technology. There is a security vulnerability in the CODESYS Development System. This vulnerability stems from the use of insecure default...

8.5CVSS5.9AI score0.00123EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

PbootCMS 安全漏洞

PbootCMS is an open-source enterprise website content management system developed using the PHP language. Version PbootCMS 3.2.11 contains a security vulnerability, which stems from code injection in the site configuration function...

4.3CVSS5.8AI score0.00247EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

algernon 安全漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.8 contained security vulnerabilities. These vulnerabilities stemmed from path traversal via the Host header when using the --domain option, potentially allowing arbitrary file reading, directory listing...

8.2CVSS6AI score0.00335EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

Joomla! CMS 访问控制错误漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has a vulnerability related to access control, which stems from improper access checks. This vulnerability allows for privilege escalation through the comusers batch task...

9.8CVSS5.8AI score0.00234EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

Joomla! CMS SQL注入漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has a SQL injection vulnerability, which stems from improper validation of sorting clauses. This vulnerability may lead to SQL injections within com tags...

9.8CVSS5.9AI score0.0031EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

WordPress plugin Paid Videochat Turnkey Site 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

SharpCompress 路径遍历漏洞

SharpCompress is a pure C compression library developed by Adam Hathcock. It is compatible with.NET Standard 2.0, 2.1,.NET Core 3.1, and.NET 5.0. Versions of SharpCompress prior to 0.47.4 contained a path traversal vulnerability; this vulnerability stemmed from the IArchive.WriteToDirectory...

5.9CVSS5.9AI score0.00313EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

archive-tar-new 安全漏洞

archive-tar-new is a Perl module developed by Jos Boumans, used for creating and manipulating tar files in memory. Versions of archive-tar-new prior to version 3.10 contained security vulnerabilities. These vulnerabilities stemmed from the readtar function, which did not set an upper limit when...

7.5CVSS5.9AI score0.00437EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. GnuTLS libgnutls has a security vulnerability that stems from the transmission of extremely short pre-master keys during RSA key exchanges. This...

8.2CVSS5.9AI score0.00727EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

banks 安全漏洞

“banks” is a template language tool developed by Massimiliano Pippi as an individual tool for generating LLM prompts. Versions of “banks” prior to 2.4.2 contained security vulnerabilities. These vulnerabilities stemmed from the use of unshaded jinja2.Environment for rendering prompt templates. Wh...

7.5CVSS6.1AI score0.00539EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.15 views

Tiandy Easy7 Integrated Management Platform SQL注入漏洞

Tiandy Easy7 Integrated Management Platform is a video surveillance integrated management platform from China Tiandy Company. A SQL injection vulnerability exists in Tiandy Easy7 Integrated Management Platform version 7.17.0, which originates from the operation of the parameter strTBName in the...

7.5CVSS7.2AI score0.00319EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.15 views

SourceCodester Student Grades Management System 授权问题漏洞

SourceCodester Student Grades Management System is SourceCodester open source a student grades management system . SourceCodester Student Grades Management System version 1.0 has an authorization issue vulnerability , the vulnerability stems from the operation of the parameter studentid in the fi...

6.5CVSS6.6AI score0.00261EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.15 views

Edimax BR-6428nS 命令注入漏洞

The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. Version 1.10 of the Edimax BR-6428nS contains a command injection vulnerability. This vulnerability stems from improper handling of the parameter “repeaterSSID” in the formWlbasic function within the POST request processing...

6.5CVSS6.7AI score0.01398EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.15 views

SourceCodester Hospitals Patient Records Management System SQL注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability stems from...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.15 views

Microsoft Office SharePoint 代码问题漏洞

Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. There is a code vulnerability in Microsoft Office SharePoint, which stems from deserializing untrusted data, potentially allowing authorized attackers to execute...

8.8CVSS6.2AI score0.03219EPSS
Exploits4References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.15 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from using Render to render arbitrary HTML. This can lead to an unexpected HTML tree, and...

6.1CVSS5.9AI score0.00178EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.15 views

Trend Micro Apex One 访问控制错误漏洞

Trend Micro Apex One is a terminal protection software developed by Trend Micro, a US-based company. Trend Micro Apex One has an access control vulnerability, which stems from a source verification error. This vulnerability may allow local attackers to gain elevated privileges...

7.8CVSS7.1AI score0.00357EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.15 views

WordPress plugin Avada (Fusion) Builder 注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.8CVSS6.1AI score0.02163EPSS
Exploits4References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.15 views

WordPress plugin Divi Form Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.8CVSS5.8AI score0.00487EPSS
Exploits4References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.15 views

Trend Micro Apex One和TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞

Trend Micro Apex One and TrendAI Vision One Endpoint Security – Standard Endpoint Protection are products of Trend Micro, a US-based company. Trend Micro Apex One is a terminal protection software. TrendAI Vision One Endpoint Security – Standard Endpoint Protection is an enterprise terminal...

7.8CVSS6.7AI score0.00213EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.15 views

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions prior to Concrete CMS 9.5.0 had a cross-site request forgeing vulnerability, which was exploited through the concrete/controllers/dialog/page/bulk/design code...

8.8CVSS5.7AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.15 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq 1.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from malicious network peer nodes publishing specially crafted Kademlia DHT records where the length of the signature field is...

7.5CVSS5.8AI score0.00626EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.15 views

WordPress plugin Decent Comments 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

5.8CVSS5.8AI score0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.15 views

Kieback & Peter多款产品 跨站脚本漏洞

The Kieback & Peter DDC Building Controllers are a series of DDC controllers developed by the German company Kieback & Peter, aimed at building automation and building equipment control. Several products from Kieback & Peter have cross-site scripting vulnerabilities. These vulnerabilities stem fr...

5.3CVSS5.8AI score0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.15 views

Yii 输入验证错误漏洞

Yii is a high-performance PHP framework developed by the YII team. It is designed for developing large-scale web applications using components. Yii 2 versions 2.0.54 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from a logical flaw in the cor...

7.4CVSS6.4AI score0.00442EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.15 views

AMD多款产品 安全漏洞

AMD Ryzen and AMD EPYC are both products of American semiconductor company AMD. AMD Ryzen is a central processing unit CPU. AMD EPYC is a high-performance server processor. Several AMD products have security vulnerabilities. These vulnerabilities stem from improper input validation, which may all...

4.6CVSS5.8AI score0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.15 views

ExifReader 安全漏洞

ExifReader is a image metadata extraction library developed by Mattias Wallander. Versions of ExifReader prior to 4.39.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size restrictions when decompressing PNG zTXt metadata, which could lead to the generation of...

6.9CVSS5.8AI score0.00464EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.15 views

Bert-VITS2 路径遍历漏洞

Bert-VITS2 is a core text-to-speech model developed by Fish Audio. Bert-VITS2 has a path traversal vulnerability, which stems from the getallmodels function in the hiyoriUI.py file within the Model Handler component. Attackers could potentially exploit this vulnerability remotely...

7.5CVSS7.1AI score0.00611EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.15 views

OpenSolution Quick.CMS 跨站脚本漏洞

OpenSolution Quick.CMS is a lightweight website content management system developed by the Polish company OpenSolution. Version 6.7 of OpenSolution Quick.CMS contains a cross-site scripting vulnerability. This vulnerability stems from a cross-site scripting flaw in the sliders form, allowing...

5.4CVSS5.9AI score0.00178EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.15 views

Flexense VX Search 代码问题漏洞

Flexense VX Search is a rule-based automatic file search solution provided by Flexense Corporation. It allows users to search for files based on file type, category, file name, size, location, extension, regular expressions, text and binary patterns, creation, modification, and last access dates,...

8.5CVSS6.2AI score0.00121EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.15 views

Huawei HarmonyOS 权限许可和访问控制问题漏洞

Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. Huawei HarmonyOS has vulnerabilities related to permission management and access control. These vulnerabilities stem from issues wit...

3.6CVSS5.8AI score0.00077EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.15 views

Open WebUI 信息泄露漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.9 contained a vulnerability related to information leakage. This vulnerability occurred when non-administrator users logged in, causing the application to send...

6.5CVSS5.8AI score0.00281EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.15 views

Open WebUI 授权问题漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.5.7 had an authorization issue vulnerability. This vulnerability stems from the ability for users to change access permissions during editing, potentially leading to...

6.5CVSS5.8AI score0.00226EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.15 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.6.19 contained security vulnerabilities. These vulnerabilities stemmed from the IDOR in the channel message management system, allowing authenticated users to modify...

7.1CVSS5.8AI score0.00266EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.15 views

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-xss attacks, which could allow users with model creation permissions to...

7.3CVSS7.4AI score0.00308EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.15 views

DHTMLX Diagram 路径遍历漏洞

DHTMLX Diagram is a JavaScript chart component developed by DHTMLX Corporation that supports interactive organizational charts, flowcharts, mind maps, and other chart types. Versions of DHTMLX Diagram prior to 1.1.1 had a path traversal vulnerability. This vulnerability stemmed from path traversa...

9.2CVSS5.8AI score0.00397EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

Fleet 安全漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.80.1 contained security...

6.9CVSS5.8AI score0.0043EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

hatchet 安全漏洞

Hatchet is an open-source backend task and AI workflow orchestration engine developed by Hatchet. Versions of Hatchet prior to 0.83.39 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization instructions for the GET /api/v1/stable/dags/tasks endpoint,...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.31.0 contained security vulnerabilities. These vulnerabilities stemmed from a flaw where only whether the tag was “FileName”...

8.2CVSS5.8AI score0.00347EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Security vulnerabilities existed in versions prior to PostgreSQL...

8.8CVSS6AI score0.00464EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

gst-plugins-good 数字错误漏洞

GStreamer-plugins-good is a GStreamer plugin developed under open source. Versions of GStreamer-plugins-good prior to 1.28.2 contained a numerical error vulnerability. This vulnerability stemmed from the qtdemuxaudiocaps function in the isomp4 plugin, which did not properly validate atomic data...

9.1CVSS5.8AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

Verint Verba 跨站脚本漏洞

Verint Verba is an enterprise-level compliance communication recording and interaction archiving platform developed by Verint Corporation in the United States. Verint Verba has a cross-site scripting vulnerability. This vulnerability stems from a lack of input sanitization in the login logging...

6.1CVSS5.7AI score0.00205EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

WordPress plugin Career Section 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

9.8CVSS6.2AI score0.00665EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the use of autocompletion features for certain input fields. This may lead to sensitive information being stored in the browser, potentially causing...

2.6CVSS5.8AI score0.00115EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP. This vulnerability stems from virtual...

8.7CVSS5.8AI score0.00324EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of disabling preemption between the scxclaimexit and trigger-assisted work processes,...

5.8AI score0.00121EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

Fleet 安全漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. There is a security vulnerability in Fleet, which stems...

9.9CVSS5.9AI score0.00379EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 14.2.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities stem from improperly partitioning response variants when using React Server Components, which can lead to cache...

5.4CVSS5.8AI score0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the xHCI controller failing to clear interrupts when reporting host controller errors, potentiall...

5.8AI score0.00114EPSS
Exploits0References1
Total number of security vulnerabilities5000