Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

F5 BIG-IP 命令注入漏洞

F5 BIG-IP is an application delivery platform developed by F5 Networks in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a command injection vulnerability, which originates from the iControl REST an...

8.7CVSS6.1AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

Zoom Workplace VDI Plugin Windows Universal Installer 安全漏洞

The Zoom Workplace VDI Plugin Windows Universal Installer is a Windows plugin provided by the US company Zoom, designed for use in virtual desktop infrastructure environments. Versions of the Zoom Workplace VDI Plugin Windows Universal Installer prior to version 6.6.11 contained security...

7.8CVSS5.8AI score0.00118EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP, where the IP access restrictions of htt...

6.9CVSS5.8AI score0.00228EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.16 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of disabling preemption between the scxclaimexit and trigger-assisted work processes,...

5.8AI score0.00121EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from or to a server. Curl has a security vulnerability, which stems from improper handling of .netrc file credentials and HTTP redirection. This vulnerability may lead to password exposure...

5.3CVSS5.8AI score0.00519EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

WordPress plugin JoomSport SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00322EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

vm2 安全漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using built-in Node.js modules listed in the allowlist. Versions of vm2 prior to 3.11.0 have a security vulnerability: sandbox code can call Buffer.alloc to allocate memory of arbitrary...

7.5CVSS6AI score0.00424EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.19 views

Arqit Symmetric Key Agreement Platform 安全漏洞

The Arqit Symmetric Key Agreement Platform is a quantum-safe key negotiation platform developed by Arqit Corporation. Versions prior to 26.03 of the Arqit Symmetric Key Agreement Platform contained security vulnerabilities. These vulnerabilities stemmed from exposing the QKEY and internal system...

8.7CVSS5.8AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

AMD多款产品 安全漏洞

AMD EPYC is a high-performance server processor developed by American semiconductor company AMD. Several AMD products have security vulnerabilities. These vulnerabilities stem from improper execution of the LFENCE serialization attribute, which may allow attackers to bypass the speculation barrie...

5.7CVSS5.9AI score0.00135EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a security vulnerability in Palo Alto Networks PAN-OS, which stems from buffer overflows in the DNS proxy and DNS server functions. This vulnerability could allow unauthenticated...

9.2CVSS6.2AI score0.00408EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

qihang-wms SQL注入漏洞

Qihang-WMS is an intelligent warehousing management system developed by Qiliping’s individual developers. Qihang-WMS has a SQL injection vulnerability. This vulnerability stems from the SQL injection vulnerability present in the datascope parameter in the SysDeptMapper.xml file. It may allow...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

F5 BIG-IP 跨站请求伪造漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a cross-site request forgery vulnerability, which originates from the...

5.4CVSS5.7AI score0.00104EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability. This vulnerability arises from attackers with...

8.7CVSS5.8AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

WordPress plugin ilGhera Support System for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

cPanel SQL注入漏洞

cPanel is a web-based automated hosting platform developed by cPanel Inc. This platform is primarily used for automating the management of websites and servers. cPanel has a SQL injection vulnerability, which stems from insufficient SQL query cleaning in the sqloptimizer tool script. If the slow...

8.1CVSS5.8AI score0.00312EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error in buffer size calculation within the sps30i2creadmeas function. The sizeofnum operation...

7.8CVSS5.9AI score0.00121EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

libcurl 安全漏洞

libcurl is a free and easy-to-use client URL transfer library for cURL, which is open-source. There is a security vulnerability in libcurl, caused by improper handling of custom Host headers. This vulnerability may lead to the incorrect transmission of cookies from the first request during the...

7.5CVSS5.8AI score0.00291EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

curl 安全漏洞

curl is an open-source tool developed by cURL, used for transferring data from or to a server. Curl has a security vulnerability, which stems from a logic error in connection reuse. This error may cause TLS-enabled connections to incorrectly reuse existing unencrypted connections, resulting in da...

5.9CVSS5.8AI score0.00329EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

9.2CVSS6.3AI score0.61469EPSS
Exploits40References5
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

libcurl 代码问题漏洞

libcurl is an open-source, free, and easy-to-use client URL transfer library for cURL. There are code vulnerabilities in libcurl, stemming from errors in connection reuse logic. These vulnerabilities may cause SMB transfers to incorrectly reuse existing connections to different shares, resulting ...

7.5CVSS5.9AI score0.00549EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from a server or to a server. Curl has a security vulnerability that stems from an error in proxy credential transmission, which may lead to the incorrect transmission of credentials from one proxy to another...

5.9CVSS5.8AI score0.00639EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

libcurl 代码问题漏洞

libcurl is an open-source, free, and easy-to-use client URL transfer library for cURL. There are code vulnerabilities in libcurl, stemming from a logical error in connection reuse logic. This error may lead to the incorrect reuse of connections that use different credentials after Negotiate...

6.5CVSS5.9AI score0.00414EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

F5 BIG-IP 路径遍历漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a path traversal vulnerability, which stems from directory traversal. Thi...

6.9CVSS5.8AI score0.00886EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

VMware ESXi 缓冲区错误漏洞

VMware ESXi is a server virtualization platform developed by the American company VMware, which can be directly installed on physical servers. VMware ESXi has a buffer overflow vulnerability, which stems from a heap-based buffer overflow. This vulnerability could allow attackers to gain elevated...

8.8CVSS6.5AI score0.00098EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

WordPress plugin ultimate-member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.8CVSS6.1AI score0.00246EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

WordPress plugin Avada Builder SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00511EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Hitachi Vantara Pentaho Data Integration and Analytics 安全漏洞

Hitachi Vantara Pentaho Data Integration and Analytics is a business intelligence dashboard designer developed by the American company Hitachi Vantara. There is a security vulnerability in Hitachi Vantara Pentaho Data Integration and Analytics, which stems from the JDBC driver of the H2 database,...

9.1CVSS5.8AI score0.00342EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Palo Alto Networks PAN-OS 代码问题漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There are code vulnerabilities in Palo Alto Networks PAN-OS, which stem from server-side request forgeing issues in the IKEv2 implementation. These vulnerabilities could allow unauthenticate...

8.3CVSS5.9AI score0.00317EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

WordPress plugin Broadstreet 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.4CVSS5.8AI score0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Palo Alto Networks GlobalProtect app 缓冲区错误漏洞

The Palo Alto Networks GlobalProtect app is a network protection software developed by Palo Alto Networks. The GlobalProtect app has a buffer error vulnerability, which stems from a buffer overflow issue. This vulnerability could allow attackers to interrupt system processes and execute arbitrary...

7.7CVSS6.5AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

Striso Control Firmware 安全漏洞

Striso Control Firmware is an open-source MPE MIDI controller firmware developed by Striso. Version 54c9722 of Striso Control Firmware contains a security vulnerability, which stems from a buffer overflow in the ThreadReadButtons function...

7.5CVSS6AI score0.00329EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper setting or clearing of CR8 write interception when AVIC is activated. This vulnerability...

5.8AI score0.00114EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Claude Code 安全漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code from 1.2581.0 to 1.4304.0 contained a security vulnerability. This vulnerability stemmed from the SSH remote development feature, which only verified whether the host name exists in t...

7.4CVSS6AI score0.00135EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.17 views

Next.js 代码问题漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 13.4.13 to 15.5.16, as well as versions before 16.2.5, have code vulnerabilities. These vulnerabilities stem from the use of the built-in Node.js server for hosting. When a custom WebSocket upgrade request is made, it ma...

8.6CVSS5.9AI score0.38811EPSS
Exploits9References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. There were security vulnerabilities in versions of Next.js from 15.2.0 to 15.5.18, and also in version 16.2.6. These vulnerabilities stemmed from failing to apply the corrections for CVE-2026-44575 when using the Turbopack-based middleware.ts...

7.5CVSS5.8AI score0.00544EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 15.4.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities arise from the use of middleware that protects dynamic routes. In this scenario, specially crafted query paramete...

8.1CVSS5.8AI score0.00485EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 10.0.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities arise from the default image loader being hosted on the server, where the Image Optimization API loads local imag...

5.9CVSS5.8AI score0.00705EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 12.2.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities arise from using the Pages Router and when configuring i18n and middleware or proxy authorization. In these cases...

7.5CVSS5.8AI score0.00592EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Lenovo Personal Cloud Storage 操作系统命令注入漏洞

Lenovo Personal Cloud Storage is a personal cloud storage service provided by Lenovo Corporation. Lenovo Personal Cloud Storage has a vulnerability related to operating system command injection. This vulnerability stems from potential vulnerabilities, which may allow remote authenticated users to...

8.8CVSS6.1AI score0.00445EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

HDWPlayer Joomla com_hdwplayer SQL注入漏洞

HDWPlayer Joomla comhdwplayer is a Joomla video player component developed by HDWPlayer Inc. Version 4.2 of HDWPlayer Joomla comhdwplayer contains a SQL injection vulnerability. This vulnerability stems from an SQL injection issue in the search.php file. It may allow unauthenticated attackers to...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.14 views

IObit Uninstaller 代码问题漏洞

IObit Uninstaller is a Windows software tool designed for forced uninstallation by IObit Corporation. Version 9.5.0.15 of IObit Uninstaller has a code vulnerability. This vulnerability stems from an issue with unreferenced service paths within the IObitUnSvr service, which may allow local attacke...

8.5CVSS5.9AI score0.0012EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Hoppscotch 访问控制错误漏洞

Hoppscotch is an open-source API development ecosystem created by Hoppscotch. Versions of Hoppscotch from 2026.2.0 to 2026.4.0 contained a access control vulnerability. This vulnerability stemmed from the GET /v1/onboarding/config endpoint, which still exposed all infrastructure secrets in plain...

7.5CVSS5.8AI score0.0024EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

ERPNext SQL注入漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to 15.104.3 and 16.14.0 of ERPNext contained SQL injection vulnerabilities. These vulnerabilities stemmed from certain endpoints being vulnerable to SQL injection attacks...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

ERPNext SQL注入漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to ERPNext 16.9.0 contained a SQL injection vulnerability. This vulnerability stems from certain endpoints being vulnerable to SQL injection attacks, which may allow...

8.8CVSS5.8AI score0.00307EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

gitoxide 后置链接漏洞

GitOxide is a Git implementation written in Rust by Sebastian Thiel. Versions of GitOxide prior to 0.21.1 had a backlink vulnerability. This vulnerability stemmed from defects in the handling of symbolic link entries during the checkout process, which could allow attackers to create malicious tre...

7.8CVSS5.8AI score0.00248EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

ERPNext 安全漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to 15.102.0 and 16.11.0 of ERPNext contained security vulnerabilities. These vulnerabilities stemmed from certain endpoints failing to perform appropriate authorization...

6.5CVSS5.8AI score0.00145EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

ERPNext 路径遍历漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to 15.101.1 and 16.10.0 of ERPNext contained a path traversal vulnerability. This vulnerability stems from a path traversal vulnerability in endpoints, which could allow...

6.5CVSS5.9AI score0.00363EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

Deciso OPNsense 操作系统命令注入漏洞

Deciso OPNsense is a firewall and router operating system developed by the Dutch company Deciso. Versions of Decivo OPNsense prior to 26.1.8 contained an operating system command injection vulnerability. This vulnerability stemmed from the local user synchronization process, where attackers could...

9.1CVSS6AI score0.06355EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

ShellHub 安全漏洞

ShellHub is an open-source remote device access and management platform developed by ShellHub. Versions of ShellHub prior to 0.24.2 contained security vulnerabilities. These vulnerabilities stemmed from the GET /api/sessions/:uid request, which returned a complete session object for any...

6.5CVSS5.9AI score0.00246EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

CubeCart 输入验证错误漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. In versions 6.6.x to 6.7.1 of CubeCart, there is a vulnerability related to input validation errors. This vulnerability stems from directly constructing the CCSTOREURL constant from the Host request headers and embedding the...

8.1CVSS5.8AI score0.00147EPSS
Exploits0References1
Total number of security vulnerabilities195539