Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/06/11 12:0 a.m.12 views

WordPress plugin WP Mail Log 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS7.9AI score0.00284EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.21 views

VMware Spring Integration 路径遍历漏洞

VMware Spring Integration is an enterprise application integration framework developed by VMware, Inc. Versions 7.0.0 to 7.0.4, 6.5.0 to 6.5.8, 6.4.0 to 6.4.11, 6.3.0 to 6.3.14, and 5.5.0 to 5.5.20 of VMware Spring Integration have a path traversal vulnerability. This vulnerability arises due to...

7.1CVSS5.5AI score0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Netty 资源管理错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.135.Final and 4.2.15.Final contained a resource management vulnerability. This...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

MPEG-4 container plugin for Membrane Framework 安全漏洞

The MPEG-4 container plugin for Membrane Framework is an open-source plugin developed by Membrane Framework for parsing and multiplexing MP4 containers. Versions of the MPEG-4 container plugin for Membrane Framework from 0.3.0 to 0.36.7 contained security vulnerabilities. These vulnerabilities...

5.9CVSS5.3AI score0.00126EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Soagen Apinizer 安全漏洞

Soagen Apinizer is an API management and API gateway platform developed by the Turkish company Soagen. Versions of Soagen Apinizer from 2026.04.0 to 2026.04.6 contained security vulnerabilities. These vulnerabilities were caused by improper handling of special elements in expressions language...

9.8CVSS5.4AI score0.00417EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

CodexBar 安全漏洞

CodexBar is an AI programming service usage monitoring tool developed by Peter Steinberger. Versions of CodexBar prior to 0.33.0 contained security vulnerabilities. These vulnerabilities stemmed from credential forwarding, which could allow network adjacent attackers to intercept sensitive...

6CVSS5.3AI score0.00253EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.23 views

CyberArk Idira Endpoint Privilege Manager 安全漏洞

CyberArk Idira Endpoint Privilege Manager is a terminal privilege management agent developed by the American company CyberArk. Vulnerabilities existed in versions of CyberArk Idira Endpoint Privilege Manager prior to version 26.5. These vulnerabilities stemmed from improper access control in the...

8.9CVSS5.3AI score0.00124EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.13 views

WordPress plugin MetroStore 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS8.3AI score0.00184EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. In versions prior to 149.0.7827.115, there was a resource management vulnerability. This vulnerability stemmed from a problem with reusing resources after they were released by the Network component. This could allow attackers with privilege...

8.1CVSS5.4AI score0.00225EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a resource management vulnerability, which stemmed from a reuse issue in the Autofill component. This vulnerability could allow remote attackers to exploit heap corruption through...

8.8CVSS5.5AI score0.00224EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.20 views

389 Directory Server 输入验证错误漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. 389 Directory Server has a vulnerability related to input validation. This vulnerability stems from an integer overflow in the SASL I/O layer. In the function...

7.6CVSS6.3AI score0.0067EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

MCP Server Kubernetes 安全漏洞

MCP Server Kubernetes is a Kubernetes management server developed by Suyog Sonwalkar. Versions of MCP Server Kubernetes prior to 3.6.0 contained security vulnerabilities. These vulnerabilities stemmed from access control being executed at the tool discovery layer but not at the execution layer,...

8.8CVSS5.6AI score0.00376EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.12 views

gst-plugins-bad 缓冲区错误漏洞

gst-plugins-bad is a GStreamer open-source plugin. gst-plugins-bad has a buffer error vulnerability. This vulnerability stems from the H.265 codec parser library using incorrect loop boundaries when parsing SEI messages during the buffer period. As a result, the CPB values allocated for the stack...

6.5CVSS5.6AI score0.00228EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google. It primarily provides features for web browsing, extension support, and multi-platform synchronization. There is a resource management vulnerability in Google Chrome. This vulnerability stems from the Cast component’s failure to properly handle...

8.3CVSS5.9AI score0.00174EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.26 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability caused by an improper implementation in the Headless component. This vulnerability could allow remote attackers to execute a sandbox escape by exploiting a...

9.6CVSS5.6AI score0.00224EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 had a security vulnerability due to improper handling of symbolic links, which could allow applications to access protected user data...

5.5CVSS5.3AI score0.00151EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

Başarsoft Rotaban 代码问题漏洞

Başarsoft Rotaban is a service route optimization platform developed by the Turkish company Başarsoft. Versions of Başarsoft Rotaban prior to V2026.06.002 and V2026.06.003 contained code vulnerabilities. These vulnerabilities stemmed from the unlimited upload of dangerous type files, which could...

9.9CVSS5.4AI score0.00335EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 代码问题漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were code vulnerabilities in versions prior to 18.10 through 18.10.8...

6.5CVSS5.6AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

ClipBucket V5 安全漏洞

ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3 – including version 133 – contained security vulnerabilities. These vulnerabilities were due to lack of authorization, which could allow ordinary authenticated users...

6.5CVSS5.3AI score0.002EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.20 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions of GitLab CE/EE between 15...

4.3CVSS5.5AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

WordPress plugin Fediverse Embeds 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

5.3CVSS5.5AI score0.00229EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.13 views

Check Point Identity Agent Full 代码问题漏洞

Check Point Identity Agent Full is a terminal identity awareness agent developed by Check Point Technologies. There is a code vulnerability in Check Point Identity Agent Full, which stems from improper handling of executable file parsing during log collection. This vulnerability may allow...

7.8CVSS5.9AI score0.00124EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

VMware Spring Web Services 代码问题漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are code vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the use of...

8.6CVSS5.4AI score0.00383EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability caused by improper implementations in the Views component. This vulnerability could allow remote attackers to execute a sandbox escape by exploiting a...

8.3CVSS5.5AI score0.00191EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

Vim 注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim prior to 9.2.0495 contained a vulnerability due to the netrw plugin. This vulnerability stemmed from the s:NetrwBookHistSave function in the netrw plugin, which inserted directory names derived from the...

8.8CVSS5.7AI score0.00219EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Quest Bot 信息泄露漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.4 contained an information leakage vulnerability. This vulnerability stemmed from the logging feature not restricting channel access, allowing configured users to...

5.7CVSS5.3AI score0.00251EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

GitLab Enterprise Edition(EE) 安全漏洞

GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. Versions of GitLab EE prior to 15.5, 18.10.8, 18.11.5, and 19.0.2 contained security vulnerabilities. These vulnerabilities were caused by improper authorization in the Group SAML identity...

8.7CVSS5.3AI score0.00278EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a resource management vulnerability, which stems from a problem with reusing resources after they are released in the Autofill component. A remote attacker can exploit this vulnerability to destroy the...

5.3CVSS6AI score0.00227EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

Quest Bot 安全漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the AutoMod deletion process not verifying the server to which the rules belong, potential...

8.3CVSS5.3AI score0.00307EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

ClipBucket V5 操作系统命令注入漏洞

ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3 – including version 140 – contained an operating system command injection vulnerability. This vulnerability stemmed from the remote playback feature allowing direct...

9.8CVSS5.6AI score0.00603EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

CyberArk Idira Privileged Session Manager 操作系统命令注入漏洞

CyberArk Idira Privileged Session Manager is a privileged session management platform developed by the American company CyberArk. Versions of CyberArk Idira Privileged Session Manager for SSH prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6 contained an operating system command injection vulnerability...

8.8CVSS5.9AI score0.0055EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

PostgreSQL Anonymizer SQL注入漏洞

PostgreSQL Anonymizer is an open-source extension developed by DALIBO in France, designed to mask or replace personally identifiable information PII or commercially sensitive data in PostgreSQL databases. PostgreSQL Anonymizer has a SQL injection vulnerability. This vulnerability arises from...

7.5CVSS5.7AI score0.00247EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Axios 资源管理错误漏洞

Axios is an open-source HTTP client developed by Axios, based on Promise a solution for asynchronous programming. Versions of Axios prior to 0.32.0 and 1.16.0 have a resource management vulnerability. This vulnerability arises from failing to escape regular expression characters when constructing...

7.5CVSS5.3AI score0.00645EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability caused by improper implementations in the Mojo component. This vulnerability could allow local attackers to execute operating system-level privilege...

8.8CVSS5.4AI score0.0016EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.23 views

VMware Spring Web Services 安全漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are security vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from...

3.7CVSS5.4AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

WordPress plugin Fediverse Embeds 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

7.5CVSS5.5AI score0.00234EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

Axios 信息泄露漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios prior to 0.32.0 and 1.16.0 have a vulnerability known as information leakage. This vulnerability arises from the Node.js HTTP adapter, which may disclose proxy credentials during redirection, potentially leading to these...

7.5CVSS5.4AI score0.00552EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.19 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass issues during message reading operations, resulting in bypassing channel permissio...

7.1CVSS5.3AI score0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from the fact that extension metadata during market runtime could be redirected to load into unscanned packa...

8.8CVSS5.4AI score0.00419EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.28 views

VMware Spring Web Services 代码问题漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are code vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the defaul...

8.2CVSS5.5AI score0.00352EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.29 views

Apple多款产品 访问控制错误漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

5.3CVSS5.4AI score0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

KanaDojo 操作系统命令注入漏洞

KanaDojo is an attractive and customizable Japanese learning platform developed by lingdojo. KanaDojo has a vulnerability related to operating system command injection. This vulnerability arises from command injection, and it could allow attackers with access to pull requests to execute arbitrary...

8.5CVSS5.9AI score0.0091EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

CyberArk Idira Identity Browser Extension 访问控制错误漏洞

The CyberArk Idira Identity Browser Extension is a browser identity authentication extension developed by the American company CyberArk. Versions of the CyberArk Idira Identity Browser Extension prior to version 26.8.1 contained an access control vulnerability. This vulnerability stemmed from a...

8.4CVSS5.8AI score0.00161EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.6 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass in Telegram interaction callbacks, allowing authenticated users to bypass the...

8.8CVSS5.4AI score0.00312EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.20 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a cross-platform web browser developed by Google. It primarily offers functions such as web browsing, extension support, and multi-tab management. Google Chrome has a privilege escalation vulnerability, which stems from the VideoCapture component failing to properly validate memo...

5.3CVSS5.9AI score0.00189EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

ClipBucket V5 SQL注入漏洞

ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3 – including version 132 – contained an SQL injection vulnerability. This vulnerability stemmed from the number parameter in the POST /actions/subtitleedit.php reques...

8.8CVSS5.6AI score0.00307EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.11 views

gst-plugins-bad 缓冲区错误漏洞

gst-plugins-bad is a GStreamer open-source plugin. gst-plugins-bad has a buffer error vulnerability, which stems from the multiple slice processing loop in the gsth266 parser’s gsth266parserparsepicturepartition function. This loop does not check whether the slice index exceeds the boundary. When...

6.5CVSS5.6AI score0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Sonatype Nexus Repository 安全漏洞

Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. There are security vulnerabilities in Sonatype Nexus Repository. These vulnerabilities stem from authentication endpoint issue...

8.7CVSS5.4AI score0.00503EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.20 views

Google Chrome 输入验证错误漏洞

Google Chrome is a cross-platform web browser developed by Google. It is primarily used for accessing the internet and running web applications. Google Chrome has a security vulnerability that stems from improper handling of implementation logic in extensions. A remote attacker can exploit this...

3.1CVSS5.9AI score0.00208EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

KanaDojo 安全漏洞

KanaDojo is an attractive and customizable Japanese learning platform developed by lingdojo. Versions of KanaDojo prior to 0.18.0 contained security vulnerabilities. These vulnerabilities were caused by sandbox escape attacks, allowing attackers to execute arbitrary code by passing the global...

8.5CVSS6.3AI score0.00487EPSS
Exploits0References1
Total number of security vulnerabilities195539