Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Ashlar-Vellum多款产品 缓冲区错误漏洞

Ashlar-Vellum Xenon is a product of the Ashlar-Vellum company. Ashlar-Vellum Xenon is a CAD modeling software. Ashlar-Vellum Cobalt is a parametric computer-aided design and 3D modeling program. Ashlar-Vellum Argon is a 2D drafting and 3D modeling software. Several products from the Ashlar-Vellum...

8.4CVSS6.4AI score0.00165EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability, which stemmed from a reuse issue in the Blink component. This vulnerability could allow remote attackers to execute arbitrary code within a...

8.8CVSS6.2AI score0.0028EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

WordPress plugin SP Blog Designer 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.9AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Siemens SIMATIC CN 4100 访问控制错误漏洞

The Siemens SIMATIC CN 4100 is a communication node developed by the German company Siemens. Versions of the Siemens SIMATIC CN 4100 prior to V5.0 contained an access control vulnerability. This vulnerability stemmed from the improper limitation of unverified connections, which could lead to...

9.1CVSS7.3AI score0.003EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Microsoft Azure Logic Apps 访问控制错误漏洞

Microsoft Azure Logic Apps is a low-code automation platform developed by the American company Microsoft. There is an access control vulnerability in Microsoft Azure Logic Apps. Attackers can exploit this vulnerability to gain higher privileges...

9.9CVSS6AI score0.00601EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability, which stemmed from a reuse issue in the Accessibility component. This vulnerability could allow remote attackers who have breached the rendering...

7.5CVSS5.9AI score0.00207EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

EFW Framework 操作系统命令注入漏洞

EFW Framework is an enterprise-level web development framework developed by the efw group, based on Ajax and server-side JavaScript. Versions prior to EFW Framework 4.08.010 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the lack of...

9.3CVSS5.8AI score0.0029EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Adobe CAI Content Credentials 输入验证错误漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. Adobe CAI Content Credentials has a vulnerability related to input validation errors. This vulnerability...

6.2CVSS5.8AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

WordPress plugin MonsterInsights – Google Analytics Dashboard for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.1CVSS5.8AI score0.00349EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

AXIS OS 安全漏洞

AXIS OS is an operating system for edge devices developed by Axis, a Swedish company. There is a security vulnerability in AXIS OS, which stems from insufficient input validation in configuration files. This vulnerability could lead to path traversal attacks and may result in privilege escalation...

7.3CVSS5.8AI score0.00128EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

WordPress plugin Shortcodely 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability. This vulnerability arises from the possibility for attackers to use specially crafted Base64-encoded exchanges to forge SCRAM TL...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability. This vulnerability arises from the use of a security filter for variable expansion, where all subsequent pipes on the same strin...

9.1CVSS5.9AI score0.00406EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Google Cloud AlloyDB for PostgreSQL 安全漏洞

Google Cloud AlloyDB for PostgreSQL is a cloud-native, high-performance relational database service from Google Inc. That service is compatible with PostgreSQL. Versions of Google Cloud AlloyDB for PostgreSQL prior to 2025-11-03 contained a security vulnerability. This vulnerability stemmed from...

9.2CVSS5.9AI score0.00239EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

ip-address 跨站脚本漏洞

ip-address is a JavaScript library developed by Beau Gunderson, designed for verifying and manipulating IPv4 and IPv6 addresses. Versions prior to 10.1.1 of ip-address had a cross-site scripting vulnerability. This vulnerability stemmed from the Address6.group and Address6.link methods not proper...

6.1CVSS5.6AI score0.00471EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Siemens多款产品 跨站脚本漏洞

The Siemens SIMATIC Drive Controller is a series of drive controllers developed by the German company Siemens. Several Siemens products have a cross-site scripting vulnerability. This vulnerability arises from improper validation and cleaning of PLC/site names on the Web interface communication...

9.3CVSS7.3AI score0.0037EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Adobe Substance3D Painter 缓冲区错误漏洞

Adobe Substance3D Painter is a 3D scene building software developed by Adobe, a company based in America. Versions of Adobe Substance3D Painter 12.0.2 and earlier contain a buffer overflow vulnerability, which stems from out-of-bound writes, potentially allowing arbitrary code to execute in the...

7.8CVSS6.4AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Open-Xchange OX Dovecot Pro 资源管理错误漏洞

Open-Xchange OX Dovecot Pro is an email storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a resource management vulnerability, which stems from excessive use of curly braces in IMAP, leading to uncontrolled memory usage. This can result in...

4.3CVSS5.8AI score0.00454EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Microsoft Windows 代码问题漏洞

Microsoft Windows is an operating system used on personal devices by the American company Microsoft. There are code-related vulnerabilities in Microsoft Windows. Attackers exploit these vulnerabilities to cause system denial-of-service attacks. The following products and versions are affected:...

6.5CVSS5.8AI score0.00782EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from a problem with the release-after-reuse mechanism in the Downloads component, which could allow a remote attacker...

8.8CVSS6.2AI score0.0028EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

django-s3file 路径遍历漏洞

django-s3file is a lightweight file upload and input software developed by Johannes Maron for Django and Amazon S3. Versions of django-s3file prior to 7.0.2 contained a path traversal vulnerability. This vulnerability stemmed from relative path traversal within the S3FileMiddleware, which could...

9.9CVSS5.8AI score0.00564EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

NanaZip 数字错误漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained a numerical error vulnerability. This vulnerability stemmed from the UFS/UFS2 file system image parser not verifying the value of the fsipg field in the superblock. When this...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Microsoft Windows Netlogon 安全漏洞

Microsoft Windows Netlogon is an important component of Windows from Microsoft Corporation. Its main functions include authentication between users and machines within a domain network, as well as copying databases for domain control backups. It also helps maintain relationships between domain...

9.8CVSS6.2AI score0.72253EPSS
Exploits32References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of untrusted inputs in the Downloads component, which could allow remote attacke...

8.8CVSS6.2AI score0.00291EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation in the ReadingMode component, which could allow a remote attacker with...

3.1CVSS5.8AI score0.00186EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Fortinet FortiAuthenticator 访问控制错误漏洞

Fortinet FortiAuthenticator is a centralized user identity management solution provided by the American company Fortinet. Versions 8.0.2, 8.0.0, 6.6.0 to 6.6.8, and 6.5.0 to 6.5.6 of Fortinet FortiAuthenticator contain access control vulnerabilities. These vulnerabilities stem from improper acces...

9.8CVSS6.2AI score0.00551EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability, which was caused by an out-of-bounds write issue in the Fonts component. This vulnerability could allow remote attackers to execute arbitrary code...

8.8CVSS6.5AI score0.0028EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability, which stemmed from the reuse of UI components after they were released. This vulnerability could allow remote attackers to achieve sandbox escap...

9.6CVSS5.8AI score0.00234EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Intel NPU Drivers 代码问题漏洞

Intel NPU Drivers is a driver for neural network processing units developed by Intel Corporation in the United States. There are code vulnerabilities in Intel NPU Drivers, which stem from improper conditional checks in certain firmware within Ring 1 Device Drivers. These vulnerabilities may lead ...

6.9CVSS5.9AI score0.00104EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by a side-channel information leakage issue in the Navigation component. This vulnerability could allow remote attackers to leak...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

WordPress plugin Broadstreet Ads 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.4CVSS5.8AI score0.0017EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Pandora FMS 授权问题漏洞

Pandora FMS is a monitoring system developed by the American company Pandora FMS. This system provides visual monitoring of networks, servers, virtual infrastructure, and applications. There are authorization-related vulnerabilities in versions 777 to 800 of Pandora FMS. These vulnerabilities ste...

8.1CVSS5.8AI score0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

WordPress plugin Timetics 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.2CVSS5.8AI score0.00244EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

nnU-Net 安全漏洞

nnU-Net is an automatic adaptation dataset semantic segmentation framework developed by MIC-DKFZ. Versions of nnU-Net prior to 2.4.1 contained a security vulnerability. This vulnerability stemmed from the Issue Triage workflow, which allowed attackers to control content injection into the Claude...

7.2CVSS5.8AI score0.00242EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.168 contained security vulnerabilities, which were caused by improper implementation of Chromoting. These vulnerabilities could allow local attackers to bypass autonomous access...

5.5CVSS5.8AI score0.00103EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Microsoft SharePoint 代码问题漏洞

Microsoft SharePoint is a corporate business collaboration platform developed by Microsoft Corporation in the United States. This platform is used for integrating business information and enabling sharing of work, collaboration with others, organization of projects and teams, as well as searching...

8.8CVSS5.9AI score0.02108EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Adobe CAI Content Credentials 资源管理错误漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. There is a resource management vulnerability in Adobe CAI Content Credentials; this vulnerability stems fr...

7.5CVSS5.8AI score0.00787EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

WGDashboard 输入验证错误漏洞

WGDashboard is an open-source configuration and monitoring tool for WireGuard developed by WG. Versions of WGDashboard prior to 4.3.2 contained a vulnerability related to input validation, which allowed unauthorized attackers to access the host’s file system...

9.8CVSS5.8AI score0.00434EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Google Chrome 代码注入漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a code injection vulnerability. This vulnerability stemmed from the SanitizerAPI component’s script injection mechanism, which could allow remote attackers to inject arbitrary scrip...

5.4CVSS6AI score0.00159EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.17 views

Pandora FMS SQL注入漏洞

Pandora FMS is a monitoring system developed by the American company Pandora FMS. This system provides visual monitoring of networks, servers, virtual infrastructure, and applications. Versions 777 to 800 of Pandora FMS have a SQL injection vulnerability. This vulnerability arises from improper...

9.8CVSS5.9AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from corrupted Compositing component objects, which could allow remote attackers with compromised rendering processes to exploit...

3.1CVSS5.8AI score0.00161EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Zulip 访问控制错误漏洞

Zulip is a powerful open-source chat application developed by the US company Zulip. It combines the immediacy of real-time conversations with the productivity benefits of threaded dialogue. Prior to Zulip 12.0, there was an access control vulnerability. This vulnerability occurred when...

6.5CVSS5.8AI score0.00247EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Subnet Solutions PowerSYSTEM Center 安全漏洞

Subnet Solutions PowerSYSTEM Center is a power solution offered by Subnet Solutions Corporation. There is a security vulnerability present in Subnet Solutions PowerSYSTEM Center, which allows authenticated users with limited privileges to perform unauthorized project group deletions...

7CVSS5.8AI score0.00154EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

WordPress plugin Tm – WordPress Redirection 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.1CVSS5.7AI score0.0012EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

NanaZip 安全漏洞

NanaZip is a compression software open-source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained security vulnerabilities. These vulnerabilities stemmed from the Open method in the littlefs file system image resolver, which directly read the BlockCount value controlled by...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from the issue of reusing Input components after they were released, which could allow remote attackers who have...

8.3CVSS5.9AI score0.00207EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability. This vulnerability stemmed from UI component out-of-bounds reads, which could allow a remote attacker with access to the renderer process to obtain...

5.3CVSS6.1AI score0.00205EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

LLM 安全漏洞

LLM is a multi-model large language model command-line interaction tool developed by Simon Willison. Versions of LLM 0.27.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the use of the --functions command-line parameter to directly execute unsafe code using the exe...

9.8CVSS6.1AI score0.00327EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

imgaug 安全漏洞

imgaug is a image enhancement tool library developed by Alexander Jung, used for data augmentation in machine learning. Imgaug versions 0.4.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the BackgroundAugmenter class using the Python pickle module for...

9.8CVSS6.2AI score0.00472EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Horovod 安全漏洞

Horovod is a distributed training framework developed by Horovod OpenSource, based on TensorFlow, Keras, PyTorch, and Apache MXNet. Horovod versions 0.28.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of authentication and authorization controls in the...

9.8CVSS6.2AI score0.00687EPSS
Exploits0References2
Total number of security vulnerabilities195539