Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/12 12:0 a.m.16 views

SAP SAPUI5 安全漏洞

SAP SAPUI5 is a JavaScript application framework developed by the German company SAP. There is a security vulnerability in SAP SAPUI5, which allows unauthenticated attackers to manipulate specific URL parameters containing malicious content. This could lead victims to clicking on and accessing...

4.7CVSS5.8AI score0.00249EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Cribl 安全漏洞

Cribl is a log analysis tool. Versions of Cribl prior to 4.17.1 have security vulnerabilities. There is currently no information regarding these vulnerabilities. Please stay informed by following CNNVD or the vendor’s announcements...

9.8CVSS5.8AI score0.00281EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

WordPress plugin Asset CleanUp: Page Speed Booster 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.16 views

Microsoft Excel 资源管理错误漏洞

Microsoft Excel is a spreadsheet software within the Office suite developed by Microsoft Corporation. There is a resource management vulnerability in Microsoft Excel. Attackers can exploit this vulnerability to execute code remotely. The following products and versions are affected: Office Online...

7.8CVSS5.9AI score0.00332EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

WordPress plugin Slek Gateway for WooCommerce 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.9AI score0.00251EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Pulpy 路径遍历漏洞

Pulpy is a lightweight tool developed by Enes Gökkaya that converts web applications into desktop applications. Versions of Pulpy prior to 0.1.1 contained a path traversal vulnerability. This vulnerability stemmed from an incomplete blacklist for the validateFsPath function, which could lead to...

9.3CVSS5.9AI score0.01102EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

WordPress plugin APIExperts Square for WooCommerce SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

8.5CVSS5.9AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Microsoft M365 Copilot 访问控制错误漏洞

Microsoft M365 Copilot is an AI-driven productivity tool developed by the American company Microsoft. There is a security access control vulnerability in Microsoft M365 Copilot. Attackers exploit this vulnerability to carry out phishing attacks...

4.4CVSS5.8AI score0.00249EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS from 4.0.0 to 4.17.12 and 5.9.18 contained security vulnerabilities. These vulnerabilities stemmed from input handling defects in the Yii object creation path, which could allow any authenticated...

8.6CVSS6AI score0.00346EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Microsoft Office 安全漏洞

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There are security vulnerabilities in Microsoft Office. Attackers can exploit these...

7.8CVSS6AI score0.00437EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Microsoft Office ClickToRun 资源管理错误漏洞

Microsoft Office ClickToRun is a component developed by Microsoft Corporation that allows for the download and installation of Microsoft Office products. There is a resource management vulnerability in Microsoft Office ClickToRun. Attackers can exploit this vulnerability to gain higher privileges...

7.8CVSS5.8AI score0.00254EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Microsoft Windows 代码问题漏洞

Microsoft Windows is an operating system used on personal devices by the American company Microsoft. There are code-related vulnerabilities in Microsoft Windows. Attackers exploit these vulnerabilities to cause system denial-of-service attacks. The following products and versions are affected:...

6.5CVSS5.8AI score0.00782EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 150.0.3 contained a security vulnerability, which was caused by a sandbox escape in the Profile Backup component...

9.8CVSS5.8AI score0.00313EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Fortinet FortiAP 操作系统命令注入漏洞

Fortinet FortiAP is a controller designed by the American company Fortinet for managing wireless access point devices. Versions 7.6.0 to 7.6.2, 7.4.0 to 7.4.5, all versions of 7.2, all versions of 7.0, all versions of 6.4, as well as versions 7.0.0 to 7.0.5 of FortiAP-U, all versions of 6.2, and...

6.7CVSS6AI score0.00561EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

LWP::UserAgent 安全漏洞

LWP::UserAgent is a web user agent class open source from libwww-perl, used for sending HTTP requests. Versions of LWP::UserAgent prior to version 6.83 have security vulnerabilities. These vulnerabilities stem from improper handling of the Authorization and Proxy-Authorization headers during...

6.5CVSS5.8AI score0.00266EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS from 4.0.0 to 4.17.12 and 5.9.18 contained security vulnerabilities. These vulnerabilities stemmed from the GraphQL address element parser’s failure to apply pattern-range filtering on top-level...

7.1CVSS5.8AI score0.00338EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

WordPress plugin BEAR SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Microsoft Office 资源管理错误漏洞

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a resource management vulnerability in Microsoft Office. Attackers can exploit this...

8.4CVSS6AI score0.00369EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

MongoDB Ops Manager 命令注入漏洞

MongoDB Ops Manager is a solution developed by the American company MongoDB, designed for managing, monitoring, and backing up MongoDB deployments. MongoDB Ops Manager has a command injection vulnerability, which stems from executing arbitrary commands when configuring Webhooks. The following...

9.4CVSS5.9AI score0.00371EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Microsoft M365 Copilot 访问控制错误漏洞

Microsoft M365 Copilot is an AI-driven productivity tool developed by the American company Microsoft. There is a security access control vulnerability in Microsoft M365 Copilot. Attackers exploit this vulnerability to carry out phishing attacks...

6.2CVSS5.8AI score0.00363EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Parse Server 竞争条件问题漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were vulnerabilities due to concurrency issues in versions of Parse Server prior to 8.6.76 and 9.9.0-alpha.2. These vulnerabilities stemmed from concurrency...

5.9CVSS5.8AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

SAP Business Server Pages Application 跨站脚本漏洞

SAP Business Server Pages Application is a web application framework developed by the German company SAP. The SAP Business Server Pages Application has a cross-site scripting vulnerability. This vulnerability stems from allowing unauthenticated attackers to create malicious links. When victims...

6.1CVSS5.7AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Kyverno 跨站脚本漏洞

Kyverno is an open-source strategy engine designed for Kubernetes by Kyverno developers. Versions of Kyverno prior to 2.5.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the PropertyCard.vue component, which allowed for injection of raw HTML using the...

6.1CVSS5.7AI score0.00183EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Exim 资源管理错误漏洞

Exim is an open-source message transfer agent MTA developed by Exim Software, running on Unix systems. It primarily handles the routing, forwarding, and delivery of emails. Prior to Exim 4.99.3, there was a resource management vulnerability. This vulnerability stemmed from a specific GnuTLS...

9.8CVSS6.2AI score0.01225EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Fortinet FortiOS 缓冲区错误漏洞

Fortinet FortiOS is a security operating system developed by Fortinet Corporation, specifically for use on the FortiGate network security platform. This system provides users with various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content filtering, and...

8.8CVSS6.2AI score0.00564EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Intel QAT software drivers for Windows 代码问题漏洞

Intel QAT software drivers for Windows are a set of encryption and compression hardware acceleration drivers for the Windows platform developed by Intel Corporation. There are code-related vulnerabilities in Intel QAT software drivers for Windows versions prior to 2.6.0. These vulnerabilities ste...

6.8CVSS5.8AI score0.00098EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Intel Xeon Scalable Processors 安全漏洞

Intel Xeon Scalable Processors are scalable server central processing units CPUs developed by the American company Intel. There are security vulnerabilities in Intel Xeon Scalable Processors, which stem from improper initialization and may lead to information leakage...

5.6CVSS5.8AI score0.00095EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Intel QAT software drivers for Windows 输入验证错误漏洞

Intel QAT software drivers for Windows are a set of encryption and compression hardware acceleration drivers for the Windows platform developed by Intel Corporation. The version 2.6 of Intel QAT software drivers for Windows contained a vulnerability related to input validation errors. This...

6.9CVSS5.8AI score0.00099EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation of the CSRF token in the UserEditor.php file, which could allow unauthenticated attackers to gain...

8.8CVSS5.8AI score0.00128EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Ashlar-Vellum多款产品 缓冲区错误漏洞

Ashlar-Vellum Xenon is a product of the Ashlar-Vellum company. Ashlar-Vellum Xenon is a CAD modeling software. Ashlar-Vellum Cobalt is a parametric computer-aided design and 3D modeling program. Ashlar-Vellum Argon is a 2D drafting and 3D modeling software. Several products from the Ashlar-Vellum...

8.4CVSS6.2AI score0.00165EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Microsoft Azure Monitor Agent 安全漏洞

Microsoft Azure Monitor Agent is a monitoring agent program developed by the American company Microsoft. There are security vulnerabilities in Microsoft Azure Monitor Agent. Attackers can exploit these vulnerabilities to gain higher privileges...

7.8CVSS5.8AI score0.00285EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Grav 安全漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Version Grav 2.0.0-beta.2 contains a security vulnerability. This vulnerability arises from the...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

SSRF Check 安全漏洞

SSRF Check is a check string developed by Felippe Regazio to detect whether it contains potential SSRF attacks. Versions of SSRF Check prior to 1.3.0 have security vulnerabilities; these vulnerabilities stem from the inability to prevent server-side request forgery attacks that map IPv4 addresses...

8.2CVSS5.8AI score0.00226EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

multiparty 安全漏洞

multiparty is a Node.js module developed by pillarjs for parsing HTTP multipart/form-data requests. Versions of multiparty 4.2.3 and earlier contain security vulnerabilities; these vulnerabilities stem from unhandled exceptions, which may lead to denial-of-service attacks...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

multiparty 安全漏洞

multiparty is a Node.js module developed by pillarjs for parsing HTTP multipart/form-data requests. Versions of multiparty 4.2.3 and earlier contain security vulnerabilities; these vulnerabilities stem from unhandled exceptions, which may lead to denial-of-service attacks...

7.5CVSS5.8AI score0.00473EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

WordPress plugin Ninja Forms Views SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.5CVSS5.9AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

HashiCorp Nomad和HashiCorp Nomad Enterprise 路径遍历漏洞

HashiCorp Nomad and HashiCorp Nomad Enterprise are both products from HashiCorp, a company based in the United States. HashiCorp Nomad is a simple and flexible scheduler and orchestrator. It’s used for managing containers and non-containerized applications on both local and cloud environments...

8.8CVSS6.2AI score0.06892EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

JunoClaw 信息泄露漏洞

JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions prior to JunoClaw 0.x.y-security-1 contained an information leakage vulnerability. This vulnerability stemmed from the fact that each MCP write tool accepted mnemonic phrases as explicit tool invocation parameters,...

9.8CVSS5.8AI score0.00225EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

ludwig 安全漏洞

Ludwig is an open-source declarative deep learning framework developed by Ludwig. Versions of Ludwig 0.10.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the model service component using torch.load without enabling the weightsonly=True parameter when loading model...

9.8CVSS6.2AI score0.00497EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Claris FileMaker Cloud 安全漏洞

Claris FileMaker Cloud is a cloud platform provided by the American company Claris, designed for enterprise-level low-code database application development and hosting scenarios. Versions of Claris FileMaker Cloud prior to 2.22.0.5 contained security vulnerabilities. These vulnerabilities stemmed...

7.2CVSS6AI score0.00461EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Microsoft Office ClickToRun 访问控制错误漏洞

Microsoft Office ClickToRun is a component developed by Microsoft that allows for the download and installation of Microsoft Office products. There is an access control error vulnerability present in Microsoft Office ClickToRun. Attackers can exploit this vulnerability to gain higher privileges...

8.8CVSS5.8AI score0.00212EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

devguard 安全漏洞

Devguard is a software supply chain vulnerability management platform developed by L3montree. Versions prior to 1.2.2 of Devguard contained security vulnerabilities. These vulnerabilities stemmed from SessionMiddleware accepting the X-Admin-Token HTTP request header provided by clients. When no...

9.3CVSS5.8AI score0.00257EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from command injection, and they could allow...

7.2CVSS6AI score0.01014EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

thymeleaf 安全漏洞

Thymeleaf is an open-source Java template engine developed by Thymeleaf projects. Versions of Thymeleaf prior to 3.1.5.RELEASE contained security vulnerabilities. These vulnerabilities stemmed from a security bypass in the expression execution mechanism, which could lead to server-side template...

9CVSS5.9AI score0.00427EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

WordPress plugin WP EasyPay 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from incorrect security UI in the Downloads component, which could allow remote attackers to execute UI spoofing through a...

4.2CVSS5.9AI score0.00163EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Mk-Auth 安全漏洞

Mk-Auth is a Brazilian internet service provider management system developed by Mk-Auth company. It is used to control client access and permissions through a network interface panel. Version 23.01K4.9 of MK-Auth contains a security vulnerability caused by insecure direct object references. This...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Microsoft Windows TCP/IP 资源管理错误漏洞

Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There is a resource management vulnerability in Microsoft Windows TCP/IP. Attackers can exploit this vulnerability to obtain sensitive information. The following...

7.5CVSS5.8AI score0.00931EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Adobe Commerce 跨站脚本漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. Adobe Commerce has a cross-site scripting vulnerability, which stems from a storage-based cross-site scripting issue. This vulnerability could allow high-privilege attacke...

4.8CVSS5.6AI score0.00368EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

编号撤回

R is a statistical computing software from The R Foundation. fe is a lightweight, embeddable ANSI C scripting language developed by rxi. This CVE number has been withdrawn...

5.7AI score0.00075EPSS
Exploits0References1
Total number of security vulnerabilities195539