Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/20 12:0 a.m.14 views

NLnet Labs Unbound 缓冲区错误漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. Versions of NLnet Labs Unbound 1.25.0 and earlier contained a buffer error vulnerability. This vulnerability stemmed from the use of incorrect counters in the DNSSEC verifier to calculate the write offset, resulting...

8.7CVSS6AI score0.00779EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.13 views

NLnet Labs Unbound 安全漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. Versions of NLnet Labs Unbound 1.25.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by mixed records in the authoritative section, leading to cache poisoning. Attackers could...

10CVSS5.8AI score0.00249EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

WordPress plugin ProSolution WP Client 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

9.8CVSS6AI score0.00978EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

NLnet Labs Unbound 安全漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. Versions of NLnet Labs Unbound from 1.14.0 to 1.25.0 contain security vulnerabilities. These vulnerabilities stem from inconsistent locking mechanisms, and under certain conditions, they may lead to heap reclamation...

8.2CVSS5.8AI score0.00255EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

NLnet Labs Unbound 安全漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. Versions of NLnet Labs Unbound 1.25.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the possibility of service degradation when processing a large number of incoming EDNS options...

8.7CVSS5.8AI score0.00556EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.11 views

NLnet Labs Unbound 访问控制错误漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. In versions 1.16.2 to 1.25.0 of NLnet Labs Unbound, there is an access control vulnerability. This vulnerability stems from a phantom domain attack. It allows attackers to control phantoms and query the vulnerable...

8.7CVSS5.7AI score0.00171EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.11 views

NLnet Labs Unbound 资源管理错误漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. In versions 1.19.1 to 1.25.0 of NLnet Labs Unbound, there is a resource management vulnerability. This vulnerability stems from incorrect overwriting of target pointers when deep copying data structures in the DNSSE...

10CVSS6.1AI score0.01272EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.13 views

Taiko AG1000-01A SMS Alert Gateway 信任管理问题漏洞

The Taiko AG1000-01A SMS Alert Gateway is an industrial communication gateway device developed by Taiko Company in Singapore. It supports SMS-based alert notifications and remote event messaging. Both the Rev 7.3 and Rev 8 versions of the Taiko AG1000-01A SMS Alert Gateway contain vulnerabilities...

9.8CVSS5.9AI score0.00454EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.12 views

WordPress plugin Nexa Blocks 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

5.4CVSS5.9AI score0.00316EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.12 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of Tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting flaw in the addfacnote.php file. It could...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.11 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of Tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting vulnerability in routesnm.php, which coul...

5.1CVSS5.8AI score0.00229EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

Sitemio WISECP 跨站请求伪造漏洞

Sitemio WISECP is an automated management and billing platform developed by the Turkish company Sitemio, aimed at hosting services and domain name services. Versions of Sitemio WISECP from 2002 to 2026 had a cross-site request forgeing vulnerability. This vulnerability stems from cross-site reque...

8CVSS5.7AI score0.00166EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

Cisco ThousandEyes Virtual Appliance 注入漏洞

The Cisco ThousandEyes Virtual Appliance is a virtualization network monitoring device developed by Cisco Corporation. It provides network path monitoring and digital experience observability capabilities. The device has an injection vulnerability, which stems from insufficient user input...

4.7CVSS5.9AI score0.00438EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

WordPress plugin General Options 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

4.4CVSS5.8AI score0.0023EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

Dell PowerFlex Manager 安全漏洞

Dell PowerFlex Manager is a software-defined infrastructure deployment and lifecycle management platform developed by the American company Dell. Versions of Dell PowerFlex Manager prior to 4.6.2 contain security vulnerabilities. These vulnerabilities stem from the exposure of directory list...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.14 views

Frappe 路径遍历漏洞

Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. Versions of Frappe prior to 15.105.0 and 16.15.0 have a path traversal vulnerability. This vulnerability arises from the possibility that path traversal may...

8.7CVSS5.9AI score0.01279EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.13 views

NLnet Labs Unbound 安全漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. Versions of NLnet Labs Unbound 1.25.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from unbound name compression operations when handling large RRsets, which could lead to performanc...

6.9CVSS5.8AI score0.00556EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

WordPress plugin Presto Player 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.8AI score0.00238EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Ledger Live 代码问题漏洞

Ledger Live is an encrypted asset management application developed by the French company Ledger. Versions of Ledger Live prior to 6.34.7 contained a code vulnerability caused by integer parsing issues. This vulnerability allowed attackers to manipulate EIP-712 type data messages by exploiting...

6.9CVSS5.9AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

Microsoft Windows BitLocker 命令注入漏洞

Microsoft Windows BitLocker is a security feature provided by Microsoft that ensures the recovery key is backed up and secure before it is activated. Microsoft Windows BitLocker has a command injection vulnerability, which stems from a flaw in the security function’s implementation. The following...

6.8CVSS6AI score0.01249EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

SAMSUNG Escargot 安全漏洞

SAMSUNG Escargot is a memory-optimized JavaScript engine developed by South Korea’s Samsung Corporation. It is suitable for mid-range devices such as smartphones, tablets, and TVs. SAMSUNG Escargot has a security vulnerability that stems from the release of invalid pointers or references, which m...

5.5CVSS6AI score0.00266EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

SAMSUNG Escargot 安全漏洞

SAMSUNG Escargot is a memory-optimized JavaScript engine developed by South Korea’s Samsung Corporation. It is suitable for mid-range devices such as smartphones, tablets, and TVs. SAMSUNG Escargot has a security vulnerability caused by uncontrolled recursion, which may lead to the handling of...

5.5CVSS5.8AI score0.00266EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

OpenHarmony 输入验证错误漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contained a vulnerability related to input validation. Attackers could exploit this vulnerability to cause denial-of-service attacks...

3.3CVSS5.8AI score0.0012EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Keycloak 输入验证错误漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a vulnerability related to input validation. This vulnerability stems from differences in the URL validation logic during redirection operations, which may allow attackers to bypass...

8.1CVSS5.8AI score0.005EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.22 views

Live555 安全漏洞

LIVE555 is a cross-platform C++ open-source project that provides solutions for streaming media. It supports standard streaming media transmission protocols such as RTP/RTCP, RTSP, and SIP. Versions of LIVE555 before 2026.04.22 had security vulnerabilities. These vulnerabilities stemmed from...

8.2CVSS5.8AI score0.00486EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

terrascan 安全漏洞

Trenescan is an open-source infrastructure code static security analysis tool developed by Tenable. Versions of Trenescan 1.18.3 and earlier contain security vulnerabilities. These vulnerabilities stem from a server-side request forgeing vulnerability in the remote directory scanning endpoint’s...

9.2CVSS5.9AI score0.00482EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.14 views

Apache OFBiz 授权问题漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had an authorization vulnerability, which stemmed from improper authentication...

5.3CVSS5.8AI score0.00515EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

GoHTTP 路径遍历漏洞

GoHTTP is a web server written in C language by itang’s individual developer. Version 34ea51 of GoHTTP has a path traversal vulnerability, which allows attackers to perform directory traversal by submitting specially crafted requests...

7.3CVSS5.8AI score0.00523EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

OpenHarmony 安全漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contained security vulnerabilities, allowing attackers to execute arbitrary code in pre-installed applications...

8.1CVSS6.2AI score0.00428EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability stems from an insecure direct object reference issue in the authorization service’s protected API endpoints. It allows authenticated clients ...

6.8CVSS5.8AI score0.00303EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

OpenHarmony 代码问题漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier have code vulnerabilities that can be exploited by attackers to cause denial-of-service attacks...

3.3CVSS5.9AI score0.0012EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Broadcom Automic Automation Agent 安全漏洞

Broadcom Automic Automation Agent is a proxy program developed by Broadcom Corporation in the United States. It serves as an automation agent for enterprise-level tasks, supporting cross-platform job scheduling, process orchestration, and IT operations automation. It is suitable for automated...

8.5CVSS5.8AI score0.00146EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...

7.5CVSS5.8AI score0.00302EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from the server’s processAction function not verifying the new credential parameters. This could lead to the creation of non-compliant credentials by...

4.3CVSS5.8AI score0.00392EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Nozomi Networks CMC和Nozomi Networks Guardian 跨站脚本漏洞

Nozomi Networks CMC and Nozomi Networks Guardian are both products of Nozomi Networks, a company based in the United States. Nozomi Networks CMC is a network management platform. Nozomi Networks Guardian is a security software. Both Nozomi Networks CMC and Nozomi Networks Guardian have cross-site...

6.5CVSS5.7AI score0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.8 views

OpenHarmony 缓冲区错误漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contained a buffer error vulnerability. Attackers could exploit this vulnerability to cause denial-of-service attacks that were irreversible...

8.4CVSS6AI score0.00132EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.16 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the possibility for low-privilege users to bypass security controls and disable the implicit flow of OIDC clients, potentially leading to the leakage o...

7.1CVSS5.8AI score0.00344EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a resource management vulnerability. This vulnerability stemmed from the reuse of WebRTC after it was released, which could allow remote attackers to execute arbitrary code through ...

8.8CVSS6.2AI score0.00501EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

SAMSUNG Walrus 代码问题漏洞

SAMSUNG Walrus is a WebAssembly runtime engine developed by South Korea’s Samsung Corporation. There is a code vulnerability in SAMSUNG Walrus, which stems from null pointer dereferencing, potentially leading to pointer-related issues...

5.5CVSS5.9AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Mozilla多款产品 资源管理错误漏洞

Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...

7.3CVSS5.8AI score0.00413EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

Nozomi Networks Guardian和Nozomi Networks CMC 跨站脚本漏洞

Nozomi Networks Guardian and Nozomi Networks CMC are both products of the American company Nozomi Networks. Nozomi Networks Guardian is an IoT device and software inspection system. Nozomi Networks CMC is an application software that provides centralized OT and IoT security management. Both Nozom...

5.9CVSS5.7AI score0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

WordPress plugin Kirki – Freeform Page Builder, Website Builder & Customizer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.9AI score0.00564EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 151 and Mozilla Thunderbird prior to version 151 contained security vulnerabilities, which were caused by deceptive issues in WebExtensions...

7.5CVSS5.8AI score0.00376EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Mozilla Firefox 信息泄露漏洞

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 151.0 contained a vulnerability related to information leakage. This vulnerability stemmed from Reader mode being hosted on unauthenticated local web server...

6.5CVSS5.9AI score0.00192EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.14 views

OPPO O+ Connect 安全漏洞

OPPO O+ Connect is a multi-device connectivity and data collaboration platform developed by OPPO Corporation in China. There is a security vulnerability in OPPO O+ Connect, which stems from the failure to verify the identity of the caller on the pipeline interface, potentially leading to an...

7.3CVSS5.8AI score0.00106EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from an authentication flaw in the WebAuthn process. This flaw allows remote attackers to reissue the ExecuteActionsActionToken token, enabling them ...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

libheif 缓冲区错误漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a buffer error vulnerability. This vulnerability stems from excessive heap buffer reading in the HeifPixelImage::overlay function, where a...

7.1CVSS6AI score0.00323EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

libheif 安全漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain security vulnerabilities. These vulnerabilities stem from a heap buffer overflow in the MaskImageCodec::decodemaskimage function, where no...

7.1CVSS6AI score0.00343EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Motorola Factory Test 安全漏洞

Motorola Factory Test is a mobile device hardware testing and production testing tool developed by the American company Motorola. Motorola Factory Test contains a security vulnerability. This vulnerability stems from the use of references to writable file descriptors in applications, which may...

8.4CVSS5.8AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

Apache OFBiz 信息泄露漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a vulnerability related to information leakage, which resulted in...

7.5CVSS5.8AI score0.00486EPSS
Exploits0References1
Total number of security vulnerabilities195539