Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. In versions prior to 148.0.7778.179, there was a resource management vulnerability that stemmed from the reuse of XR objects after their release. This vulnerability could allow remote attackers to execute arbitrary code through a specially...

8.8CVSS6.2AI score0.00396EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

Apache OFBiz 代码问题漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained code vulnerabilities, specifically a server-side request forgeing...

7.3CVSS5.9AI score0.00473EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.179 contained a security vulnerability caused by GFX type confusion, which could allow remote attackers to achieve sandbox escape through specially crafted video files...

7.5CVSS5.8AI score0.00265EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

Apache OFBiz 授权问题漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had vulnerabilities related to authorization issues, which stemmed from imprope...

6.5CVSS5.8AI score0.00513EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a security vulnerability caused by a WebRTC heap buffer overflow. This vulnerability could allow remote attackers to execute arbitrary code within a sandbox through a specially...

8.8CVSS6.5AI score0.00538EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Microsoft Azure Portal Windows Admin Center 后置链接漏洞

Microsoft Azure Portal Windows Admin Center is a Windows server and hybrid cloud management platform integrated with the Azure Portal by Microsoft Corporation. There is a postback link vulnerability in Microsoft Azure Portal Windows Admin Center, which stems from improper link resolution before...

7.8CVSS5.8AI score0.00408EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.8 views

Mozilla Firefox和Mozilla Firefox Focus for Android 安全漏洞

Mozilla Firefox and Mozilla Firefox Focus for Android are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox Focus for Android is a privacy-oriented browser designed specifically for Android devices. There were security vulnerabilities in...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Nozomi Networks Guardian和Nozomi Networks CMC 跨站脚本漏洞

Nozomi Networks Guardian and Nozomi Networks CMC are both products of the American company Nozomi Networks. Nozomi Networks Guardian is an IoT device and software inspection system. Nozomi Networks CMC is an application software that provides centralized OT and IoT security management. Both Nozom...

5.9CVSS5.7AI score0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Mozilla Firefox 信息泄露漏洞

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 151.0 contained a vulnerability related to information leakage. This vulnerability stemmed from Reader mode being hosted on unauthenticated local web server...

6.5CVSS5.9AI score0.00192EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

WordPress plugin Piotnet Addons for Elementor Pro 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

9.8CVSS6.3AI score0.00953EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a buffer overflow vulnerability, which was caused by GPU out-of-bound reads. This vulnerability could allow remote attackers to execute out-of-bound memory reads through specially...

4.3CVSS6.2AI score0.00218EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.8 views

TYPO3 Extension Address List SQL注入漏洞

TYPO3 Extension Address List is an open-source extension for TYPO3, designed for address book and contact management purposes. TYPO3 Extension Address List has a SQL injection vulnerability; this vulnerability stems from the getSqlQuery method not properly cleaning user input, which may lead to S...

8.2CVSS5.8AI score0.00327EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

Mozilla多款产品 安全漏洞

Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...

8.8CVSS5.8AI score0.00386EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Discourse 信息泄露漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1 contain information leakage vulnerabilitie...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.14 views

Microsoft Windows BitLocker 命令注入漏洞

Microsoft Windows BitLocker is a security feature provided by Microsoft that ensures the recovery key is backed up and secure before it is activated. Microsoft Windows BitLocker has a command injection vulnerability, which stems from a flaw in the security function’s implementation. The following...

6.8CVSS6AI score0.01249EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

WordPress plugin Piotnet Forms 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

9.8CVSS6.3AI score0.0081EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability that stems from remote, unauthenticated attackers being able to send specially crafted XML inputs to SAML endpoints. This vulnerability can lead to high CPU usage and wo...

7.5CVSS5.8AI score0.00743EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...

9.1CVSS5.8AI score0.0042EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Eclipse Glassfish 安全漏洞

Eclipse Glassfish is an application server developed by the Eclipse Foundation. Eclipse Glassfish has a security vulnerability, which stems from improper handling of expressions in the server-side template rendering mechanism. This vulnerability allows remote attackers to completely destroy the...

9.6CVSS6.1AI score0.00628EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Scalar 安全漏洞

Scalar is an interactive API documentation and testing tool developed by Scalar OpenSource. Version 0.1.13 of Scalar contains a security vulnerability. This vulnerability stems from an arbitrary file upload vulnerability in the scalarurl query parameter of the Scalar Proxy endpoint, which could...

9.8CVSS6.2AI score0.00526EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

Mozilla Firefox多款产品 输入验证错误漏洞

Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...

9.8CVSS5.9AI score0.00605EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

terrascan 代码问题漏洞

Trenescan is an open-source infrastructure code static security analysis tool developed by Tenable. Versions of Trenescan 1.18.3 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the webhookurl parameter of the file...

8.7CVSS6AI score0.00499EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Ledger Live 代码问题漏洞

Ledger Live is an encrypted asset management application developed by the French company Ledger. Versions of Ledger Live prior to 6.34.7 contained a code vulnerability caused by integer parsing issues. This vulnerability allowed attackers to manipulate EIP-712 type data messages by exploiting...

6.9CVSS5.9AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

OpenHarmony 安全漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contain security vulnerabilities, and attackers can exploit these vulnerabilities to cause information leaks...

5.5CVSS5.8AI score0.00103EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.7 views

OpenHarmony 安全漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contain security vulnerabilities, and attackers can exploit these vulnerabilities to cause information leaks...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that was separated from the Mozilla Application Suite. This software supports IMAP and POP email protocols, ...

7.5CVSS5.8AI score0.00332EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Template 跨站脚本漏洞

Template is a quick and simple string templating tool developed by Blake Embrey. Versions of Template 3.102 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the htmlfilter function not escaping single quotes, which could lead to HTML and JavaScript injection...

6.1CVSS5.7AI score0.00282EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email, and chat rooms. Versions of Discourse before 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1 contain security vulnerabilities. These vulnerabilities st...

2.1CVSS5.8AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

zenshin 安全漏洞

Zenshin is an animation list management and media streaming tool developed by Hitarth. Versions of Zenshin prior to 2.7.0 contained security vulnerabilities. These vulnerabilities stemmed from OS command injection in the /stream-to-vlc Express route, which could allow remote attackers to execute...

9.8CVSS6.1AI score0.01622EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Rocket.Chat 访问控制错误漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. Vulnerabilities in access control existed in versions prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12. These vulnerabilities stemmed from the lack of room access checks for the...

5.3CVSS6.1AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Apache Camel 安全漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern and allows routing and mediation rules to be configured...

9.8CVSS6.5AI score0.01425EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

WordPress plugin Presto Player 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.8AI score0.00238EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

terrascan 安全漏洞

Trenescan is an open-source infrastructure code static security analysis tool developed by Tenable. Versions of Trenescan 1.18.3 and earlier contain security vulnerabilities. These vulnerabilities stem from a server-side request forgeing vulnerability in the remote directory scanning endpoint’s...

9.2CVSS5.9AI score0.00482EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Broadcom Automic Automation Agent 安全漏洞

Broadcom Automic Automation Agent is a proxy program developed by Broadcom Corporation in the United States. It serves as an automation agent for enterprise-level tasks, supporting cross-platform job scheduling, process orchestration, and IT operations automation. It is suitable for automated...

8.5CVSS5.8AI score0.00146EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.14 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow, whic...

8.7CVSS6AI score0.00156EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from a session fixation issue in the login endpoint. This vulnerability could allow unauthenticated attackers to intercept the authentication process,...

7.5CVSS5.8AI score0.00568EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Nozomi Networks CMC和Nozomi Networks Guardian 跨站脚本漏洞

Nozomi Networks CMC and Nozomi Networks Guardian are both products of Nozomi Networks, a company based in the United States. Nozomi Networks CMC is a network management platform. Nozomi Networks Guardian is a security software. Both Nozomi Networks CMC and Nozomi Networks Guardian have cross-site...

5.9CVSS5.7AI score0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.15 views

Qt 代码问题漏洞

Qt is an open-source, cross-platform application development framework. Qt has code vulnerabilities, which stem from an issue with uncontrolled search path elements in the backend of OpenSSL TLS. This vulnerability allows local attackers to load malicious CA certificates as trusted system...

1.8CVSS5.8AI score0.0009EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.12 views

Offline Hospital Management System 安全漏洞

Offline Hospital Management System is a hospital information management system developed by silverplugins21. Version 5.3.0 of Offline Hospital Management System has a security vulnerability. This vulnerability stems from improper configuration of the Electron renderer. By enabling Node.js...

7.3CVSS6.4AI score0.00318EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

PrestaShop UPS Shipping 信息泄露漏洞

PrestaShop UPS Shipping is an e-commerce logistics delivery module provided by the French company PrestaShop. There is a vulnerability in PrestaShop UPS Shipping, which stems from issues with the components /upsshipping/logs/ and components/upsshipping/lib/UPSBaseApi.php. This vulnerability may...

7.5CVSS5.8AI score0.0031EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.15 views

HSC MailInspector 跨站脚本漏洞

HSC MailInspector is a mail security analysis and filtering system developed by the Brazilian company HSC. Version 5.3.3-7 of HSC MailInspector contains a cross-site scripting vulnerability. This vulnerability arises from the use of alternative or obfuscated JavaScript syntax in user inputs withi...

6.1CVSS5.6AI score0.00195EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

Amazon Redshift Python Connector 代码注入漏洞

The Amazon Redshift Python Connector is a Python-compatible connector for Amazon Redshift developed by Amazon, Inc. Versions of the Amazon Redshift Python Connector prior to version 2.1.14 contained a code injection vulnerability. This vulnerability stemmed from the unsafe use of the Python eval...

9.8CVSS6.1AI score0.00808EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.12 views

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. There is a security vulnerability in gnutls, which stems from a logic issue with the reordering of Datagram Transport Layer Security packets. This...

7.5CVSS5.8AI score0.01335EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.22 views

MLflow 安全漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of mlflow prior to 3.11.0 contained a security vulnerability. This vulnerability stemmed...

7CVSS7.3AI score0.00193EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.14 views

WordPress多款产品 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.7AI score0.0032EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

WordPress plugin WP Maps 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.5CVSS5.9AI score0.00383EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

Edimax BR-6428nS 注入漏洞

The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. The Edimax BR-6428NS v41.10 version has a vulnerability known as “injection flaw.” This flaw arises from the function formStaDrvSetup in the POST Request Handler component, which processes the parameter stadrvssid. This...

6.5CVSS6.7AI score0.01158EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

M-Files Server 安全漏洞

The M-Files Server is a server belonging to the M-Files company’s M-Files system. Versions of the M-Files Server prior to 26.5.16015.0, 26.2 LTS, and 25.8 LTS SR3 contained security vulnerabilities. These vulnerabilities resulted in a denial-of-service condition, which could potentially cause the...

7.1CVSS5.8AI score0.00226EPSS
Exploits0References1
Total number of security vulnerabilities195539