Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

WordPress plugin Snow Monkey Blocks 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability. This vulnerability stems from the fact that the...

6.7CVSS5.8AI score0.00083EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

Netty 输入验证错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contain a vulnerability related to input validation errors...

6.5CVSS7AI score0.00364EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 15.4.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities arise from the use of middleware that protects dynamic routes. In this scenario, specially crafted query paramete...

8.1CVSS5.8AI score0.00485EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Intel QAT software drivers for Windows 缓冲区错误漏洞

Intel QAT software drivers for Windows are a set of encryption and compression hardware acceleration drivers for the Windows platform developed by Intel Corporation. Versions of Intel QAT software drivers for Windows prior to version 1.13 contain a buffer error vulnerability. This vulnerability...

8.5CVSS6AI score0.0011EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Microsoft Word 安全漏洞

Microsoft Word is a word processing software within the Office suite developed by Microsoft Corporation. There are security vulnerabilities in Microsoft Word. Attackers can exploit these vulnerabilities to execute code remotely. The following products and versions are affected: Microsoft SharePoi...

8.4CVSS5.9AI score0.00453EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Microsoft Windows Kernel Mode Drivers 资源管理错误漏洞

Microsoft Windows Kernel Mode Drivers are the kernel mode drivers of Windows from Microsoft. There is a resource management vulnerability in Microsoft Windows Kernel Mode Drivers. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected:...

7.8CVSS5.8AI score0.00298EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

PhpSpreadsheet 安全漏洞

PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. Vulnerabilities exist in versions prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0 of PhpSpreadsheet. These vulnerabilities stem from the SpreadsheetML XML reader not verifying whether the...

7.5CVSS5.8AI score0.00395EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

SAP SAPUI5 安全漏洞

SAP SAPUI5 is a JavaScript application framework developed by the German company SAP. There is a security vulnerability in SAP SAPUI5, which allows unauthenticated attackers to manipulate specific URL parameters containing malicious content. This could lead victims to clicking on and accessing...

4.7CVSS5.8AI score0.00249EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Microsoft Win32k 竞争条件问题漏洞

Microsoft Win32k is a system file used by Microsoft for multi-user management in Windows. There are competitive conditions vulnerabilities associated with Microsoft Win32k. The following products and versions are affected: Windows Server 2019 Server Core installation, Windows Server 2022, Windows...

7CVSS5.8AI score0.0019EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Hewlett Packard Enterprise ArubaOS 安全漏洞

Hewlett Packard Enterprise ArubaOS is a network wireless operating system developed by Hewlett Packard Enterprise. There is a security vulnerability in Hewlett Packard Enterprise ArubaOS, which stems from a flaw in the XML processing component. This vulnerability may allow unverified remote...

5.3CVSS5.8AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Warpgate 跨站请求伪造漏洞

Warpgate is a smart SSH, HTTPS, and MySQL BH developed by the warp-tech project for Linux. Versions of Warpgate prior to 0.23.3 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the SSO process not verifying the state parameter, which could allow attackers to...

6.5CVSS5.7AI score0.00133EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Scramble 代码注入漏洞

Scramble is a tool developed by de:doc for automatically generating API documentation for Laravel projects. Versions of Scramble from 0.13.2 to 0.13.22 contained a code injection vulnerability. This vulnerability stemmed from the exposed documentation endpoints and the use of validation rules tha...

9.4CVSS6AI score0.0586EPSS
Exploits3References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Adobe Commerce 路径遍历漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. Adobe Commerce has a path traversal vulnerability, which stems from improper path name restrictions. This vulnerability may allow arbitrary file system reads and writes...

8.7CVSS5.9AI score0.00606EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Microsoft Edge for Android 安全漏洞

Microsoft Edge for Android is a browser in the Android operating system developed by the American company Microsoft. There are security vulnerabilities in Microsoft Edge for Android. Attackers use these vulnerabilities to carry out phishing attacks...

4.3CVSS5.8AI score0.00497EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.15 views

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.14.1 contain security vulnerabilities. These vulnerabilities stem from the use of default file system permissions for the configuration directory and files of the daemon process. ...

6.9CVSS5.8AI score0.00098EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.15 views

ATutor 跨站脚本漏洞

ATutor is a set of open-source web-based Learning Content Management Systems LCMS developed by the Atutor team. This system includes modules for teaching content management, forums, chat rooms, etc. Version 2.2.4 of ATutor has a cross-site scripting vulnerability. This vulnerability stems from th...

5.1CVSS5.9AI score0.00391EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.15 views

pgAdmin SQL注入漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had a SQL injection vulnerability. This vulnerability allows authenticated users to inject arbitrary SQL statements in VACUUM/ANALYZE/REINDEX commands,...

8.8CVSS6.1AI score0.00456EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.15 views

WordPress plugin 3dady real-time web stats 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

6.4CVSS5.6AI score0.00217EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.15 views

Textpattern CMS 代码问题漏洞

TextPattern CMS is a content management system based on PHP developed by the TextPattern team. Version 4.8.7 of TextPattern CMS has a code vulnerability that stems from a remote code execution flaw in the file upload function. This vulnerability could allow authenticated attackers to execute...

8.8CVSS6.6AI score0.00617EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.15 views

Pillow 安全漏洞

Pillow is an open-source image processing library developed by Pillow. Versions of Pillow from 4.2.0 to 12.2.0 contained security vulnerabilities. These vulnerabilities were due to malicious PDFs, which could cause processes to hang indefinitely, consume 100% of the CPU resources, and render the...

5.5CVSS7.1AI score0.00126EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.15 views

Plainpad 安全漏洞

Plainpad is a self-hosted note-taking application by the individual developer Alex Tselegidis. A security vulnerability exists in Plainpad versions prior to 1.1.1, which stems from allowing a low-privileged user to self-elevate to administrator via the admin parameter in a PUT request, potentiall...

8.3CVSS5.8AI score0.00261EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.15 views

Net::IMAP 命令注入漏洞

Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. Versions of Net::IMAP prior to 0.4.24, 0.5.14, and 0.6.4 had command injection vulnerabilities. These vulnerabilities stemmed from the symbolic parameters of commands, which were vulnerable to CRLF...

9.8CVSS5.8AI score0.00813EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which arises from the possibility that scxenable may be infinitely starved during fair class saturation, leading to syst...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.15 views

Gitroom Postiz 代码注入漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Previous versions of Gitroom Postiz had a code injection vulnerability. This vulnerability stemmed from a Pwn Request vulnerability present in the workflow for building and publishing PR Docker images, which could...

10CVSS6.2AI score0.00504EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.15 views

zebra 数据伪造问题漏洞

Zebra is an open-source Zcash implementation built with Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 had a data forgery vulnerability, which stemmed from insufficient error handling when sighash types were invalid, potentially leading to consensus splits...

9.3CVSS5.8AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the XDP multiple buffer fragment count in the net mlx5e RX component. This count does not correct...

9.8CVSS5.9AI score0.00414EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of a non-constant time for the MAC comparison of tcp-md5, potentially leading to timing attacks...

9.4CVSS5.8AI score0.00443EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.15 views

OSGeo gdal 缓冲区错误漏洞

OSGeo GDAL is an open-source geospatial raster and vector data processing library developed by OSGeo. OSGeo GDAL versions 3.13.0dev-4 and earlier contain a buffer error vulnerability. This vulnerability stems from a function called memmove in the frmts/hdf4/hdf-eos/SWapi.c file, which is part of...

5.5CVSS6AI score0.00264EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.15 views

i18nextify 跨站脚本漏洞

i18nextify is an open-source Java library application developed by i18next. Versions prior to i18nextify 4.0.8 contained a cross-site scripting vulnerability. This vulnerability stemmed from the key interpolation token in the src and href attribute values, which did not validate the URL scheme...

4.7CVSS5.7AI score0.00144EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.15 views

Admidio 路径遍历漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a path traversal vulnerability. This vulnerability stemmed...

6.5CVSS5.8AI score0.00307EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.15 views

Microsoft Azure DevOps 信息泄露漏洞

Microsoft Azure DevOps is a team collaboration platform provided by the American company Microsoft. There is an information leakage vulnerability in Microsoft Azure DevOps. This vulnerability stems from the exposure of sensitive information to unauthorized participants, which may allow unauthoriz...

10CVSS6AI score0.0084EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the rtw88 wireless driver failing to release the supported frequency bands during the rtwregister...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the last four bytes of the sockaddrin6 structure in the PFKEY export path are not...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.15 views

Incus 代码问题漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained code vulnerabilities. These vulnerabilities stemmed from a lack of validation logic in the volume import process. As a result, authenticated users could exploit this vulnerability ...

7.1CVSS5.9AI score0.00299EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from array out-of-bounds access during the 22000 series SMEM parsing in iwlwifi...

8.8CVSS5.8AI score0.00256EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.15 views

Apache Wicket 信息泄露漏洞

Apache Wicket is an open-source, lightweight, component-based framework developed by the Apache Foundation in the United States. It provides an object-oriented approach for developing web-based dynamic UI applications. Versions of Apache Wicket from 8.0.0 to 8.17.0, from 9.0.0 to 9.22.0, and from...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper error handling in media v4l2-async. This vulnerability may lead to asynchronous...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error in the handling of resources by the mtk-mdp driver’s probe function. This error occurs...

7.8CVSS5.8AI score0.00139EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.15 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from improper implementation in DevTools, and it could allow attackers who persuade users to install malicious...

5.4CVSS5.8AI score0.00121EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.15 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient input validation in Media components, which could allow a remote attacker with access...

8.3CVSS5.9AI score0.0022EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.15 views

Bitcoin Core 安全漏洞

Bitcoin Core is an open-source client for verifying the validity of blockchain transactions. There are security vulnerabilities in versions 0.14 to 28.x of Bitcoin Core, and these vulnerabilities stem from security issues, though the details remain undisclosed...

7.5CVSS5.8AI score0.00417EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.15 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.3.22 to 2026.4.5 contained a security vulnerability. This vulnerability stemmed from the handling of symbolic link traversal in remote market repository paths, which could allow...

6.5CVSS5.8AI score0.00323EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.15 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.14 contained security vulnerabilities. These vulnerabilities stemmed from editing bypasses, allowing authenticated gateway clients to receive unedited secrets through alias fiel...

7.1CVSS5.8AI score0.00333EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.15 views

CoreDNS 安全漏洞

CoreDNS is a DNS server within the CoreDNS community. Versions of CoreDNS prior to 1.14.3 contained a security vulnerability. This vulnerability stemmed from the tsig plugin’s trust transfer writer, which relied on TsigStatus for verification instead of performing its own validation. This allowed...

8.7CVSS5.8AI score0.00374EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.15 views

Yeapook WDR201A WiFi Extender 操作系统命令注入漏洞

The Yeapook WDR201A WiFi Extender is a wireless signal extension device from the Yeapook company. The Yeapook WDR201A WiFi Extender HW V2.1 version and FW LFMZX28040922V1.02 version have a vulnerability related to operating system command injection. This vulnerability stems from insufficient inpu...

9.3CVSS6AI score0.01235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.15 views

Postfix 安全漏洞

Postfix is an open-source mail transfer agent software developed by Postfix. Vulnerabilities existed in versions prior to Postfix 3.8.16, 3.9.10, and 3.10.9. These vulnerabilities stemmed from the lack of text after the third digit in enhanced status codes, which could lead to excessive buffer...

7.5CVSS5.9AI score0.00415EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.15 views

Notesnook 跨站脚本漏洞

Notesnook is an end-to-end encrypted note application developed by Streetwriters. Versions of Notesnook for Web/Desktop prior to 3.3.15, as well as versions for iOS/Android prior to 3.3.20, had a cross-site scripting vulnerability. This vulnerability stemmed from the lack of HTML escaping for...

9.6CVSS6AI score0.00477EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.15 views

n8n SQL注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contain SQL injection vulnerabilities. These vulnerabilities arise from the direct interpolation of user-controlled table names, column names, and update keys into the...

8.8CVSS5.8AI score0.00254EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.15 views

n8n SQL注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained SQL injection vulnerabilities. These vulnerabilities stemmed from the use of row:search and row:get operations in the SeaTable node, where user-controlled inp...

8.8CVSS5.9AI score0.00342EPSS
Exploits0References2
Total number of security vulnerabilities5000