Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Palo Alto Networks Prisma Access Agent 信息泄露漏洞

Palo Alto Networks Prisma Access Agent is a zero-trust network access client agent developed by Palo Alto Networks. The Prisma Access Agent has a vulnerability related to information leakage, which stems from multiple issues involving data leaks. This vulnerability may allow local users to access...

6.8CVSS5.8AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

curl 安全漏洞

curl is an open-source tool developed by cURL, used for transferring data from or to a server. Curl has a security vulnerability, which stems from a logic error in connection reuse. This error may cause TLS-enabled connections to incorrectly reuse existing unencrypted connections, resulting in da...

5.9CVSS5.8AI score0.00329EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from or to a server. Curl has a security vulnerability, which stems from improper handling of .netrc file credentials and HTTP redirection. This vulnerability may lead to password exposure...

5.3CVSS5.8AI score0.00519EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from a server or to a server. Curl has a security vulnerability that stems from an error in proxy credential transmission, which may lead to the incorrect transmission of credentials from one proxy to another...

5.9CVSS5.8AI score0.00639EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

libcurl 代码问题漏洞

libcurl is an open-source, free, and easy-to-use client URL transfer library for cURL. There are code vulnerabilities in libcurl, stemming from a logical error in connection reuse logic. This error may lead to the incorrect reuse of connections that use different credentials after Negotiate...

6.5CVSS5.9AI score0.00414EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

MongoDB Server 缓冲区错误漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a buffer error vulnerability in MongoDB Server, which stems from...

8.8CVSS6.3AI score0.0057EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

vm2 访问控制错误漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using built-in Node.js modules listed in the allowlist. Versions of vm2 prior to 3.11.1 had an access control vulnerability. This vulnerability arises when nesting is set to true when...

9.1CVSS6.3AI score0.009EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP, which stems from unpublicized pages...

7.1CVSS5.8AI score0.00277EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP. This vulnerability arises from HTTP/2...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

Deciso OPNsense 安全漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Versions of Decivo OPNsense prior to 26.1.7 contained security vulnerabilities. These vulnerabilities were caused by logical flaws in the lockouthandler module, allowing...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Palo Alto Networks WildFire 安全漏洞

Palo Alto Networks WildFire is a cloud-based malware analysis and threat intelligence platform provided by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks WildFire, which stems from arbitrary file reading and deletion capabilities. This vulnerability may allow users to...

7.1CVSS5.9AI score0.00278EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Deciso OPNsense 参数注入漏洞

Deciso OPNsense is a firewall and router operating system developed by the Dutch company Deciso. Versions of Decivo OPNsense prior to 26.1.7 contained a parameter injection vulnerability. This vulnerability stemmed from the XMLRPC method opnsense.restoreconfigsection, which failed to clean up the...

9.1CVSS6.1AI score0.00686EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Grafana OSS 安全漏洞

Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from a race condition in Live. This condition may allow authenticated users with the Viewer role to trigger a fatal mapping access error by sending concurrent...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a security vulnerability in Palo Alto Networks PAN-OS, which stems from authentication bypass issues in the GlobalProtect portal and gateway. This vulnerability could allow attacker...

9.1CVSS5.8AI score0.86678EPSS
Exploits11References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.14 views

Palo Alto Networks Trust Protection Foundation SQL注入漏洞

Palo Alto Networks Trust Protection Foundation is a machine identity and certificate security management platform developed by Palo Alto Networks. Palo Alto Networks Trust Protection Foundation has a SQL injection vulnerability. This vulnerability stems from SQL injection attacks, which may allow...

8.6CVSS6.2AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

Drive Software Atomic Alarm Clock 安全漏洞

Drive Software Atomic Alarm Clock is a desktop enhancement tool developed by Drive Software. Version 6.3 of Drive Software Atomic Alarm Clock contains a security vulnerability. This vulnerability stems from a stack overflow issue, which could allow local attackers to execute arbitrary code by...

8.6CVSS6.3AI score0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

GitHub Copilot CLI 安全漏洞

GitHub Copilot CLI is a terminal AI programming assistant open sourced by GitHub. Versions of GitHub Copilot CLI prior to version 1.0.43 contained a security vulnerability. This vulnerability stemmed from malicious bare git repositories nested within project directories. When the agent performed...

8.5CVSS6AI score0.0035EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Palo Alto Networks Prisma Browser 安全漏洞

Palo Alto Networks Prisma Browser is an enterprise-level security browser developed by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks Prisma Browser for macOS. This vulnerability stems from improper alternative path protection, which fails to properly restrict access ...

7.3CVSS5.8AI score0.00149EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

WordPress plugin Cost of Goods 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

F5 NGINX Plus和F5 NGINX Open Source 缓冲区错误漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

6.3CVSS6.1AI score0.00717EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

SAMSUNG Mobile devices 缓冲区错误漏洞

Samsung Mobile devices are a series of mobile devices produced by Samsung Electronics in South Korea. This includes smartphones, tablets, etc. Versions of Samsung Mobile devices prior to SMR May-2026 Release 1 contained a buffer error vulnerability. This vulnerability stemmed from out-of-bounds...

6.8CVSS6.2AI score0.00155EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

cPanel 信任管理问题漏洞

cPanel is a web-based automated hosting platform developed by the cPanel company in the United States. This platform is primarily used for automating the management of websites and servers. cPanel has a vulnerability related to trust management, which stems from the disabled SSL verification in t...

8.2CVSS5.8AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

CubeCart 代码注入漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had a code injection vulnerability. This vulnerability stemmed from insecure server-side template injections in multiple modules. The application evaluated user input directly through the...

9.1CVSS5.9AI score0.00735EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

cPanel 安全漏洞

cPanel is a web-based automated hosting platform developed by the cPanel company in the United States. This platform is primarily used for automating the management of websites and servers. cPanel has security vulnerabilities, stemming from improper permission management and insufficient path...

8.6CVSS5.8AI score0.07244EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Palo Alto Networks GlobalProtect app 信任管理问题漏洞

The Palo Alto Networks GlobalProtect app is a network protection software developed by Palo Alto Networks. The GlobalProtect app has a trust management vulnerability caused by improper certificate verification. This vulnerability allows attackers to intercept encrypted communications and...

7.6CVSS5.8AI score0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

Palo Alto Networks Broker VM 输入验证错误漏洞

Palo Alto Networks Broker VM is a cloud security broker virtual machine component developed by Palo Alto Networks. There is a vulnerability in the input validation of Palo Alto Networks Broker VM, which allows authenticated administrators to inject arbitrary content into certain fields of the...

4.8CVSS5.9AI score0.00098EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Palo Alto Networks Trust Protection Foundation 安全漏洞

Palo Alto Networks Trust Protection Foundation is a machine identity and certificate security management platform provided by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks Trust Protection Foundation, which stems from an information leakage issue. This vulnerability...

7.4CVSS5.8AI score0.00239EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

Palo Alto Networks Trust Protection Foundation 代码问题漏洞

Palo Alto Networks Trust Protection Foundation is a machine identity and certificate security management platform provided by Palo Alto Networks. There is a code vulnerability in Palo Alto Networks Trust Protection Foundation, which stems from incorrect authorization. This vulnerability could all...

7.2CVSS5.9AI score0.00336EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

Palo Alto Networks Chronosphere Chronocollector 安全漏洞

Palo Alto Networks Chronosphere Chronocollector is a cloud-native telemetry data collection component developed by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks Chronosphere Chronocollector, which stems from an information leakage issue. This vulnerability may allow...

7.1CVSS5.8AI score0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

Palo Alto Networks Prisma Browser 代码注入漏洞

Palo Alto Networks Prisma Browser is an enterprise-level security browser developed by Palo Alto Networks. The Prisma Browser has a code injection vulnerability, which stems from an inability to properly restrict access to the AppleScript interface. This vulnerability may allow unauthorized...

7.3CVSS5.9AI score0.00158EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

WordPress plugin ultimate-member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.8CVSS6.1AI score0.00246EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

9.2CVSS6.3AI score0.61469EPSS
Exploits40References5
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

libcurl 安全漏洞

libcurl is a free and easy-to-use client URL transfer library for cURL, which is open-source. There is a security vulnerability in libcurl, caused by improper handling of custom Host headers. This vulnerability may lead to the incorrect transmission of cookies from the first request during the...

7.5CVSS5.8AI score0.00291EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

libcurl 代码问题漏洞

libcurl is an open-source, free, and easy-to-use client URL transfer library for cURL. There are code vulnerabilities in libcurl, stemming from errors in connection reuse logic. These vulnerabilities may cause SMB transfers to incorrectly reuse existing connections to different shares, resulting ...

7.5CVSS5.9AI score0.00549EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Hewlett Packard Enterprise ArubaOS 操作系统命令注入漏洞

Hewlett Packard Enterprise ArubaOS is a network wireless operating system developed by Hewlett Packard Enterprise. Hewlett Packard Enterprise ArubaOS has a vulnerability related to operating system command injection. This vulnerability stems from a flaw in the command-line interface, which may...

7.2CVSS6AI score0.00555EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

JunoClaw 输入验证错误漏洞

JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions prior to JunoClaw 0.x.y-security-1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the uploadwasm MCP tool accepting file system paths provided by the proxy without...

8.5CVSS5.9AI score0.00147EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Adobe CAI Content Credentials 输入验证错误漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. There is an input validation vulnerability in Adobe CAI Content Credentials, which stems from integer...

6.2CVSS5.9AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Adobe Illustrator 安全漏洞

Adobe Illustrator is a vector-based image creation software developed by Adobe Inc. Versions of Adobe Illustrator 29.8.6, 30.3, and earlier have security vulnerabilities. These vulnerabilities stem from heap buffer overflows, which may allow arbitrary code to execute in the current user environme...

7.8CVSS6.3AI score0.00174EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Adobe Commerce 安全漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a security vulnerability in Adobe Commerce, which stems from reliance on vulnerable third-party components. This vulnerability may cause the application to become...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Microsoft Message Queuing 资源管理错误漏洞

Microsoft Message Queuing is a solution developed by Microsoft for implementing high-performance asynchronous and synchronous scenarios. There is a resource management vulnerability in Microsoft Message Queuing. The following products and versions are affected: Windows 11 Version 24H2 for...

7.8CVSS7.1AI score0.00398EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Siemens SIPROTEC 5 安全漏洞

Siemens SIPROTEC 5 is a series of multifunctional relays developed by the German company Siemens. There are security vulnerabilities in Siemens SIPROTEC 5, which stem from the lack of using sufficiently random values to create session identifiers. This could allow unauthorized remote attackers to...

6.9CVSS7.3AI score0.00306EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Microsoft Windows 访问控制错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a vulnerability in access control of Microsoft Windows. Attackers can exploit this vulnerability to bypass certain functions. The following products and versions are affected: Windows 10...

4.4CVSS5.8AI score0.00204EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from a problem with the reuse of resources after their release in the FileSystem component. It could allow remote...

8.3CVSS5.8AI score0.00207EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Microsoft Windows 访问控制错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a vulnerability related to access control in Microsoft Windows. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected: Windo...

7.8CVSS5.8AI score0.00272EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Adobe Substance3D Painter 缓冲区错误漏洞

Adobe Substance3D Painter is a 3D scene building software developed by Adobe, a company based in America. Versions of Adobe Substance3D Painter 12.0.2 and earlier contain a buffer overflow vulnerability, which stems from out-of-bound writes, potentially allowing arbitrary code to execute in the...

7.8CVSS6.4AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Adobe CAI Content Credentials 输入验证错误漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. Adobe CAI Content Credentials has a vulnerability related to input validation errors. This vulnerability...

6.2CVSS5.8AI score0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Microsoft DWM Core Library 安全漏洞

The Microsoft DWM Core Library is a core library of Microsoft Windows from the company Microsoft. There are security vulnerabilities in the Microsoft DWM Core Library. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affected: Windows...

7.8CVSS5.8AI score0.00284EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

ChurchCRM 代码注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.3.2 had a code injection vulnerability. This vulnerability stemmed from incomplete fixes to CVE-2026-39337, and could lead to pre-authenticated remote code execution...

10CVSS6.2AI score0.00576EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Ivanti Virtual Traffic Manager 操作系统命令注入漏洞

Ivanti Virtual Traffic Manager is a software-based application delivery controller developed by the American company Ivanti. Versions of Ivanti Virtual Traffic Manager prior to 22.9r4 contained an operating system command injection vulnerability. This vulnerability stems from OS command injection...

7.2CVSS5.9AI score0.01914EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by insufficient policy enforcement in the Payments component. This vulnerability could allow remote attackers to bypass autonomous access...

4.3CVSS5.8AI score0.00182EPSS
Exploits0References3
Total number of security vulnerabilities195539