Lucene search
+L

195539 matches found

CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation by the Popup Blocker, which could allow a remote attacker with access to th...

4.2CVSS5.8AI score0.0017EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.13 views

Masa CMS SQL注入漏洞

Masa CMS is a digital experience platform operated by Masa CMS organization. Masa CMS has a SQL injection vulnerability, which stems from improper handling of the sortDirection parameter in the getQuery function of the beanFeed.cfc component. This vulnerability could allow unauthenticated remote...

9.3CVSS6AI score0.00425EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient validation for untrusted inputs in the UI, which could allow remote attackers to persuade...

8.8CVSS6AI score0.00223EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability, which was caused by improper implementation of ServiceWorker. This vulnerability could allow remote attackers to execute a sandbox escape through a speciall...

8.3CVSS5.9AI score0.00222EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.12 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability caused by integer overflow in Blink, which could allow remote attackers to exploit heap corruption through specially crafted HTML pages...

8.8CVSS5.9AI score0.00281EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

ERPNext 安全漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions of ERPNext prior to v15.103.1 contained security vulnerabilities. These vulnerabilities were caused by server-side template injection. Attackers who had access to create or edi...

9.8CVSS5.8AI score0.0039EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

WordPress plugin WP-Clippy 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

CoreDNS 安全漏洞

CoreDNS is a DNS server within the CoreDNS community. Versions of CoreDNS prior to 1.14.3 contained a security vulnerability. This vulnerability stemmed from the DNS-over-QUIC server, where remote clients opened numerous QUIC streams and sent only 1 byte of data. This could lead to unlimited...

8.7CVSS5.8AI score0.00469EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the nftct module not properly disposing of queued messages when it is removed, potentially leading to...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.12 views

LangChain-Chatchat 竞争条件问题漏洞

LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Versions of Langchain-Chatchat 0.3.1.3 and earlier contained a race condition vulnerability. This vulnerability stemmed from the operation of the files function in the...

2.6CVSS5.8AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a buffer overflow vulnerability, which was caused by out-of-bounds read operations in fonts. This vulnerability could allow remote attackers to execute out-of-bounds memory reads...

4.3CVSS6.2AI score0.00193EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.13 views

Crestron Touchpanels 参数注入漏洞

Crestron Touchpanels are a series of intelligent network touchscreen devices developed by Crestron Corporation in the United States. These devices are used for scheduling in enterprise meeting rooms, controlling audio-visual systems, and automating smart buildings. Crestron Touchpanels have a...

7.4CVSS5.8AI score0.00753EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.12 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a buffer overflow vulnerability. This vulnerability stemmed from excessive reading by WebCodecs, which could allow remote attackers to execute out-of-bound memory reads through...

4.3CVSS6.2AI score0.00178EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability, which was caused by improper implementation of the ORB mechanism. This vulnerability could allow remote attackers to bypass site isolation...

6.3CVSS5.8AI score0.00177EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.12 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient data validation in the InterestGroups function, which could allow remote attackers to exploit...

8.3CVSS5.8AI score0.0022EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

D-Link DI-8100 缓冲区错误漏洞

The D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8100 version 16.07.26A1 contains a buffer overflow vulnerability. This vulnerability stems from the handling of parameters in the Web Management Interfac...

8.6CVSS7.4AI score0.04589EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.13 views

Modsecurity 缓冲区错误漏洞

Modsecurity is an open-source web traffic security processing library developed by OWASP ModSecurity. Versions of Modsecurity prior to 3.0.15 contained a buffer error vulnerability. This vulnerability arises from using the t:hexDecode conversion in rule checks for query string parameters containi...

8.2CVSS6AI score0.00435EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.12 views

Sandboxie-Plus 安全漏洞

Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus 1.17.2 and earlier contain security vulnerabilities. These vulnerabilities stem from the ProcessServer processing program’s use of wcscpy to copy the boxname field, without verifying an empt...

7.8CVSS5.9AI score0.00174EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities were due to a bypass of the server-side request forgery strategy used in browser tab operations, such as selecting a...

8.5CVSS5.8AI score0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

Eclipse OpenJ9 缓冲区错误漏洞

Eclipse OpenJ9 is a Java application engine developed by the Eclipse Foundation. This product is primarily used for running Java applications. Versions of Eclipse OpenJ9 from 0.21 to 0.58 contain a buffer error vulnerability. This vulnerability allows pre-authenticated remote attackers to cause t...

8.7CVSS6AI score0.00517EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

ERPNext 代码注入漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Version 13.4.0 of ERPNext contains a code injection vulnerability. This vulnerability stems from a sandbox escape vulnerability present in RestrictedPython. It allows authenticated user...

8.8CVSS6.2AI score0.00609EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

WordPress plugin Forminator 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.8AI score0.00773EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

LangChain-Chatchat 加密问题漏洞

LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Versions of LangChain-Chatchat 0.3.1.3 and earlier had an encryption vulnerability. This vulnerability stems from a function in the Uploaded File Handler component, specifically th...

2.6CVSS5.7AI score0.00235EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.13 views

LangChain-Chatchat 加密问题漏洞

LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Versions of Langchain-Chatchat 0.3.1.3 and earlier had encryption-related vulnerabilities. These vulnerabilities stemmed from an issue in the Vision Chat Paste Image Handler...

2.6CVSS5.8AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.14 views

Sandboxie-Plus 安全漏洞

Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus 1.17.2 and earlier contain security vulnerabilities. These vulnerabilities stem from the GetRawInputDeviceInfoSlave handler in the SbieSvc proxy service, which has issues with information...

8.8CVSS5.9AI score0.00139EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.13 views

Quarkus 安全漏洞

Quarkus is an open-source cloud-native Linux framework for writing Java applications. Quarkus has a security vulnerability that stems from inconsistent path normalization between the security layer and the routing layer. This vulnerability allows unauthenticated or low-privilege users to bypass...

8.8CVSS5.8AI score0.00444EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after they were released in Blink, which could allow remote attackers to execute arbitrary...

8.8CVSS6.2AI score0.00267EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.15 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient execution of DevTools policies, which could allow attackers to bypass navigation restrictions by convincing use...

3.1CVSS5.9AI score0.00143EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.15 views

Traccar 跨站脚本漏洞

Traccar is a Java-based website monitoring system developed by the American company Traccar. This software supports over 170 GPS protocols and over 1,500 types of GPS tracking devices. Traccar can be used alongside any major SQL database systems. It also provides a user-friendly REST API. Version...

5.4CVSS5.7AI score0.00162EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

Open vSwitch 安全漏洞

Open vSwitch is a virtual switch developed as part of the Collaborative Project. There is a security vulnerability in Open vSwitch. This vulnerability arises when configuring conntrack streams that use FTP auxiliary programs. A remote attacker can send a specially crafted FTP stream, resulting in...

5.9CVSS5.8AI score0.00405EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

Pi-hole 注入漏洞

Pi-hole is a web-level ad blocking application developed by Pi-hole Inc. Versions of Pi-hole prior to 6.6.1 had a injection vulnerability. This vulnerability stemmed from the lack of validation of line breaks in the dns.interface configuration field, allowing attackers to inject arbitrary command...

8.8CVSS6AI score0.00956EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after they were released in WebAudio, which could allow remote attackers to execute...

8.8CVSS6.2AI score0.00338EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.13 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability, which was caused by improper implementation of the Navigation mechanism. This vulnerability could allow remote attackers to bypass site...

3.1CVSS5.8AI score0.00195EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.12 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a buffer overflow vulnerability, which was caused by excessive writing within Skia. This vulnerability could allow remote attackers to exploit the system through specially crafted HT...

8.3CVSS6.1AI score0.00206EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after the Aura object was released, which could allow remote attackers to exploit the syst...

8.3CVSS5.8AI score0.00206EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reusing of resources after they were released in Aura, which could allow remote attackers who have compromise...

8.3CVSS6AI score0.00206EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after their release, which could allow a remote attacker with access to the renderer proce...

9.6CVSS5.8AI score0.0022EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after Chromoting was released, which could allow local attackers to gain...

7.8CVSS5.8AI score0.00112EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.12 views

D-Link DI-8100 缓冲区错误漏洞

The D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8100 version 16.07.26A1 contains a buffer overflow vulnerability. This vulnerability stems from a function in the CGI Handler component called sprintf,...

8.6CVSS7.3AI score0.04164EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after they were released by ServiceWorkers, which could allow remote attackers to exploit...

8.3CVSS5.8AI score0.00206EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.13 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient input validation in ChromeDriver, which could allow remote attackers to execute arbitrary code through a...

8.8CVSS6.2AI score0.00247EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

WordPress plugin Royal Elementor Addons 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS5.8AI score0.00359EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.12 views

OpenCTI 授权问题漏洞

OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions 6.6.0 to 6.9.12 of OpenCTI have vulnerabilities related to authorization. Attackers can exploit these vulnerabilities to access the API as any existing user, including the default administrator account...

9.8CVSS5.8AI score0.0048EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.12 views

Altice Labs GR140DG和Altice Labs GR140IG 安全漏洞

Both Altice Labs GR140DG and Altice Labs GR140IG are fiber-optic access gateway devices from the Portuguese company Altice Labs. Both devices have security vulnerabilities. The vulnerability stems from the traceroute diagnostic handler in /bin/httpdclientside, which allows uncleaned user input to...

8.8CVSS6.1AI score0.01275EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.14 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities were due to authorization bypasses, which could allow attackers to execute modified persistence configuration files...

7.1CVSS5.9AI score0.00295EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Google Chrome 代码注入漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 had a code injection vulnerability. This vulnerability stemmed from UI script injection, which could allow remote attackers to inject arbitrary scripts or HTML through specially crafted HTML...

4.2CVSS6AI score0.00155EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.13 views

OpenClaw 数据伪造问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 had a data falsification vulnerability. This vulnerability stemmed from insufficient input validation, allowing external hook metadata to be added as trusted system events...

9.8CVSS5.8AI score0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.12 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypasses, allowing for the automatic activation of untrusted workspace plugins during...

8.8CVSS5.8AI score0.00381EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.15 views

Vaultwarden 安全漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García. Versions of Vaultwarden 1.35.4 and earlier contained a security vulnerability. This vulnerability stemmed from the lack of a hasfullaccess authorization check in the getorgcollectionsdetails...

5.3CVSS5.8AI score0.0017EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the idxd driver failing to release the associated work queue when releasing objects...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References1
Total number of security vulnerabilities195539