Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/05/04 12:0 a.m.15 views

Note Mark 授权问题漏洞

Note Mark is a web-based Markdown note-taking application developed by Leo Spratt. Version 0.19.2 of Note Mark contains an authorization vulnerability. This vulnerability stems from the IsPasswordMatch function falling back to a hardcoded bcrypt empty password placeholder, allowing unauthenticate...

9.4CVSS5.8AI score0.00296EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.15 views

WordPress plugin WP Mail Gateway 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.00396EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.15 views

Notepad++ 格式化字符串错误漏洞

Notepad++ is an open-source plain-text editor developed by Don Ho of Taiwan, China. Version 8.9.3 of Notepad++ has a vulnerability related to format strings. This vulnerability stems from format string injection in the Find Results panel’s processing logic, which may lead to denial-of-service...

4.6CVSS5.8AI score0.00191EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.15 views

Jenkins GitHub Plugin 跨站脚本漏洞

The Jenkins GitHub Plugin is an open-source plugin for Jenkins that provides integration with code hosting platforms for continuous integration systems. The Jenkins GitHub Plugin versions 1.46.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from improper...

9CVSS5.9AI score0.00281EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.15 views

Prime95 安全漏洞

Prime95 is a device stress testing software developed by Prime95 Corporation. Version 29.4b8 of Prime95 contains a security vulnerability. This vulnerability stems from a local buffer overflow, which could allow attackers to execute arbitrary code by exploiting the structured exception handling...

8.6CVSS6.4AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.15 views

VMware Spring Framework 安全漏洞

VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, a US-based company. This framework helps developers build high-quality applications. There is a security vulnerability in the VMware Spring Framework, which stems from caching malicious resources duri...

3.1CVSS5.8AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.15 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 had code vulnerabilities. These vulnerabilities stemmed from issues with Playwright’s redirection handling, involving server-side request forgery. This allowed attackers to...

6.5CVSS5.9AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.15 views

Elastic Package Registry 数据伪造问题漏洞

Elastic Package Registry is an integrated component and data distribution service provided by Elastic Inc. There is a vulnerability related to data falsification in Elastic Package Registry. This vulnerability stems from improper encryption signature verification, which may allow attackers to...

5.9CVSS5.8AI score0.00124EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.15 views

Tenda HG3 命令注入漏洞

The Tenda HG3 is a fiber-optic network terminal wireless router device designed for home broadband access by the Chinese company Tenda. Version 2.0 300003070 of the Tenda HG3 has a command injection vulnerability. This vulnerability stems from improper handling of the parameter fmgponloid in the...

9CVSS7.3AI score0.04075EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.15 views

dynamic-datasource-spring-boot-starter 注入漏洞

dynamic-datasource-spring-boot-starter is a fast integration multi-data-source starter developed by baomidou under the Open Source project. Version 2.5.0 of dynamic-datasource-spring-boot-starter contains an injection vulnerability. This vulnerability stems from improper handling of the...

6.5CVSS6.6AI score0.00237EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.15 views

zserio 输入验证错误漏洞

Zserio is an open-source framework for efficiently serializing structured data by Navigation Data Standard e.V. Versions of Zserio prior to 2.18.1 contained a vulnerability related to input validation errors. This vulnerability occurred due to the setBitPosition boundary check in the...

7.5CVSS6AI score0.00328EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ocfs2 file system’s ocfs2fault function. When filemapfault returns VMFAULTRETRY, it may relea...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.15 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from a proxy consent bypass vulnerability, which allowed LLM proxies to silently disable approval execution...

8.8CVSS5.9AI score0.00473EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.15 views

Copilot API Proxy 安全漏洞

Copilot API Proxy is a reverse proxy service for the GitHub Copilot API developed by Erick Christian. Versions of Copilot API Proxy prior to 0.7.0 contain security vulnerabilities. These vulnerabilities stem from the Header Handler component’s reliance on reverse DNS resolution for handling Host...

5.3CVSS5.8AI score0.00257EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.15 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.3.0 contained a security vulnerability. This vulnerability stemmed from the fact that untrusted peer devices in nimiq-primitives could declare election macroblocks whose validators contained...

7.5CVSS5.8AI score0.00372EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.15 views

PowerDNS Authoritative 资源管理错误漏洞

PowerDNS Authoritative is a DNS server software developed by PowerDNS Corporation. PowerDNS Authoritative has a resource management vulnerability that can lead to a denial-of-service attack. This vulnerability occurs when the PowerDNS auxiliary servers forward DNS update requests to malicious...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.15 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE before 18.9.6, 18.10....

2.7CVSS5.9AI score0.00381EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.15 views

Progress Telerik UI for AJAX 资源管理错误漏洞

Progress Telerik UI for AJAX is a set of Web interface components developed by the American company Progress. Versions of Progress Telerik UI for AJAX prior to 2026.1.421 contained a resource management vulnerability. This vulnerability stemmed from RadAsyncUpload’s lack of a mandatory measure to...

7.5CVSS5.8AI score0.00288EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.15 views

Oracle Application Development Framework 安全漏洞

The Oracle Application Development Framework is an enterprise-level application development framework developed by Oracle, a company in the United States. Versions 12.2.1.4.0 and 14.1.2.0.0.0 of the Oracle Application Development Framework contain security vulnerabilities. These vulnerabilities...

7.8CVSS7.2AI score0.00111EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.15 views

Oracle MySQL Server 安全漏洞

Oracle MySQL Server is a relational database management system developed by Oracle Corporation. Vulnerabilities exist in versions 8.0.0 to 8.0.45, 8.4.0 to 8.4.8, and 9.0.0 to 9.6.0 of Oracle MySQL Server. These vulnerabilities stem from issues with the Server: Optimizer component, which may allo...

4.9CVSS7.2AI score0.00323EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.15 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from Google Inc. There is a security vulnerability in Google Go, which stems from the golang.org/x/image/font/sfnt module’s ability to improperly allocate memory when parsing maliciou...

6.1CVSS5.8AI score0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.15 views

Esri Portal For ArcGIS 安全漏洞

Esri Portal for ArcGIS is a component offered by Esri that allows for sharing maps, scenarios, applications, and other geographic information with others within an organization. Versions 11.4, 11.5, and 12.0 of Esri Portal for ArcGIS have security vulnerabilities. These vulnerabilities stem from...

9.8CVSS5.8AI score0.00312EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.15 views

Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞

Dell PowerProtect Data Domain Dell PowerProtect DD is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. Vulnerabilities exist in versions 7.7.1.0 to 8.7.0.0 of Dell PowerProtect Data Domain Dell PowerProtect DD, as wel...

6.7CVSS5.8AI score0.00087EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.15 views

Firebird 安全漏洞

Firebird is a set of open-source, cross-platform relational database management systems provided by the Firebird Foundation, which include multiple ANSI SQL-92 functions. The Firebird FB3 version has a security vulnerability, which stems from an error in the placement of data length values when t...

7.9CVSS5.8AI score0.00185EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.15 views

WordPress plugin Canto 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00282EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.15 views

MiniUPnP 安全漏洞

MiniUPnP is a set of UPnP tools developed by the Miniupnp project, which can be used in embedded systems. These tools enable devices in home and corporate networks to connect with each other. MiniUPnP has a security vulnerability, stemming from integer underflow in the parsing of SOAPAction...

9.1CVSS5.8AI score0.00674EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.15 views

xrdp 安全漏洞

XRDPT is an open-source remote desktop protocol server developed by Neutrinolabs. Versions of XRDPT prior to 0.10.5 contain security vulnerabilities. These vulnerabilities stem from insufficient validation of the size parameter in the EGX implementation, leading to a heap-based buffer overflow th...

8.8CVSS6.3AI score0.00583EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.15 views

AMD EPYC 安全漏洞

AMD EPYC is a high-performance server processor developed by American semiconductor company AMD. AMD EPYC has a security vulnerability that stems from the lack of lock verification. This vulnerability could allow for modifications to MMIO routes and undermine the integrity of customer systems...

5.9CVSS5.8AI score0.00108EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.15 views

Upsonic 安全漏洞

Upsonic is an open-source AI proxy framework developed by Upsonic. Version 0.71.6 of Upsonic contains a security vulnerability. This vulnerability stems from defects in the MCP server or the task creation functionality, which may lead to remote code execution...

9.8CVSS6.3AI score0.00974EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.15 views

OAuth2 Proxy 代码问题漏洞

OAuth2 Proxy is a product developed by OAuth2 Proxy organization that can provide a reverse proxy for authentication with Google, Github, or other providers. Versions of OAuth2 Proxy from 7.11.0 to 7.15.2 had code-related vulnerabilities. This vulnerability stemmed from a regression issue that...

3.5CVSS5.8AI score0.00183EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.15 views

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained security vulnerabilities. These vulnerabilities stemmed from improper encoding of the EName and EDesc parameters in the EditEventAttendees.php file, which could lead to cross-site scripti...

6.1CVSS5.6AI score0.00263EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.15 views

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the US company wolfSSL, aimed at developers working with embedded systems. There is a security vulnerability in wolfSSL: the ARIA-GCM cipher suite used in TLS 1.2 and DTLS 1.2 reuses the same 12-byte GCM random numb...

7.1CVSS5.8AI score0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.15 views

WordPress plugin leadlovers forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.15 views

WordPress plugin BSK PDF Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.15 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by the built-in APIs of node.js. There were security vulnerabilities in versions of Erlang/OTP prior to 28.4.2, 27.3.4.10, and 26.2.5.19. These vulnerabilities stemmed from improper...

9.8CVSS5.8AI score0.0053EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.15 views

curl_cffi 代码问题漏洞

curlcffi is a Python HTTP client library developed by Lexiforest personal developers, which supports browser fingerprint simulation. Versions of curlcffi prior to 0.15.0 have code vulnerabilities. These vulnerabilities stem from the lack of restrictions on requests directed to internal IP ranges,...

8.6CVSS5.9AI score0.00463EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.15 views

@hapi/content 安全漏洞

@hapi/content is an open-source HTTP content header parsing library developed by hapi.js. Versions of @hapi/content prior to 6.0.0 contain security vulnerabilities. These vulnerabilities stem from defects in the regular expressions used to parse HTTP headers, which may lead to denial-of-service...

8.7CVSS5.8AI score0.00413EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.15 views

WeGIA 输入验证错误漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.9 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation or restrictions on the nextPage parameter, which could lead to...

6.1CVSS5.8AI score0.00183EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.15 views

core-rs-albatross 数据伪造问题漏洞

core-rs-albatross is a Rust implementation of the Albatross protocol developed by Nimiq. Versions prior to 1.3.0 of core-rs-albatross had a data manipulation vulnerability. This vulnerability stemmed from the lack of checking the interlink bindings of election macroblocks, which could lead to the...

6.5CVSS5.7AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.15 views

Piwigo 安全漏洞

Piwigo is a web-based open-source image library software developed by Piwigo contributors. This software includes functions such as image management, image classification, and permission management. Versions of Piwigo prior to 16.3.0 contained security vulnerabilities. These vulnerabilities stemm...

7.2CVSS6.1AI score0.00372EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of null pointer checking in the inteldmcupdatedc6allowedcount function. This vulnerabili...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.15 views

Amazon Athena ODBC driver 安全漏洞

The Amazon Athena ODBC driver is a database connection driver developed by the American company Amazon. Versions of the Amazon Athena ODBC driver prior to 2.1.0.0 contained security vulnerabilities. These vulnerabilities stemmed from insufficient security controls in the browser-based...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.15 views

ZOHO ManageEngine Exchange Reporter Plus 安全漏洞

ZOHO ManageEngine Exchange Reporter Plus is a web-based Exchange Server reporting tool developed by ZOHO Corporation. Previous versions of ZOHO ManageEngine Exchange Reporter Plus, including version 5802, contained security vulnerabilities. These vulnerabilities stemmed from a storage cross-site...

7.3CVSS5.7AI score0.00538EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.15 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.1 contained security vulnerabilities. These vulnerabilities stemmed from an exploit that allowed bypassing the SVG cleaner, potentially allowing execution of arbitrary JavaScript...

5.4CVSS6.1AI score0.00176EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.15 views

TeamPass 跨站脚本漏洞

TeamPass is an open-source password manager developed by Nils Laumaillé. Versions of TeamPass prior to 3.1.5.16 contained a cross-site scripting vulnerability. This vulnerability stemmed from the password import function not properly cleaning and encoding user input data, which could lead to...

9.3CVSS5.7AI score0.00134EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.15 views

Tokfinity InfCode Terminal 安全漏洞

Tokfinity InfCode Terminal is a terminal tool application developed by Tokfinity, which offers command-line operations and remote connection management capabilities. There is a security vulnerability in Tokfinity InfCode Terminal, caused by defects in the command filtering mechanism, which may le...

7.8CVSS6.1AI score0.00297EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.15 views

Discourse 授权问题漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse is vulnerable to an authorization issue. The vulnerability stems from the fact that a user who loses access to a topic can stil...

6.3CVSS5.8AI score0.0016EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.15 views

Wavlink WL-WN579X3-C 安全漏洞

Wavlink WL-WN579X3-C is a wireless network extender produced by Wavlink Corporation. The Wavlink WL-WN579X3-C 231124 version contains a security vulnerability. This vulnerability stems from incorrect handling of the UpnpEnabled parameter, which may lead to a stack-based buffer overflow attack...

9CVSS7.6AI score0.00687EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.15 views

Netty 环境问题漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.132.Final and 4.2.10.Final contained environmental issues. These issues were caused by...

7.5CVSS6.6AI score0.0064EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.15 views

Bludit 跨站脚本漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Versions of Bludit 3.18.2 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting flaw in the image upload function, which could allow...

8.8CVSS5.6AI score0.01919EPSS
Exploits4References2
Total number of security vulnerabilities5000