Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Assisted Migration Agent 后置链接漏洞

Assisted Migration Agent is an open-source virtualization environment data collection and migration planning tool developed by KubeV2V. Assisted Migration Agent has a post-installation vulnerability, which stems from an unauthenticated attacker located within the same network. This attacker...

9.6CVSS5.8AI score0.00291EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

image-size 资源管理错误漏洞

image-size is a lightweight image size retrieval tool developed by image-size. Versions of image-size 2.0.2 and earlier have security vulnerabilities. These vulnerabilities stem from infinite loops within the JXL or HEIF image parser, which could allow remote attackers to permanently block the...

8.7CVSS6AI score0.0043EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

NoMachine 参数注入漏洞

NoMachine is a remote desktop access tool developed by NoMachine Company in Luxembourg. Versions of NoMachine prior to 9.5.7 and 8.23.2 contained a parameter injection vulnerability. This vulnerability stemmed from improper of parameter separators in commands, which could lead to parameter...

7.3CVSS5.5AI score0.00131EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

WordPress plugin BuddyPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.5AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

NSA Ghidra SQL注入漏洞

NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Prior to version 12.1 of NSA Ghidra, there was a SQL injection vulnerability. This vulnerability stemmed from the BSim filter type, which directly...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

Metrics::Any::Adapter::DogStatsd 注入漏洞

Metrics::Any::Adapter::DogStatsd is a Perl metric collection adapter module developed by PEVANS’ personal developers. Versions of Metrics::Any::Adapter::DogStatsd prior to 0.04 contained an injection vulnerability. This vulnerability occurred because the tags function did not check the line break...

9.1CVSS5.3AI score0.00343EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

WordPress plugin Doctreat Core 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS5.5AI score0.00494EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a security vulnerability in Palo Alto Networks PAN-OS, which stems from privilege escalation. This vulnerability may allow authenticated administrators with access through the comma...

8.5CVSS5.5AI score0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

ESP-IDF 输入验证错误漏洞

ESP-IDF is an open-source development framework for Espressif’s Espressif SoC, supported on Windows, Linux, and macOS. Versions 5.5.4 and 6.0 of ESP-IDF contain input validation vulnerabilities. These vulnerabilities stem from the ESP-TEE security service wrapper, which only validates the pointer...

7.1CVSS5.3AI score0.00117EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

BoxLite 路径遍历漏洞

BoxLite is an open-source embedded microvirtual machine runtime developed by BoxLite. It provides hardware-isolated secure sandboxes for AI agents and code execution scenarios. Versions of BoxLite prior to 0.9.0 contained a path traversal vulnerability. This vulnerability stemmed from the lack of...

9.6CVSS6.4AI score0.00482EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

AWS Cloud Development Kit 操作系统命令注入漏洞

AWS Cloud Development Kit is an open-source software development framework developed by Amazon Web Services. It is used to define cloud infrastructure in code and configure it using AWS CloudFormation. Versions of the AWS Cloud Development Kit prior to 2.245.0 contained a vulnerability related to...

7.3CVSS5.8AI score0.00936EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

ImageMagick 输入验证错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-24 contained a vulnerability related to input validation errors. This vulnerability...

7.5CVSS5.3AI score0.00346EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

OpenEMR 跨站脚本漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.1 contained a cross-site...

8.7CVSS4.9AI score0.00208EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Spring Security 授权问题漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. Vulnerabilities related to authorization exist in versions 5.7.0 to 5.7.24, 5.8.0 to 5.8.26, 6.3.0 to 6.3.17, 6.4.0 to 6.4.17, and 6.5.0 to 6.5.10 of Spring Security...

8.1CVSS5.4AI score0.00116EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Vulnerabilities existed in versions of ImageMagick before 6.9.13-48 and 7.1.2-23, particularly due to a security flaw where...

4.1CVSS5.7AI score0.00092EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

Fission 访问控制错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.23.0 contained a access control vulnerability. This vulnerability stemmed from routers registering internal routes for each Function object, allowing any caller who has access to the router...

9.8CVSS5.3AI score0.00353EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Apache Answer 授权问题漏洞

Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier contained security vulnerabilities. These vulnerabilities were due to improper restrictions on security token allocation, which could allow administrator accounts to be...

7.2CVSS5.8AI score0.00448EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

QNAP qumagie 信息泄露漏洞

QNAP Systems QuMagie is a QTS photo management application developed by QNAP Systems. There is a security vulnerability in QNAP Systems QuMagie, which stems from lack of authorization. This vulnerability may allow remote attackers to access unauthorized data or perform unauthorized operations. Th...

8.7CVSS5.9AI score0.00322EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

National Security Agency Ghidra 路径遍历漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Prior to version 12.1 of National Security Agency Ghidra, there was a path traversal vulnerability. This vulnerability stemmed from SameDirDebugInfoProvider failing to valida...

4.6CVSS5.5AI score0.00185EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Erlang/OTP 输入验证错误漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by Node.js’s built-in APIs. Versions of Erlang/OTP between 5.10 and 9.7.1, 9.6.2.2, and 9.3.2.6 have a vulnerability related to input validation errors. This vulnerability arises...

7.1CVSS5.3AI score0.00335EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

BoxLite 安全漏洞

BoxLite is an open-source embedded microvirtual machine runtime developed by BoxLite. It provides hardware-isolated secure sandboxes for AI agents and code execution scenarios. Versions of BoxLite 0.8.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from using a...

6.5CVSS5.9AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-25 contained security vulnerabilities. These vulnerabilities stemmed from specially crafted...

6.2CVSS5.5AI score0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS before Monterey 12.4 contained security vulnerabilities. These vulnerabilities were due to consistency issues, which could allow those with access to a Mac to bypass th...

3.5CVSS5.3AI score0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

QNAP QTS 输入验证错误漏洞

QNAP Systems QuTScloud is a product of QNAP Systems. It is a cloud-optimized version of the QNAP NAS operating system. QNAP Systems QTS is software with data storage and management capabilities. QNAP Systems QuTS Hero is also software with data storage and management capabilities. Several product...

5.1CVSS5.9AI score0.00288EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Canarytokens 注入漏洞

Canarytokens is a network activity tracking system open sourced by Thinkst Applied Research. Canarytokens has a injection vulnerability, which stems from HTML injections in the fetch links emails. This vulnerability may lead to interface manipulation and cross-site scripting attacks in email...

5.1CVSS4.9AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

WordPress plugin Yoast Duplicate Post 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.1CVSS5.2AI score0.00104EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Dahua多款产品 安全漏洞

Dahua SD, among others, are products of China’s Dahua Corporation. Dahua SD is a series of cloud-based tabletop cameras. Dahua NVR is a series of network video recorders. Dahua XVR is a series of devices capable of recording and displaying high-definition and IP cameras. Several Dahua products ha...

8.7CVSS5.5AI score0.00395EPSS
Exploits3References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.26 views

Pipecat 路径遍历漏洞

Pipecat is an open-source development framework developed by Pipecat that supports real-time audio and video stream processing as well as AI-powered dialogue interactions. Versions of Pipecat from 0.0.90 to 1.2.0 contained a path traversal vulnerability. This vulnerability stemmed from path...

7.5CVSS8.3AI score0.00423EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

lmdeploy 代码注入漏洞

lmdeploy is a toolkit developed by InternLM for compressing, deploying, and serving LLMs. Versions of lmdeploy prior to 0.12.3 have a code injection vulnerability. This vulnerability stems from the hardcoding of trustremotecode=True at multiple HuggingFace model loading points, which may allow...

7.8CVSS5.8AI score0.00142EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

JavaScript Cookie 安全漏洞

JavaScript Cookie is a lightweight JavaScript cookie operation library developed by js-cookie. Versions of JavaScript Cookie prior to 3.0.7 contained security vulnerabilities. These vulnerabilities stemmed from the use of the for...in loop and standard assignment methods to copy properties within...

7.5CVSS5.3AI score0.00432EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

VMware Spring AMQP 信任管理问题漏洞

VMware Spring AMQP is a message queue integration framework developed by VMware, Inc. There is a vulnerability related to trust management in VMware Spring AMQP. This vulnerability arises when configuring a proxy connection using RabbitConnectionFactoryBean.setUriamqps://…, without calling...

4CVSS5.3AI score0.00132EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Plane 安全漏洞

Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane prior to 1.3.1 contained a security vulnerability. This vulnerability stemmed from an oversight in asset authorization across workpaces, allowing any authenticated user to read, copy, delet...

8.3CVSS5.3AI score0.0028EPSS
Exploits3References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.22 views

kafka-python 安全漏洞

Kafka-Python is a distributed stream processing engine client library written entirely in Python by Dana Powers. Versions of Kafka-Python prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of boundary validation for the 4-byte frame length value in the...

8.7CVSS5.3AI score0.00348EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

Russh 输入验证错误漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. In versions of Russh from 0.34.0 to 0.61.0, there was an input validation vulnerability. This vulnerability stemmed from multiple message processors decoding attacker-controlled SSH strings, name lists, and...

7.5CVSS5.4AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities stem from the Container Executor’s path, which allows tenants to directly provide Function.spec.podspec. The executor merges thi...

9.9CVSS5.3AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.5.0 contained a security vulnerability. This vulnerability occurred when processing RequestBatchSet messages that contained the hash of the genesis block, causing Policy::macroblockbefore to cra...

5.3CVSS5.3AI score0.00291EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

Palo Alto Networks PAN-OS 代码问题漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a code vulnerability in Palo Alto Networks PAN-OS, which stems from memory corruption during tunnel traffic processing. This vulnerability could allow authenticated users to initiat...

6.9CVSS5.5AI score0.00192EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

Russh 授权问题漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. In versions of Russh from 0.34.0-beta.1 to 0.61.0, there was an authorization vulnerability. This vulnerability stemmed from the server authentication path not separating the internal authentication state whe...

5.3CVSS5.3AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

Dahua IPC 安全漏洞

Dahua IPC is a series of industrial control computers produced by Dahua Corporation in China. There is a security vulnerability in Dahua IPC. This vulnerability stems from the possibility of obtaining the CA root certificate. If this CA is installed and trusted on the client system, an attacker c...

2.3CVSS5.3AI score0.0019EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

National Security Agency Ghidra 资源管理错误漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to version 12.1 contained a resource management vulnerability. This vulnerability stemmed from the use of the...

4.6CVSS5.4AI score0.00144EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.25 views

dracut project dracut 命令注入漏洞

Dracut is an event-driven initramfs generation tool developed by Dracutdevs. Dracut has a vulnerability related to operating system command injection. This vulnerability arises when remote attackers provide custom DHCP options, which are improperly processed and written into temporary shell...

7.5CVSS6.1AI score0.01131EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

S2OPC OPC UA Toolkit 信任管理问题漏洞

S2OPC OPC UA Toolkit is an open-source development toolkit for OPC UA communication, developed by Systerel. The S2OPC OPC UA Toolkit has a trust management vulnerability, which stems from improper comparison with a list of trusted certificates. This vulnerability may cause well-formatted, untrust...

7.3CVSS5.2AI score0.00119EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.29 views

Jenkins 代码问题漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have code vulnerabilities...

8.8CVSS5.6AI score0.14907EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

389 Directory Server 安全漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. There is a security vulnerability in 389 Directory Server, which stems from the fact that the length of the ocsuperior field is not taken into account when calculating...

6.5CVSS5.5AI score0.00349EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of LightBlockchain::rebranch, which only updated self.head when a fork chain was adopted, without updating...

6.5CVSS5.4AI score0.00259EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Umbraco 输入验证错误漏洞

Umbraco is an open-source content management system CMS written in C by the Danish company Umbraco. Versions of Umbraco before 13.14.0 and 17.4.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from some Surface controllers failing to validate the redirect...

6.1CVSS5.3AI score0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Palo Alto Networks Cortex XSIAM CommvaultSecurityIQ Marketplace和Palo Alto Networks Cortex XSOAR CommvaultSecurityIQ Marketplace 安全漏洞

Palo Alto Networks Cortex XSIAM CommvaultSecurityIQ Marketplace and Palo Alto Networks Cortex XSOAR CommvaultSecurityIQ Marketplace are both products of Palo Alto Networks. The Palo Alto Networks Cortex XSIAM CommvaultSecurityIQ Marketplace is a security operations integration extension package...

9.3CVSS5.4AI score0.00315EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-22 contained a buffer error vulnerability. This vulnerability stemmed...

7.1CVSS5.8AI score0.00122EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Metrics::Any::Adapter::Statsd 注入漏洞

Metrics::Any::Adapter::Statsd is a Perl metric collection adapter module developed by PEVANS’s individual developers. Versions of Metrics::Any::Adapter::Statsd prior to version 0.04 contained an injection vulnerability. This vulnerability stemmed from the send method not verifying the content of...

8.2CVSS5.3AI score0.00323EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

NSA Ghidra 路径遍历漏洞

NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Prior to version 12.2 of NSA Ghidra, there was a path traversal vulnerability. This vulnerability stemmed from IsfServer not verifying the namespace strin...

6.5CVSS5.4AI score0.00457EPSS
Exploits1References1
Total number of security vulnerabilities195539