Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

MongoDB Server 资源管理错误漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. Versions of MongoDB Server prior to 7.0.34, 8.0.23, 8.2.9, and 8.3.2 contain a...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Palo Alto Networks GlobalProtect app 代码问题漏洞

The Palo Alto Networks GlobalProtect app is a network protection software developed by Palo Alto Networks. The GlobalProtect app has a code vulnerability that stems from multiple local privilege escalation issues. This vulnerability allows local users to elevate their privileges to Windows’ NT...

8.5CVSS6.1AI score0.00155EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Palo Alto Networks Prisma Access Agent 安全漏洞

Palo Alto Networks Prisma Access Agent is a zero-trust network access client agent developed by Palo Alto Networks. There is a security vulnerability in the Palo Alto Networks Prisma Access Agent, which stems from issues with the permission management mechanism. This vulnerability allows...

8.5CVSS6.1AI score0.00144EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability, which stems from the possibility for...

7.1CVSS5.8AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

WordPress plugin Custom Twitter Feeds 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS5.8AI score0.00493EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

F5 BIG-IP和F5 BIG-IQ 命令注入漏洞

F5 BIG-IP and F5 BIG-IQ are both products from the American company F5. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IQ is a software-based cloud management solution. This...

8.7CVSS5.8AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

Palo Alto Networks PAN-OS 跨站脚本漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. Palo Alto Networks PAN-OS has a cross-site scripting vulnerability, which stems from a storage-based cross-site scripting issue. This vulnerability could allow malicious authenticated...

6.9CVSS5.6AI score0.0028EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

WordPress plugin Snow Monkey Blocks 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

WordPress plugin Blog2Social 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.4CVSS5.8AI score0.00409EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

WordPress plugin RTMKit Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS6AI score0.00625EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability. This vulnerability stems from the fact that the...

6.7CVSS5.8AI score0.00083EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

F5 BIG-IP和F5 BIG-IQ 代码问题漏洞

F5 BIG-IP and F5 BIG-IQ are both products from the American company F5. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IQ is a software-based cloud management solution. This...

8.8CVSS6.2AI score0.00514EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

ELECOM WRC和ELECOM WAB 安全漏洞

ELECOM WRC and ELECOM WAB are products of the Japanese company ELECOM. ELECOM WRC is a home-use network camera. ELECOM WAB is a series of wireless access points. Both ELECOM WRC and ELECOM WAB have security vulnerabilities. These vulnerabilities stem from the use of hardcoded encryption keys to...

6.9CVSS6.8AI score0.00124EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability, which stems from the possibility for...

8.6CVSS6AI score0.00257EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

Gerrit 安全漏洞

Gerrit is a code review tool used within the Gerrit community. Versions of Gerrit 2.12 and later contain security vulnerabilities. These vulnerabilities stem from improper authorization in the “submitted together” feature, which could allow authenticated attackers to bypass code reviews and force...

6CVSS5.9AI score0.00116EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

SAMSUNG System Support Service 安全漏洞

SAMSUNG System Support Service is a support component for Samsung devices provided by the South Korean company Samsung. Versions of SAMSUNG System Support Service prior to 8.0.8.0 contained security vulnerabilities. These vulnerabilities were due to improper permission management, and could allow...

6.3CVSS5.8AI score0.00091EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

F5 BIG-IP 代码问题漏洞

F5 BIG-IP is an application delivery platform developed by F5 Corporation in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a code vulnerability in F5 BIG-IP. This vulnerability arises when configuring...

8.7CVSS5.9AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

WordPress plugin WOOD Products Filter for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.5CVSS5.6AI score0.00256EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

WordPress plugin Hostinger Reach 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Grafana OSS 安全漏洞

Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from the plugin resource endpoints’ ability to read the entire request body into memory, leading to unlimited memory allocation. This could potentially cause...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

MISP modules 跨站请求伪造漏洞

MISP modules are scalable threat intelligence platform modules developed under the open-source MISP Project. They support import, export, expansion, and automated workflows. MISP modules 3.0.7 and earlier versions had a cross-site request forgery vulnerability. This vulnerability stemmed from the...

9.3CVSS5.7AI score0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

CubeCart SQL注入漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.6.0 contained a SQL injection vulnerability. This vulnerability stemmed from a time-based blind SQL injection in the sorting parameters, which could allow attackers to execute arbitrary SQL...

7.2CVSS6.1AI score0.00307EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

Palo Alto Networks Chronosphere Chronocollector 安全漏洞

Palo Alto Networks Chronosphere Chronocollector is a cloud-native telemetry data collection component developed by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks Chronosphere Chronocollector, which stems from an information leakage issue. This vulnerability may allow...

7.1CVSS5.8AI score0.0016EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Arqit Symmetric Key Agreement Platform 安全漏洞

The Arqit Symmetric Key Agreement Platform is a quantum-safe key negotiation platform developed by Arqit Corporation. Versions prior to 26.03 of the Arqit Symmetric Key Agreement Platform contained security vulnerabilities. These vulnerabilities stemmed from exposing the Keycloak management...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Grafana OSS 安全漏洞

Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from the fact that the editor can delete any comments, even without read-only privileges...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

CubeCart 代码问题漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had code vulnerabilities. These vulnerabilities stemmed from the REST API file manager endpoint, which allowed users with API keys to upload PHP source files to web-accessible directories...

9.1CVSS6.2AI score0.00585EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

F5 BIG-IP 操作系统命令注入漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a vulnerability related to operating system command injection. This...

8.7CVSS5.6AI score0.00692EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

quark-auto-save 安全漏洞

Quark-auto-save is a personal development tool created by Cp0204, designed for automatic transfer of data to Quark Cloud Storage and management of sign-ins. Versions of quark-auto-save prior to 0.8.5 contained security vulnerabilities. These vulnerabilities stemmed from a batch assignment...

8.8CVSS5.9AI score0.00367EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

CubeCart 代码注入漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had a code injection vulnerability. This vulnerability stemmed from authenticated server-side template injections in multiple modules. The application insecurely evaluated inputs provided by...

9.1CVSS6.2AI score0.00415EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Netty 安全漏洞

Netty is a non-blocking I/O client-server framework developed by the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty from 4.2.0.Final to 4.2.13.Final contain security vulnerabilities. These vulnerabilities ste...

7.5CVSS7.1AI score0.00408EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

F5 BIG-IP 缓冲区错误漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a buffer error vulnerability, which stems from virtual servers configured...

8.7CVSS6AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

protobuf.js 操作系统命令注入漏洞

protobuf.js is an open-source implementation of the Protocol Buffers protocol, written entirely in JavaScript. It supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions of protobuf.js prior to 1.2.1 and 2.0.2 h...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

CKAN 信任管理问题漏洞

CKAN is an open-source data management system developed by CKAN contributors. It is used to power data centers and data portals. Versions of CKAN prior to 2.10.10 and 2.11.5 contained a trust management vulnerability. This vulnerability stemmed from the possibility that the configured SMTP server...

8.7CVSS5.8AI score0.00194EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

WordPress plugin RTMKit Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

SAMSUNG SMR 安全漏洞

SAMSUNG SMR is a system patch package developed by Samsung Electronics of South Korea. It provides patches for Samsung mobile applications. Versions prior to SAMSUNG SMR May-2026 Release 1 contained security vulnerabilities, which were caused by improper handling of insufficient permissions. Thes...

6.9CVSS5.8AI score0.00093EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 15.2.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities arise when the App Router relies on middleware or proxy authorization checks. Specific route variants are used fo...

7.5CVSS5.8AI score0.01523EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

protobuf.js 代码注入漏洞

protobuf.js is an open-source implementation of the Protocol Buffers format, written entirely in JavaScript. It supports Node.js and browsers running TypeScript. It’s easy to use, extremely fast, and can be used out of the box with.proto files! Versions of protobuf.js prior to 1.2.1 and 2.0.2 had...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js prior to 15.5.16 and 16.2.5 have a security vulnerability. This vulnerability arises from using the Partial Prerendering feature of Cache Components. A specially crafted POST request to the server can lead to connection...

7.5CVSS5.8AI score0.00546EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Networks in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP. This vulnerability stems from virtual serve...

8.7CVSS5.8AI score0.00324EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

F5 BIG-IP 命令注入漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a command injection vulnerability. This vulnerability stems from the fact...

8.7CVSS5.8AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

Grafana OSS 安全漏洞

Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which allows any editor to delete any snapshot, even without read/write privileges...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Palo Alto Networks Prisma Browser 代码问题漏洞

Palo Alto Networks Prisma Browser is an enterprise-level security browser developed by Palo Alto Networks. There is a code vulnerability in Palo Alto Networks Prisma Browser, which stems from a race condition issue. This vulnerability may allow non-administrative users with local access to bypass...

5.8CVSS5.9AI score0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Flight 路径遍历漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a path traversal vulnerability. This vulnerability stemmed from the make:controller CLI command, which created directories based on the controller names provided by users before class name validatio...

4.4CVSS5.8AI score0.00154EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

Grafana OSS 安全漏洞

Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from the editor’s ability to overwrite dashboards that it does not own. This could potentially lead to obtaining administrator privileges on specific dashboard...

7.1CVSS5.8AI score0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.21 views

Astro 安全漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro prior to 6.1.10 contained security vulnerabilities. These vulnerabilities stemmed from the use of AES-GCM encryption to protect server island attributes and slot parameters, where the ciphertext was not...

6.3CVSS5.7AI score0.00144EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

Joomsky Joomla J2 JOBS SQL注入漏洞

Joomsky Joomla J2 JOBS is a Joomla recruitment and job posting management component provided by Joomsky Corporation. Version 1.3.0 of Joomsky Joomla J2 JOBS contains an SQL injection vulnerability. This vulnerability stems from authenticated SQL injection attacks, allowing authenticated attackers...

7.1CVSS5.9AI score0.00273EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

Palo Alto Networks PAN-OS 操作系统命令注入漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a vulnerability in PAN-OS related to command injection. This vulnerability stems from multiple command injections, which may allow authenticated administrators to bypass system...

8.6CVSS6.1AI score0.01336EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Claude Code 后置链接漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 1.3834.0 contained a post-installation vulnerability. This vulnerability stemmed from the CoworkVMService component running with SYSTEM privileges and without verifying wheth...

8.5CVSS5.8AI score0.00156EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

ShellHub 输入验证错误漏洞

ShellHub is an open-source remote device access and management platform developed by ShellHub. Versions of ShellHub prior to 0.24.2 contained a vulnerability related to input validation errors. This vulnerability stemmed from the device list endpoint accepting user-controlled identifiers as...

5.4CVSS5.8AI score0.00253EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

Grafana OSS 安全漏洞

Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from vulnerabilities in SQL expressions. This vulnerability could allow authenticated attackers to read arbitrary files from the Grafana server’s file system...

6.3CVSS6AI score0.00262EPSS
Exploits0References1
Total number of security vulnerabilities195539