Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Fuji Electric Fuji Tellus 安全漏洞

Fuji Electric Fuji Tellus is an interface and control platform for industrial automation and equipment monitoring developed by Fuji Electric in Japan. There is a security vulnerability in Fuji Electric Fuji Tellus, which stems from adding drivers to the kernel during the installation process,...

7.8CVSS5.8AI score0.00146EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

WordPress plugin Xpro Elementor Addons SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.5CVSS5.9AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.7 views

sealed-env 信息泄露漏洞

Sealed-Env is a cross-platform zero-trust key management library developed by David Almeida. It supports encrypted storage and TOTP verification. Versions of Sealed-Env from 0.1.0-alpha.1 to 0.1.0-alpha.3 contained information leakage vulnerabilities. These vulnerabilities stemmed from the fact...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Microsoft Word 访问控制错误漏洞

Microsoft Word is a word processing software within the Office suite developed by the American company Microsoft. There is an access control error vulnerability in Microsoft Word. Attackers exploit this vulnerability to carry out deceptive attacks...

7.1CVSS5.8AI score0.00292EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Microsoft Windows GDI 安全漏洞

Microsoft Windows GDI is a core underlying standard interface within the Windows operating system developed by Microsoft, responsible for drawing graphical objects on the screen or printer, managing fonts, and processing images. There are security vulnerabilities in Microsoft Windows GDI. Attacke...

7.8CVSS6AI score0.00532EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Microsoft Word 安全漏洞

Microsoft Word is a word processing software within the Office suite developed by Microsoft Corporation. There are security vulnerabilities in Microsoft Word. Attackers can exploit these vulnerabilities to obtain sensitive information. The following products and versions are affected: Microsoft 3...

4.3CVSS5.8AI score0.0062EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Microsoft Office 安全漏洞

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There are security vulnerabilities in Microsoft Office. Attackers can exploit these...

8.4CVSS6AI score0.00383EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Heym 安全漏洞

Heym is an open-source AI-native workflow automation platform developed by heymrun. Versions of Heym prior to 0.0.21 contained security vulnerabilities. These vulnerabilities stemmed from sandbox escape vulnerabilities in custom Python tool executors, which could allow authenticated workflow...

8.8CVSS5.8AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution by the ViewTransitions component, which could allow remote attackers to exploit the...

4.3CVSS5.9AI score0.0018EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Fortinet FortiNDR SQL注入漏洞

Fortinet FortiNDR is a network detection and response solution provided by the American company Fortinet. Versions 7.6.0 to 7.6.2, 7.4.0 to 7.4.9, all versions of 7.2, all versions of 7.1, and all versions of 7.0 of Fortinet FortiNDR contain an SQL injection vulnerability. This vulnerability stem...

8.8CVSS6AI score0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Intel QAT software drivers for Windows 输入验证错误漏洞

Intel QAT software drivers for Windows are a set of encryption and compression hardware acceleration drivers for the Windows platform developed by Intel Corporation. Versions of Intel QAT software drivers for Windows prior to version 1.13 contain a vulnerability related to input validation errors...

8.5CVSS5.8AI score0.0011EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Flowsint 跨站脚本漏洞

Flowsint is an open-source intelligence visualization tool developed by reconurge. Versions of Flowsint prior to 1.2.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from map node tags containing arbitrary HTML, which could lead to storage-based cross-site scripting...

5.1CVSS5.8AI score0.0028EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Microsoft Windows Storage Spaces Controller 输入验证错误漏洞

Microsoft Windows Storage Spaces Controller is a necessary driver provided by Microsoft for storage space functions. There is an input validation vulnerability in Microsoft Windows Storage Spaces Controller. Attackers can exploit this vulnerability to gain elevated privileges. The following...

7.8CVSS5.8AI score0.00332EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

WordPress plugin Skysa Text Ticker App 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.19 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft Studio. Versions of Craft CMS from 5.0.0-RC1 to 5.9.18 contained security vulnerabilities. These vulnerabilities stemmed from the AssetsController::actionShowInFolder method, which did not check user permissions when...

7.1CVSS5.8AI score0.00324EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Microsoft Windows TCP/IP 安全漏洞

Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There are security vulnerabilities associated with Microsoft Windows TCP/IP. The following products and versions are affected: Windows 10 Version 1809 for 32-bit...

7.8CVSS5.8AI score0.01838EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Relay Server 安全漏洞

Relay Server is an open-source system by System 3 that supports offline collaborative real-time document synchronization. There were security vulnerabilities in the Relay Server versions 0.9.0 to 0.9.6. These vulnerabilities stemmed from WebSocket endpoints for multiple documents, where WebSocket...

9.1CVSS5.8AI score0.00366EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from incorrect security UI in the Fullscreen component, which could allow remote attackers to execute UI spoofing through...

5.4CVSS5.9AI score0.00184EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

SAP Forecasting and Replenishment 命令注入漏洞

SAP Forecasting and Replenishment is a demand forecasting and inventory replenishment management system developed by SAP, a German company, for retail and supply chain scenarios. SAP Forecasting and Replenishment has a command injection vulnerability. This vulnerability stems from OS command...

8.2CVSS6.2AI score0.00199EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Ashlar-Vellum多款产品 缓冲区错误漏洞

Ashlar-Vellum Xenon is a product of the Ashlar-Vellum company. Ashlar-Vellum Xenon is a CAD modeling software. Ashlar-Vellum Cobalt is a parametric computer-aided design and 3D modeling program. Ashlar-Vellum Argon is a 2D drafting and 3D modeling software. Several products from the Ashlar-Vellum...

8.4CVSS6.2AI score0.00165EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Microsoft Word 资源管理错误漏洞

Microsoft Word is a word processing software within the Office suite developed by Microsoft Corporation. There is a resource management vulnerability in Microsoft Word. Attackers can exploit this vulnerability to execute code remotely. The following products and versions are affected: Microsoft...

8.4CVSS5.9AI score0.00383EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Microsoft Office 资源管理错误漏洞

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a resource management vulnerability in Microsoft Office. Attackers can exploit this...

7.8CVSS5.8AI score0.00305EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Chitora Lhaz 路径遍历漏洞

Chitora Lhaz is a Windows compression tool developed by Chitora Company in Japan. It supports the creation of files in various compression formats and the decompression of those files. Chitora Lhaz has a path traversal vulnerability. This vulnerability stems from an issue with the automatic folde...

4.6CVSS5.8AI score0.0015EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

WordPress plugin Credits Shortcode 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Siemens ROS# 安全漏洞

Siemens ROS is a robot operating system communication framework based on C and .NET by the German company Siemens. Versions of Siemens ROS prior to V2.2.2 contained security vulnerabilities. These vulnerabilities were caused by improperly cleaned user inputs, leading to path traversal attacks. Th...

9.3CVSS7.4AI score0.00487EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Zyxel WRE6505 安全漏洞

Zyxel WRE6505 is a wireless signal expansion device produced by Zyxel Corporation in China. The Zyxel WRE6505 v2 V1.00ABDV.3C0 version contains a security vulnerability. This vulnerability stems from the improper limit on the number of authentication attempts made by the web management interface...

6.5CVSS5.8AI score0.002EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Apple macOS 访问控制错误漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS prior to Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.2 contain an access control error vulnerability. This vulnerability stems from an access issue that could allow...

8.8CVSS5.8AI score0.00119EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 150.0.3 contained a security vulnerability, which was caused by a compilation error in the JavaScript Engine’s JIT component...

7.3CVSS5.8AI score0.00331EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Apache Tomcat 输入验证错误漏洞

Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Vulnerabilities exist in versions of Apache Tomcat from 11.0.0-M1 to 11.0.21, 10.1.0-M1 to 10.1.54, 9.0.0.M1 to 9.0.117, and...

9.8CVSS5.8AI score0.01339EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Adobe CAI Content Credentials 输入验证错误漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. Adobe CAI Content Credentials has a vulnerability related to input validation errors. This vulnerability...

6.2CVSS5.8AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Siemens多款产品 信任管理问题漏洞

Siemens Teamcenter is a software application for product lifecycle management developed by Siemens, a German company. Several Siemens products have vulnerabilities related to trust management. These vulnerabilities stem from hardcoded keys used for obfuscation, which could allow attackers to obta...

8.7CVSS7.3AI score0.00287EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Nexent 安全漏洞

Nexent is an open-source zero-code AI smart agent automatic generation platform developed by ModelEngine-Group. Version 1.7.5.2 of Nexent contains a security vulnerability. This vulnerability stems from the lack of authentication, authorization, and input validation mechanisms in the DELETE...

9.1CVSS5.8AI score0.00401EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Microsoft Message Queuing 资源管理错误漏洞

Microsoft Message Queuing is a solution developed by Microsoft for implementing high-performance asynchronous and synchronous scenarios. There is a resource management vulnerability in Microsoft Message Queuing. The following products and versions are affected: Windows 11 Version 24H2 for...

7.8CVSS7.1AI score0.00398EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Subnet Solutions PowerSYSTEM Center 注入漏洞

Subnet Solutions PowerSYSTEM Center is a power solution offered by Subnet Solutions Corporation. The Subnet Solutions PowerSYSTEM Center has an injection vulnerability, which stems from CRLF injections during SMTPS communication...

5.5CVSS5.8AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Hewlett Packard Enterprise ArubaOS(HPE ArubaOS) 跨站脚本漏洞

Hewlett Packard Enterprise ArubaOS is a network wireless operating system developed by Hewlett Packard Enterprise. Hewlett Packard Enterprise ArubaOS contains a cross-site scripting vulnerability. This vulnerability stems from vulnerabilities in the web-based management interface, which may allow...

8.8CVSS6AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by a type confusion issue in the ANGLE component. This vulnerability could allow remote attackers who have breached the rendering process ...

3.1CVSS6AI score0.00172EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from a problem with the Tab Groups component regarding the reuse of resources after release. It could allow remote...

7.5CVSS6.2AI score0.00157EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Adobe After Effects 缓冲区错误漏洞

Adobe After Effects is a visual effects and dynamic graphics production software developed by Adobe, Inc. in the United States. This software is primarily used for 2D and 3D compositing, animation creation, and visual special effects. Versions of Adobe After Effects such as 26.0, 25.6.4, and...

7.8CVSS6.4AI score0.00148EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Microsoft Excel 安全漏洞

Microsoft Excel is a spreadsheet software within the Office suite developed by Microsoft Corporation. There are security vulnerabilities in Microsoft Excel. Attackers can exploit these vulnerabilities to execute code remotely. The following products and versions are affected: Office Online Server...

7.8CVSS5.9AI score0.00321EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Microsoft Windows TCP/IP 代码问题漏洞

Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There are code-related vulnerabilities in Microsoft Windows TCP/IP. Attackers can exploit these vulnerabilities to cause system denial-of-service attacks. The followin...

7.1CVSS5.8AI score0.00331EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

lemur 信任管理问题漏洞

Lemur is an open-source TLS certificate management tool developed by Netflix, Inc. Versions of Lemur prior to 1.9.0 contained a vulnerability related to trust management. This vulnerability stemmed from unconditional disabling of TLS certificate verification when LDAP TLS was enabled, which could...

6.8CVSS5.8AI score0.00094EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

granian 安全漏洞

Granian is a high-performance Python HTTP server developed by Emmett under open source principles, using Rust as the programming language. Versions of Granian from 0.2.0 to 2.7.4 contain security vulnerabilities. These vulnerabilities occur when the WSGI application returns invalid HTTP response...

5.9CVSS5.8AI score0.00222EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

granian 输入验证错误漏洞

Granian is a high-performance Python HTTP server developed by Emmett under open source principles, using Rust as the programming language. Versions 1.2.0 to 2.7.4 of Granian contain a vulnerability related to input validation. This vulnerability arises when an unvalidated client sends a WebSocket...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Fides 安全漏洞

Fides is an open-source privacy engineering platform developed by Ethyca, used to manage the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations within code. Versions of Fides from 2.75.0 to 2.83.2 contained security vulnerabilities. These...

6.1CVSS5.8AI score0.00313EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

requests-hardened 代码问题漏洞

requests-hardened is a Python library developed by Saleor Commerce, aimed at enhancing the security of HTTP requests. requests-hardened has code vulnerabilities; these vulnerabilities stem from the lack of SSRF protection, which fails to prevent access to shared address spaces as defined in RFC...

6.5CVSS5.9AI score0.00305EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.7 views

mem0 安全漏洞

mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory creation API endpoints, which may allow remote...

5.3CVSS5.8AI score0.00335EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

mem0 安全漏洞

mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory management API endpoints, which may allow remote...

7.5CVSS5.8AI score0.00372EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

superduper 安全漏洞

Superduper is an open-source database integration AI proxy and application building tool developed by superduper.io. Versions of Superduper prior to v0.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the Parseoppart function in the query parsing component, which used t...

8.8CVSS6.1AI score0.00405EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Snorkel 安全漏洞

Snorkel is an open-source system developed by Snorkel that enables rapid generation of training data using weak supervision. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the MultitaskClassifier class’s MultitaskClassifier.load method, whic...

8.8CVSS6.1AI score0.00392EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.17 views

Snorkel 安全漏洞

Snorkel is an open-source system developed by Snorkel that uses weak supervision to quickly generate training data. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the Trainer class’s Trainer.load method, which uses torch.load to load model...

8.8CVSS6.2AI score0.00392EPSS
Exploits0References2
Total number of security vulnerabilities195539