Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by improper implementation of CORS. This vulnerability could allow remote attackers to leak cross-origin data through specially crafted HT...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

WordPress plugin WP-Redirection 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.8AI score0.00132EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Adobe CAI Content Credentials 数字错误漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. Adobe CAI Content Credentials has a digital error vulnerability, which stems from an integer underflow iss...

6.2CVSS5.8AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Intel QAT software drivers for Windows 缓冲区错误漏洞

Intel QAT software drivers for Windows are a set of encryption and compression hardware acceleration drivers for the Windows platform developed by Intel Corporation. Versions of Intel QAT software drivers for Windows prior to version 1.13 contain a buffer error vulnerability. This vulnerability...

8.5CVSS6AI score0.0011EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Microsoft Windows 资源管理错误漏洞

Microsoft Windows is an operating system used on personal devices by the American company Microsoft. There is a resource management vulnerability in Microsoft Windows. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected: Windows...

7.8CVSS5.8AI score0.00332EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from insufficient network policy execution, which could allow remote attackers to leak cross-source data through specially craft...

3.1CVSS5.8AI score0.0016EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by an integer overflow issue in the Internationalization component. This vulnerability could allow remote attackers to execute out-of-boun...

4.3CVSS6AI score0.00176EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

WordPress plugin Bootstrap Shortcode 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

SAP S/4HANA SQL注入漏洞

SAP S/4HANA is a enterprise resource management software developed by SAP, a German company, based on the SAP HANA memory database system. SAP S/4HANA has a SQL injection vulnerability. This vulnerability allows authenticated attackers to inject malicious SQL statements through user-controlled...

9.6CVSS6.1AI score0.00466EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability. This vulnerability stemmed from an out-of-bound read operation by the GPU component, which could allow remote attackers with compromised rendering...

5.3CVSS6.1AI score0.00205EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

WordPress plugin LifePress 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS5.8AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Intel Connectivity Performance Suite 代码问题漏洞

Intel Connectivity Performance Suite is a software developed by Intel Corporation in the United States. It can automatically optimize a computer’s network connections, enhancing Wi-Fi performance and application response times. Versions of Intel Connectivity Performance Suite prior to...

5.4CVSS5.9AI score0.00089EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Microsoft Azure Monitor Agent 代码问题漏洞

Microsoft Azure Monitor Agent is a monitoring agent program developed by the American company Microsoft. There are code-related vulnerabilities in Microsoft Azure Monitor Agent. Attackers can exploit these vulnerabilities to gain higher privileges...

6.5CVSS5.8AI score0.00474EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability. This vulnerability stemmed from an out-of-bound read operation in the Media component, which could allow a remote attacker with access to the render...

5.3CVSS6.1AI score0.00189EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

SPIP 代码注入漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.14 had a code injection vulnerability, which was caused by remote code execution from private spaces, potentially allowing arbitrary code to be executed...

8.8CVSS6.5AI score0.00502EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Microsoft Visual Studio Code 路径遍历漏洞

Microsoft Visual Studio Code is an open-source code editor developed by the American company Microsoft. Microsoft Visual Studio Code has a path traversal vulnerability. Attackers can exploit this vulnerability to obtain sensitive information...

5.5CVSS5.9AI score0.00495EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by a type confusion in the V8 component. This vulnerability could allow remote attackers to execute arbitrary code within a sandbox throug...

8.8CVSS6.2AI score0.00306EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability caused by the reuse of extensions after they were released. This vulnerability could allow attackers to execute arbitrary code...

8.8CVSS6.2AI score0.00175EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

SPIP 代码注入漏洞

SPIP is an open-source software created by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.14 had a code injection vulnerability. This vulnerability stemmed from remote code execution in public spaces under certain Nginx configurations, potentially allowing arbitrary code to be...

9.2CVSS6.5AI score0.00434EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Microsoft Windows Admin Center 安全漏洞

Microsoft Windows Admin Center is a browser-based, locally deployed application developed by Microsoft. This tool is primarily used for managing servers and clusters. There are security vulnerabilities in Microsoft Windows Admin Center. Attackers can exploit these vulnerabilities to gain higher...

8.3CVSS5.8AI score0.00558EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Microsoft Windows Print Spooler Components 竞争条件问题漏洞

The Microsoft Windows Print Spooler Component is a print background processing program component developed by Microsoft Corporation. The Microsoft Windows Print Spooler Component has vulnerabilities related to race conditions. Attackers can exploit these vulnerabilities to gain elevated privilege...

7CVSS5.8AI score0.0029EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Adobe Premiere Pro 缓冲区错误漏洞

Adobe Premiere Pro is a non-linear editing video editing software developed by Adobe, a company based in the United States. Versions of Adobe Premiere Pro such as 26.0.2, 25.6.4, and earlier versions have a buffer error vulnerability. This vulnerability stems from out-of-bounds writing, which may...

7.8CVSS6.3AI score0.00148EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

WordPress plugin Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings 安全漏洞

WordPress, among others, is a product of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. Effect is a software package used for adding image effects. Aaron Update is a product developed by Aaron, the individual developer behind the project. Update is a...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Microsoft Excel 缓冲区错误漏洞

Microsoft Excel is a spreadsheet software within the Office suite developed by Microsoft Corporation. There is a buffer error vulnerability in Microsoft Excel. Attackers can exploit this vulnerability to obtain sensitive information. The following products and versions are affected: Office Online...

7.8CVSS6AI score0.00408EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Adobe Premiere Pro 缓冲区错误漏洞

Adobe Premiere Pro is a non-linear editing video editing software developed by Adobe, a company based in the United States. Versions of Adobe Premiere Pro such as 26.0.2, 25.6.4, and earlier versions have a buffer error vulnerability. This vulnerability stems from out-of-bounds writing, which may...

7.8CVSS6.3AI score0.00148EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

changedetection.io 代码问题漏洞

changedetection.io is a website-based application developed by dgtlmoon, designed for code inspection, monitoring, and notification. Versions of changedetection.io prior to 0.54.9 contained a code vulnerability. This vulnerability stemmed from the xpathfilter function not disabling external entit...

8.2CVSS5.9AI score0.00266EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

mako 路径遍历漏洞

Mako is an open-source template library written in Python by SQLAlchemy. It offers a familiar non-XML syntax, which can be compiled into Python modules for optimal performance. Prior to Mako 1.3.12, there was a path traversal vulnerability. This vulnerability stemmed from a bypass of directory...

8.7CVSS5.8AI score0.00609EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

lemur 信任管理问题漏洞

Lemur is an open-source TLS certificate management tool developed by Netflix, Inc. Versions of Lemur prior to 1.9.0 contained a vulnerability related to trust management. This vulnerability stemmed from unconditional disabling of TLS certificate verification when LDAP TLS was enabled, which could...

6.8CVSS5.8AI score0.00094EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

lemur 注入漏洞

Lemur is an open-source TLS certificate management tool developed by Netflix, Inc. Versions of Lemur prior to 1.9.0 contained a injection vulnerability. This vulnerability stemmed from the LDAP authentication module using uncleaned user input to construct LDAP search filters, which could lead to...

8.1CVSS5.8AI score0.00179EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

granian 安全漏洞

Granian is a high-performance Python HTTP server developed by Emmett under open source principles, using Rust as the programming language. Versions of Granian from 0.2.0 to 2.7.4 contain security vulnerabilities. These vulnerabilities occur when the WSGI application returns invalid HTTP response...

5.9CVSS5.8AI score0.00222EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

granian 输入验证错误漏洞

Granian is a high-performance Python HTTP server developed by Emmett under open source principles, using Rust as the programming language. Versions 1.2.0 to 2.7.4 of Granian contain a vulnerability related to input validation. This vulnerability arises when an unvalidated client sends a WebSocket...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Basic FTP 资源管理错误漏洞

Basic FTP is a Node.js FTP client library developed by Patrick Juchli. Versions of Basic FTP prior to 5.3.1 had a resource management vulnerability. This vulnerability stemmed from the lack of restrictions on the size of control responses when parsing multiple lines of the FTP control channel...

7.5CVSS5.8AI score0.00465EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

vLLM 输入验证错误漏洞

vLLM is an open-source inference and service engine designed for LLM models, featuring high throughput and efficient memory usage. Versions of vLLM prior to 0.6.1 to 0.20.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from token injection issues during...

7.5CVSS5.8AI score0.00414EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

ciguard 后置链接漏洞

Ciguard is a security auditing and visualization tool for CI/CD pipelines developed by Johannes Moore. In versions 0.8.0 to 0.8.1 of Ciguard, there is a backlink vulnerability. This vulnerability stems from the discoverpipelinefiles function, which follows symbolic links when traversing the...

3.2CVSS5.8AI score0.00158EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

ciguard 安全漏洞

Ciguard is a security auditing and visualization tool for CI/CD pipelines developed by Johannes Moore. Versions of Ciguard from 0.6.0 to 0.8.1 contain security vulnerabilities. These vulnerabilities stem from the SCa HTTP client’s use of json.loads without setting a maximum byte limit, which can...

3.7CVSS5.8AI score0.00301EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Entra ID SSO via Microsoft Identity Broker on Linux 访问控制错误漏洞

Entra ID SSO via Microsoft Identity Broker on Linux is a browser extension developed by Siemens that enables single-sign-on on Linux devices through the Microsoft Identity Broker. Versions prior to 1.8.1 of Entra ID SSO via Microsoft Identity Broker on Linux contained an access control...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

requests-hardened 代码问题漏洞

requests-hardened is a Python library developed by Saleor Commerce, aimed at enhancing the security of HTTP requests. requests-hardened has code vulnerabilities; these vulnerabilities stem from the lack of SSRF protection, which fails to prevent access to shared address spaces as defined in RFC...

6.5CVSS5.9AI score0.00305EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.7 views

mem0 安全漏洞

mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory creation API endpoints, which may allow remote...

5.3CVSS5.8AI score0.00335EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

mem0 安全漏洞

mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory deletion API endpoint, which could allow remote...

6.5CVSS5.8AI score0.00386EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

mem0 安全漏洞

mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory management API endpoints, which may allow remote...

7.5CVSS5.8AI score0.00372EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

superduper 安全漏洞

Superduper is an open-source database integration AI proxy and application building tool developed by superduper.io. Versions of Superduper prior to v0.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the Parseoppart function in the query parsing component, which used t...

8.8CVSS6.1AI score0.00405EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Snorkel 安全漏洞

Snorkel is an open-source system developed by Snorkel that uses weak supervision to quickly generate training data. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the BaseLabeler class’s BaseLabeler.load method, which uses the unsafe...

8.8CVSS6.1AI score0.00392EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Pytorch-Lightning 安全漏洞

PyTorch-Lightning is an open-source lightweight PyTorch wrapper developed by Lightning AI in the United States. It is used for high-performance AI research. Versions of PyTorch-Lightning prior to 2.6.0 contain security vulnerabilities. These vulnerabilities stem from the...

8.8CVSS6.2AI score0.00385EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Snorkel 安全漏洞

Snorkel is an open-source system developed by Snorkel that enables rapid generation of training data using weak supervision. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the MultitaskClassifier class’s MultitaskClassifier.load method, whic...

8.8CVSS6.1AI score0.00392EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.17 views

Snorkel 安全漏洞

Snorkel is an open-source system developed by Snorkel that uses weak supervision to quickly generate training data. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the Trainer class’s Trainer.load method, which uses torch.load to load model...

8.8CVSS6.2AI score0.00392EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Siemens RUGGEDCOM 操作系统命令注入漏洞

Siemens RUGGEDCOM is a communication device developed by the German company Siemens. It provides fast and reliable communication for industries such as power, transportation, oil, and gas. Siemens RUGGEDCOM has a vulnerability related to operating system command injection. This vulnerability aris...

7.7CVSS7.7AI score0.00442EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Siemens多款产品 代码问题漏洞

The Siemens RUGGEDCOM RM1224 is a wireless router produced by the German company Siemens. It provides data communication for roaming locations, with the capability to connect via 4G LTE and automatically fall back to 3G UMTS or EVDO cellular networks. Several Siemens products have code...

8.7CVSS7.4AI score0.00324EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

webpack-dev-server 安全漏洞

webpack-dev-server is an open-source application developed by webpack. Versions of webpack-dev-server prior to version 5.2.3 contained security vulnerabilities. These vulnerabilities stemmed from exposure to cross-origin code. When it provided services through non-potentially trusted sources, suc...

6.5CVSS5.8AI score0.00216EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

AMD EPYC Processor 安全漏洞

The AMD EPYC Processor is a series of multi-core processors developed by American semiconductor company AMD. There is a security vulnerability in the AMD EPYC Processor. This vulnerability arises from improper isolation of shared resources in the CPU operation cache on Zen 2-based products...

7.3CVSS5.8AI score0.00258EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Microsoft Windows Telephony Server 资源管理错误漏洞

Microsoft Windows Telephony Server is a component of the American company Microsoft. It supports the Telephone Application Programming Interface TAPI, allowing computer programs to communicate with shared telephone services. There is a resource management vulnerability in Microsoft Windows...

7.8CVSS5.8AI score0.00249EPSS
Exploits0References2
Total number of security vulnerabilities195539