Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

WordPress plugin Easy Twitter Feeds 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

5.1CVSS5.2AI score0.00104EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

SQLAlchemy Admin 安全漏洞

SQLAlchemy Admin is an open-source SQLAlchemy model management interface tool developed by Smithy HQ. Versions of SQLAlchemy Admin prior to 0.25.1 contained a security vulnerability. This vulnerability stemmed from the ajaxlookup endpoint in the application.py file, which bypassed the isaccessibl...

4.3CVSS5.3AI score0.00279EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Lenovo ThinkPad 缓冲区错误漏洞

The Lenovo ThinkPad is a portable computer by the company Lenovo. The Lenovo ThinkPad has a buffer error vulnerability, which stems from an out-of-bounds write issue in the BIOS. This vulnerability may allow privileged local users to execute code in the system management mode...

8.4CVSS5.9AI score0.00121EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

NSA Ghidra 安全漏洞

NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Previous versions of NSA Ghidra, up to version 12.1.1, contained security vulnerabilities. These vulnerabilities stemmed from the Mach-O binary parser,...

6.7CVSS5.3AI score0.00151EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

SimpleSAMLphp-casserver 路径遍历漏洞

SimpleSAMLphp-casserver is an open-source CAS protocol-compatible Single Sign-On server module developed by SimpleSAMLphp. Versions prior to 7.0.3 of SimpleSAMLphp-casserver contained a path traversal vulnerability. This vulnerability stemmed from the direct concatenation of attacker-controlled...

8.6CVSS5.5AI score0.00422EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Roxy-WI 操作系统命令注入漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the POST /config/versions/route request, which...

8.8CVSS5.6AI score0.00304EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Jenkins 输入验证错误漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have a vulnerability related...

4.3CVSS5.4AI score0.00239EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.24 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained security vulnerabilities. These vulnerabilities stemmed...

7.5CVSS5.3AI score0.00441EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

QNAP quts hero 异常处理不当漏洞

QNAP Systems QuTS hero is a software with data storage and management capabilities developed by QNAP Systems, a company based in Taiwan, China. There is a code vulnerability in QNAP Systems QuTS hero, which stems from a null pointer dereferencing. This vulnerability could allow remote attackers t...

7.2CVSS6AI score0.00331EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Ansible 后置链接漏洞

Ansible is an easy-to-use IT automation system developed under the open source license. Ansible has a post-installation link vulnerability, which originates from the Posix authorizedkey module. The keyfile function uses os.chown instead of os.lchown, and does not use ONOFOLLOW to open files, whic...

7.3CVSS5.9AI score0.00161EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Lenovo ThinkPad 加密问题漏洞

The Lenovo ThinkPad is a portable computer by the company Lenovo. The Lenovo ThinkPad has an encryption vulnerability, which stems from issues with the embedded controller firmware. This vulnerability may allow privileged local users to perform arbitrary read and write operations on privileged...

8.4CVSS5.5AI score0.00077EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability stems from command injection, which...

8.6CVSS6AI score0.01049EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

Palo Alto Networks Cortex Xsoar 路径遍历漏洞

Palo Alto Networks Cortex Xsoar is a security orchestration and response Soar platform developed by Palo Alto Networks in the United States. Palo Alto Networks Cortex Xsoar has a path traversal vulnerability. This vulnerability arises from path traversal attacks, which may allow unauthenticated...

7.5CVSS5.5AI score0.00199EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Palo Alto Networks Cortex XSIAM CommvaultSecurityIQ Marketplace和Palo Alto Networks Cortex XSOAR CommvaultSecurityIQ Marketplace 安全漏洞

Palo Alto Networks Cortex XSIAM CommvaultSecurityIQ Marketplace and Palo Alto Networks Cortex XSOAR CommvaultSecurityIQ Marketplace are both products of Palo Alto Networks. The Palo Alto Networks Cortex XSIAM CommvaultSecurityIQ Marketplace is a security operations integration extension package...

9.3CVSS5.4AI score0.00285EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

Palo Alto Networks Prisma Access Agent 安全漏洞

Palo Alto Networks Prisma Access Agent is a zero-trust network access client agent developed by Palo Alto Networks. There is a security vulnerability in the Palo Alto Networks Prisma Access Agent for Linux, which stems from an issue related to privilege escalation. This vulnerability may allow...

8.5CVSS5.5AI score0.00109EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.24 views

NoMachine 参数注入漏洞

NoMachine is a remote desktop access tool developed by NoMachine Company in Luxembourg. Versions of NoMachine prior to 9.5.7 and 8.23.2 contained a parameter injection vulnerability. This vulnerability stemmed from improper of parameter separators in commands, which could lead to parameter...

7.3CVSS5.5AI score0.00131EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

WordPress plugin Yoast Duplicate Post 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.2AI score0.00141EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.24 views

Fission 访问控制错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.23.0 contained a access control vulnerability. This vulnerability stemmed from the storagevc component failing to perform any authentication or authorization when registering the archive CR...

8.8CVSS5.3AI score0.00344EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

AMD EPYC Processor 输入验证错误漏洞

The AMD EPYC Processor is a series of multi-core processors developed by Advanced Microelectronics Devices, Inc. AMD. The AMD EPYC Processor has a vulnerability in input validation, which stems from improper input validation of DIMM serial presence detection metadata. This vulnerability could all...

5.3CVSS7AI score0.00222EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.35 views

OpenVPN ovpn-dco-win 安全漏洞

OpenVPN ovpn-dco-win is a virtual network adapter for Windows developed by OpenVPN. There are security vulnerabilities in versions 2.0.0 to 2.8.3 of OpenVPN ovpn-dco-win. These vulnerabilities stem from errors in buffer size calculations by the epoch key generator, which may allow remotely...

5.6CVSS5.8AI score0.00148EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

Fedify 安全漏洞

Fedify is a TypeScript library developed by Hong Minhee. It is used to build federated server applications that support ActivityPub and other standards. Versions of Fedify prior to 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3 have security vulnerabilities. These vulnerabilities stem from attackers...

7CVSS5.4AI score0.00171EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

ESP-IDF 缓冲区错误漏洞

ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1 of ESP-IDF contain buffer overflow vulnerabilities. These vulnerabilities stem from an out-of-bounds read issue in the DHCP server option...

6.5CVSS5.8AI score0.00246EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.4.0 contained a security vulnerability. This vulnerability stemmed from the call to .unwrap during the delinearize function in Ed25519PublicKey::delinearize. When the public key was constructed...

4.3CVSS5.3AI score0.00231EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

WordPress plugin Newsletters SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.5CVSS5.7AI score0.01382EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Boxlite 访问控制错误漏洞

BoxLite is an open-source embedded microvirtual machine runtime developed by BoxLite. It provides hardware-isolated secure sandboxes for AI agents and code execution scenarios. Versions of BoxLite prior to 0.9.0 contained an access control vulnerability. This vulnerability stemmed from the lack o...

10CVSS6AI score0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

ESP-IDF 安全漏洞

ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0 of ESP-IDF contain security vulnerabilities. These vulnerabilities stem from a buffer overflow in the session setting path of the protocomm...

7.1CVSS6AI score0.00325EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

ESP-IDF 输入验证错误漏洞

ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.5.4 and 6.0 of ESP-IDF contain input validation vulnerabilities. These vulnerabilities stem from issues with the security service wrapper component in the esptee module, which...

9.3CVSS5.3AI score0.00126EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Dulwich 路径遍历漏洞

Dulwich is a Python-based Git repository management interface developed by Jelmer Vernooij. Versions of Dulwich from 0.23.2 to 1.2.5 contained a path traversal vulnerability. This vulnerability stemmed from the porcelain.submoduleupdate method not verifying the submodule paths properly. As a...

7.5CVSS5.6AI score0.00448EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities arise from the buildermgr controller failing to verify that Package.spec.environment.namespace matches Package.metadata.namespac...

7.7CVSS5.3AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Fission 访问控制错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained a access control vulnerability. This vulnerability stemmed from the lack of namespace validation using the access webhook in the Fission Function specification for...

7.7CVSS5.3AI score0.00265EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Roxy-WI 授权问题漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier have a vulnerability related to authorization. This vulnerability arises from using the API substring in the URL and unauthenticated /api/gpt endpoints,...

8.3CVSS5.4AI score0.00244EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

QNAP file station 异常处理不当漏洞

QNAP Systems File Station 6 is a file management software developed by QNAP Systems, a company based in Taiwan, China. There is a code vulnerability in QNAP Systems File Station 6, which stems from a null pointer dereferencing. This vulnerability could allow remote attackers to launch a...

6.5CVSS6AI score0.0028EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

BSimVis 跨站脚本漏洞

BSimVis is a binary program similarity analysis and visualization tool developed by the MISP Project. Versions of BSimVis up to v0.2.0 contained a cross-site scripting vulnerability. This vulnerability allowed attackers to execute operations as victims, access data that the victims could access, ...

6.9CVSS5.1AI score0.00277EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained security vulnerabilities. These vulnerabilities stemmed...

5.5CVSS5.3AI score0.00111EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

WordPress plugin WP GDPR Cookie Consent 跨站脚本漏洞

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WP GDPR Cookie Consent plugin has a cross-site...

6.4CVSS5.9AI score0.00188EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.27 views

NVIDIA DALI 输入验证错误漏洞

NVIDIA DALI is a data loading and preprocessing library developed by NVIDIA Corporation in the United States. NVIDIA DALI has a vulnerability related to input validation errors. This vulnerability stems from improper index validation in the components of the library, which can lead to code...

7.3CVSS5.4AI score0.00139EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in Huawei HarmonyOS, which stems from the permission management of the network management module...

6.3CVSS5.3AI score0.00067EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Microsoft Windows Media Center 缓冲区错误漏洞

Microsoft Windows Media is a series of media playback and management software developed by the American company Microsoft. There are security vulnerabilities in Microsoft Windows Media. Attackers can exploit these vulnerabilities to execute code. The following products and versions are affected:...

7.8CVSS7.1AI score0.00445EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

Post-Factum BV OpenClinic GA 跨站脚本漏洞

Post-Factum BV OpenClinic GA is an open-source hospital information management system developed by the Belgian company Post-Factum BV. This system supports functions such as financial management, clinical management, and laboratory management. Version 5.351.19 of Post-Factum BV OpenClinic GA...

6.1CVSS5.3AI score0.00293EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Adobe ColdFusion 授权问题漏洞

Adobe ColdFusion is a rapid application development platform provided by Adobe Inc. This platform includes an integrated development environment and a scripting language. Versions of Adobe ColdFusion such as 2023.19, 2025.8, and earlier versions have security vulnerabilities. These vulnerabilitie...

9.1CVSS5.8AI score0.07535EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Microsoft Windows DHCP Server 输入验证错误漏洞

Microsoft Windows DHCP Server is a core service of the American company Microsoft, used for automatically retrieving network configuration information. There are security vulnerabilities in Microsoft Windows DHCP Server. The following products and versions are affected: Windows 10 Version 22H2 fo...

9.1CVSS5.8AI score0.00366EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

WordPress plugin Recover Exit For WooCommerce 安全漏洞

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed to enhance functionality of the platform. The "Recover Exit For WooCommerce"...

8.1CVSS6AI score0.00551EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

389 Directory Server 安全漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. There is a security vulnerability in 389 Directory Server, which arises from the use of the createmaskedentrystring function in auditlog.c when audit logs are enabled...

3.3CVSS5.8AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.22 views

Microsoft Windows Telephony Server 缓冲区错误漏洞

Microsoft Windows Telephony Server is a component of the American company Microsoft. It supports the Telephone Application Programming Interface TAPI, allowing computer programs to communicate with shared telephone services. There is a buffer error vulnerability present in Microsoft Windows...

5.5CVSS5.6AI score0.00388EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

Adobe Acrobat Reader 缓冲区错误漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a buffer error vulnerability. This...

5.5CVSS5.2AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.20 views

Microsoft Teams 注入漏洞

Microsoft Teams is a software product developed by the American company Microsoft, used for online meetings, chatting, and cloud storage functions. There is a vulnerability in Microsoft Teams. Attackers can exploit this vulnerability to obtain sensitive information...

8.1CVSS5.3AI score0.01259EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

Ivanti Sentry 安全漏洞

Ivanti Sentry is an online gateway provided by the American company Ivanti. It is used to manage, encrypt, and protect traffic between mobile devices and backend enterprise systems. There are security vulnerabilities in versions of Ivanti Sentry prior to R10.5.2, R10.6.2, and R10.7.1. These...

9.9CVSS6AI score0.4719EPSS
Exploits4References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

Microsoft .NET 授权问题漏洞

Microsoft .NET is a software framework developed by Microsoft Corporation in the United States. It focuses on agile software development, rapid application development, platform independence, and transparency in networking. There are vulnerabilities related to licensing in Microsoft .NET. Attacke...

7.8CVSS5.4AI score0.00384EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Microsoft DWM Core Library 缓冲区错误漏洞

The Microsoft DWM Core Library is a core library of Microsoft Windows from the company Microsoft. There are security vulnerabilities in the Microsoft DWM Core Library. Attackers can exploit these vulnerabilities to obtain sensitive information. The following products and versions are affected:...

5.5CVSS5.8AI score0.00318EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

Microsoft Windows Internet (wininet.dll) 数字错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a vulnerability in Microsoft Windows Internet wininet.dll related to input validation errors. Attackers can exploit this vulnerability to gain higher privileges. The following products an...

7.8CVSS5.9AI score0.00286EPSS
Exploits0References1
Total number of security vulnerabilities195539