Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Syft 安全漏洞

Syft is an open-source remote data analysis tool developed by OpenMined, designed for protecting data privacy. Versions of Syft 0.9.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from inadequate validation of Python code submitted by users and insufficient sandbox...

9.8CVSS6.2AI score0.00631EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Adobe CAI Content Credentials 资源管理错误漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. Versions of Adobe CAI Content Credentials such as 0.78.2, 0.7.0, and earlier versions had resource...

6.2CVSS5.8AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Intel QAT software drivers for Windows 数字错误漏洞

Intel QAT software drivers for Windows are a set of encryption and compression hardware acceleration drivers for the Windows platform developed by Intel Corporation. Versions of Intel QAT software drivers for Windows prior to version 1.13 contain a numerical error vulnerability. This vulnerabilit...

6.8CVSS5.8AI score0.00098EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Guardrails 安全漏洞

Guardrails is a Python framework open source by Guardrails AI. Versions of Guardrails 0.6.7 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the Hub package installation mechanism, which retrieved lists from the Guardrails Hub when installing the validationer...

9.8CVSS6AI score0.00635EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Microsoft Dynamics 365 安全漏洞

Microsoft Dynamics 365 is a ERP business solution developed by the American company Microsoft, designed for multinational enterprises. It is used for financial management, production management, and business intelligence management, among other purposes. There are security vulnerabilities in...

9.1CVSS6AI score0.00748EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

NanaZip 代码问题漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 had code-related vulnerabilities. These vulnerabilities stemmed from the UFS/UFS2 file system image parser, which unconditionally treated the root inode as a directory without checking...

5.5CVSS5.9AI score0.00111EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability, which stemmed from a reuse issue in the GTK component. This vulnerability could allow remote attackers to execute arbitrary code through a...

8.8CVSS6.2AI score0.0028EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Microsoft .NET 输入验证错误漏洞

Microsoft .NET is a software framework developed by Microsoft Corporation in the United States. It focuses on agile software development, rapid application development, platform independence, and network transparency. There is an input validation vulnerability in Microsoft .NET. Attackers can...

7.3CVSS5.8AI score0.00551EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Zephyr 安全漏洞

Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, which occurs when sending ICMP ping messages to the device’s own IPv4 address using the net ping shell command. This causes the network stack to recursively re-ente...

6.1CVSS5.9AI score0.00144EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Adversarial Robustness Toolbox 安全漏洞

Adversarial Robustness Toolbox is an open-source machine learning security defense and evaluation tool developed by Trusted-AI. Versions of Adversarial Robustness Toolbox 1.20.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the robustnessevaluationfgsmpytorch....

9.8CVSS6.1AI score0.00554EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Siemens多款产品 跨站脚本漏洞

The Siemens SIMATIC Drive Controller is a series of drive controllers developed by the German company Siemens. Several Siemens products have a cross-site scripting vulnerability. This vulnerability arises from improper validation and cleaning of file names on the firmware update page. It may allo...

7.2CVSS7.3AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Adobe After Effects 安全漏洞

Adobe After Effects is a visual effects and dynamic graphics production software developed by Adobe, Inc. This software is primarily used for 2D and 3D compositing, animation production, and visual special effects. Versions of Adobe After Effects such as 26.0, 25.6.4, and earlier versions have...

7.8CVSS6.3AI score0.00299EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

ludwig 安全漏洞

Ludwig is an open-source declarative deep learning framework developed by Ludwig. Versions of Ludwig 0.10.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the predict method, which uses pandas.readpickle without proper validation when loading pickle files. This coul...

9.8CVSS6.2AI score0.006EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Microsoft DWM Core Library 安全漏洞

The Microsoft DWM Core Library is a core library of Microsoft Windows from the company Microsoft. There are security vulnerabilities in the Microsoft DWM Core Library. Attackers can exploit these vulnerabilities to obtain sensitive information. The following products and versions are affected:...

7.8CVSS5.8AI score0.00245EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from the reuse of UI elements after they were released, which could allow remote attackers to achieve sandbox escape...

8.3CVSS5.8AI score0.00176EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Code Runner MCP Server 访问控制错误漏洞

Code Runner MCP Server is a multi-language code execution and result display tool developed by Jun Han. There is an access control vulnerability in Code Runner MCP Server. This vulnerability arises when the --transport http option is used, exposing an unauthenticated /mcp JSON-RPC endpoint on por...

8.7CVSS6.5AI score0.00291EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Microsoft Projected File System 资源管理错误漏洞

The Microsoft Projected File System is an application system developed by Microsoft Corporation. It projects hierarchical data into the file system, making it appear as files and directories within the file system. The Microsoft Projected File System has a resource management vulnerability...

7CVSS5.8AI score0.00207EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Microsoft Windows Kernel Mode Drivers 资源管理错误漏洞

Microsoft Windows Kernel Mode Drivers are the kernel mode drivers of Windows from Microsoft. There is a resource management vulnerability in Microsoft Windows Kernel Mode Drivers. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected:...

7.8CVSS5.8AI score0.00298EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability caused by Codecs integer overflow. This vulnerability could allow remote attackers to exploit the system through specially crafted video files, resulting in...

8.3CVSS5.9AI score0.00233EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Microsoft Windows Common Log File System Driver 数字错误漏洞

The Microsoft Windows Common Log File System Driver is a high-performance, general-purpose log file system API provided by Microsoft. It allows specialized client applications to utilize this subsystem, enabling multiple clients to share it for optimized log access. The Microsoft Windows Common L...

7.8CVSS5.8AI score0.00273EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.16 views

Microsoft Windows 安全漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There are security vulnerabilities in Microsoft Windows. Attackers can exploit these vulnerabilities to execute code remotely. The following products and versions are affected: Windows 10 Version...

6.2CVSS6AI score0.00462EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Microsoft DWM Core Library 缓冲区错误漏洞

The Microsoft DWM Core Library is a core library of Microsoft Windows from the company Microsoft. The Microsoft DWM Core Library has a buffer overflow vulnerability. Attackers can exploit this vulnerability to obtain sensitive information. The following products and versions are affected: Windows...

5.5CVSS6AI score0.00374EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Microsoft Windows TCP/IP 代码问题漏洞

Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There are code-related vulnerabilities in Microsoft Windows TCP/IP. Attackers can exploit these vulnerabilities to cause system denial-of-service attacks. The followin...

7.5CVSS5.8AI score0.01078EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Microsoft Windows Admin Center 访问控制错误漏洞

Microsoft Windows Admin Center is a browser-based, locally deployed application developed by Microsoft. This tool is primarily used for managing servers and clusters. Microsoft Windows Admin Center has a vulnerability related to access control. Attackers can exploit this vulnerability to gain...

8.8CVSS5.8AI score0.00427EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Subnet Solutions PowerSYSTEM Center 注入漏洞

Subnet Solutions PowerSYSTEM Center is a power solution offered by Subnet Solutions Corporation. The Subnet Solutions PowerSYSTEM Center has an injection vulnerability, which stems from CRLF injections during SMTPS communication...

5.5CVSS5.8AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

WordPress plugin Advanced Custom Fields Extended 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS6.2AI score0.00381EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Fortinet FortiAP 操作系统命令注入漏洞

Fortinet FortiAP is a controller designed by the American company Fortinet for managing wireless access point devices. Versions 7.6.0 to 7.6.2, 7.4.0 to 7.4.5, all versions of 7.2, all versions of 7.0, all versions of 6.4, as well as FortiAP-W2 versions 7.4.0 to 7.4.4, all versions of 7.2, and al...

6.7CVSS6AI score0.00561EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Microsoft Windows Kernel 安全漏洞

The Microsoft Windows Kernel is the kernel of the Windows operating system developed by Microsoft Corporation. There are security vulnerabilities in the Microsoft Windows Kernel. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affecte...

7.8CVSS5.8AI score0.04725EPSS
Exploits4References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.16 views

SAP Commerce Cloud 安全漏洞

SAP Commerce Cloud is a cloud-based e-commerce platform developed by SAP, a German company. This platform supports sales management, marketing management, order management, and operational management. There is a security vulnerability in SAP Commerce Cloud, which stems from improper configuration...

9.6CVSS6.3AI score0.0061EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Open-Xchange OX Dovecot Pro 资源管理错误漏洞

Open-Xchange OX Dovecot Pro is an email storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a resource management vulnerability. This vulnerability stems from allowing attackers to upload malicious Sieve scripts, bypassing the configured CPU ti...

6.5CVSS5.8AI score0.00338EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

NanaZip 安全漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained security vulnerabilities. These vulnerabilities stemmed from the recursive, depth-unlimited behavior of the nlohmann::json::parse and GetAllPaths functions in the Electron...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Snorkel 安全漏洞

Snorkel is an open-source system developed by Snorkel that enables rapid generation of training data using weak supervision. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the MultitaskClassifier class’s MultitaskClassifier.load method, whic...

8.8CVSS6.1AI score0.00392EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Claris FileMaker Cloud 安全漏洞

Claris FileMaker Cloud is a cloud platform provided by the American company Claris, designed for enterprise-level low-code database application development and hosting scenarios. Versions of Claris FileMaker Cloud prior to 2.22.0.5 contained security vulnerabilities. These vulnerabilities stemmed...

7.2CVSS5.9AI score0.00457EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

WordPress plugin Continually 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. In...

4.4CVSS5.8AI score0.00195EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Adversarial Robustness Toolbox 安全漏洞

Adversarial Robustness Toolbox is an open-source machine learning security defense and evaluation tool developed by Trusted-AI. Versions of Adversarial Robustness Toolbox 1.20.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the model loading function in the...

9.8CVSS6.2AI score0.006EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Microsoft Windows Internet Key Exchange 安全漏洞

Microsoft Windows Internet Key Exchange is the Internet Key Exchange protocol in Microsoft’s Windows operating system. There are security vulnerabilities associated with Microsoft Windows Internet Key Exchange. Attackers can exploit these vulnerabilities to cause system denial-of-service attacks...

7.5CVSS5.8AI score0.01187EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Microsoft Rich Text Edit Control 资源管理错误漏洞

Microsoft Rich Text Edit Control is a rich text editor implemented by Microsoft Corporation. There is a resource management vulnerability in Microsoft Rich Text Edit Control. Attackers can exploit this vulnerability to gain elevated privileges. The following products and versions are affected:...

6.7CVSS5.8AI score0.00319EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability. This vulnerability stemmed from an out-of-bound read operation in the FileSystem component, which could allow remote attackers who had been convince...

5.3CVSS6.1AI score0.00255EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Adobe Substance3D Designer 缓冲区错误漏洞

Adobe Substance3D Designer is a texture and material creation software developed by Adobe Inc. Versions of Adobe Substance3D Designer 15.1.0 and earlier contain a buffer error vulnerability, which stems from out-of-buffer writes, potentially allowing arbitrary code to execute in the current user...

7.8CVSS6.3AI score0.00149EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.18 views

Microsoft Win32k 资源管理错误漏洞

Microsoft Win32k is a system file used by Microsoft for multi-user management in Windows operating systems. There is a resource management vulnerability in Microsoft Windows Win32K-ICOMP. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are...

7.8CVSS5.8AI score0.02014EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

WordPress plugin Quick Table 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by an object lifecycle issue in the WebShare component. This vulnerability could allow remote attackers to execute arbitrary code by...

8.8CVSS6.2AI score0.00498EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Microsoft SSO Plugin for Jira & Confluence 安全漏洞

The Microsoft SSO Plugin for Jira & Confluence is an SSO authentication integration plugin developed by Microsoft for Atlassian collaboration software Jira and Confluence in local deployment. There are security vulnerabilities in the Microsoft SSO Plugin for Jira & Confluence. Attackers can explo...

9.1CVSS6AI score0.05378EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.16 views

Microsoft Windows TCP/IP 资源管理错误漏洞

Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There is a resource management vulnerability in Microsoft Windows TCP/IP. The following products and versions are affected: Windows 10 Version 1809 for 32-bit systems,...

8.1CVSS5.8AI score0.00789EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

CosyVoice 安全漏洞

CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. CosyVoice has a security vulnerability. This vulnerability arises from the model loading process, where the .pt files in the user-specified directory are loaded using torch.load, without enabling...

8.8CVSS6.1AI score0.00458EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Intel QAT software drivers for Windows 输入验证错误漏洞

Intel QAT software drivers for Windows are a set of encryption and compression hardware acceleration drivers for the Windows platform developed by Intel Corporation. Versions of Intel QAT software drivers for Windows prior to version 1.13 contain a vulnerability related to input validation. This...

6.9CVSS5.8AI score0.00099EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

WordPress plugin Fancy Image Show 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.8AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Postgrex SQL注入漏洞

Postgrex is an open-source Elixir language PostgreSQL database driver developed by elixir-ecto. In versions 0.16.0 to 0.22.2 of Postgrex, there was a SQL injection vulnerability. This vulnerability stemmed from the lack of neutralization of special elements in the Elixir.Postgrex.Notifications...

7.8CVSS5.9AI score0.00198EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

WordPress plugin Zawgyi Embed 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

SAP NetWeaver Application Server ABAP 跨站脚本漏洞

SAP NetWeaver Application Server ABAP is a platform used by SAP, a German company, for the operation and development of applications written in the ABAP language. SAP NetWeaver Application Server ABAP has a cross-site scripting vulnerability. This vulnerability stems from reflective cross-site...

4.7CVSS5.7AI score0.00223EPSS
Exploits0References1
Total number of security vulnerabilities195539