Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

OpenVM 输入验证错误漏洞

OpenVM is an open-source, high-performance, and modularized zkVM framework designed for customization and scalability. Prior to OpenVM 1.6.0, there was a vulnerability related to input validation errors. This vulnerability stemmed from the tryhonestpairingcheck function in the openvm-pairing...

8.7CVSS5.3AI score0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

QNAP Systems Notification Center 跨站请求伪造漏洞

QNAP Systems Notification Center is a system event alert and notification software developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems Notification Center prior to 1.10.0.3291 contained a cross-site request forgery vulnerability. This vulnerability allows remote...

5.1CVSS5.2AI score0.00184EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

National Security Agency Ghidra 路径遍历漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to 12.0.2 contained a path traversal vulnerability. This vulnerability stemmed from the extended installer’s failure to...

8.4CVSS5.5AI score0.00215EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

Fission 访问控制错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.23.0 contained a access control vulnerability. This vulnerability stemmed from the storagevc component failing to perform any authentication or authorization when registering the archive CR...

8.8CVSS5.3AI score0.00344EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

NSA Ghidra SQL注入漏洞

NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Prior to version 12.1 of NSA Ghidra, there was a SQL injection vulnerability. This vulnerability stemmed from the changePassword method of the...

8.8CVSS5.7AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Debusine 安全漏洞

Debusine is a software supply chain management platform for the Debian community, focused on package building, testing, analysis, and distribution. There is a security vulnerability in Debusine, which stems from the lack of permission checks performed on endpoints related to the creation and...

6.5CVSS5.3AI score0.00199EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.24 views

WordPress plugin Simple Link Directory 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.4CVSS5AI score0.00141EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

Apache OFBiz 代码注入漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.07 had a code injection vulnerability. This vulnerability stemmed from improper co...

8.8CVSS5.8AI score0.00657EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

VMware Spring Data REST 访问控制错误漏洞

VMware Spring Data REST is a data interface provided by the American company VMware. It is used to build domain models based on Spring Data repositories, and to expose hypermedia-driven HTTP resources for aggregates contained within those models. VMware Spring Data REST versions 3.7.0 and earlier...

7.5CVSS5.4AI score0.00306EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

WordPress plugin Xstore SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

8.6CVSS5.7AI score0.00282EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

Erlang/OTP 代码问题漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by Node.js’s built-in APIs. There were code vulnerabilities in versions of Erlang/OTP inets 5.10.4 to 7.0, as well as in versions of ftp 1.0 to 1.2.6.4, 1.2.4.1, and 1.2.3.1. These...

6.5CVSS5.4AI score0.00234EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

Lenovo Android Application 安全漏洞

Lenovo Android Application is an application developed by Lenovo Corporation, designed for managing Lenovo devices. There is a security vulnerability in Lenovo Android Application, which stems from websites accessed via the built-in browser potentially overwriting system clipboard contents...

5.1CVSS5.3AI score0.00171EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Roxy-WI 跨站脚本漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of escaping of the wrapline and highlightword functions when...

6.1CVSS5.5AI score0.00149EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Xibo 跨站脚本漏洞

Xibo is a digital signage content management tool developed by Dan Garner. Versions of Xibo prior to 4.4.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored XSS attacks and an Iframe sandbox escape chain, which could allow users with DataSet permissions to use...

7.6CVSS4.9AI score0.0011EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.11 views

draw.io 跨站脚本漏洞

Draw.IO is an open-source configurable charting and whiteboard application. Versions of Draw.IO prior to 29.7.12 had a cross-site scripting vulnerability. This vulnerability occurred because the feature detection routine in the Text Format panel did not clean up the original cell labels, allowing...

6.1CVSS5.4AI score0.00221EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

WordPress plugin WPZOOM Portfolio 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5AI score0.00342EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.25 views

Splunk Enterprise 权限许可和访问控制问题漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an access control...

5.5CVSS5.9AI score0.00189EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

National Security Agency Ghidra 代码问题漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Previous versions of National Security Agency Ghidra, such as version 12.1, had code vulnerabilities. These vulnerabilities stemmed from insecure deserialization in the RMI...

8.8CVSS6.2AI score0.0071EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

WordPress plugin BuddyPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.1CVSS5.5AI score0.00288EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

ESP-IDF 安全漏洞

ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0 of ESP-IDF contain security vulnerabilities. These vulnerabilities stem from a buffer overflow in the session setting path of the protocomm...

7.1CVSS6AI score0.00325EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

lmdeploy 代码注入漏洞

lmdeploy is a toolkit developed by InternLM for compressing, deploying, and serving LLMs. Versions of lmdeploy prior to 0.12.3 have a code injection vulnerability, which stems from the hard-coded trustremotecode=True setting. This vulnerability could lead to remote code execution within the...

7.8CVSS6.3AI score0.00148EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

NSA Ghidra 资源管理错误漏洞

NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Prior to version 12.1 of NSA Ghidra, there was a resource management vulnerability. This vulnerability stemmed from iterator failures during the...

6.9CVSS5.5AI score0.00169EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Broadcom Layer7 API Gateway 代码问题漏洞

Broadcom Layer7 API Gateway is an enterprise-level API gateway platform provided by Broadcom Corporation. There are code-related vulnerabilities in the Broadcom Layer7 API Gateway. These vulnerabilities originate from the interaction between client applications and the API gateway server...

5.3CVSS6.2AI score0.00317EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities arise from the exposure of spec.runtime.podSpec and spec.builder.podSpec in the Environment CRD during merging, without filterin...

9.9CVSS5.4AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

bit7z 路径遍历漏洞

bit7z is a file compression/uncompression tool developed by Riccardo as an individual project. Versions of bit7z prior to 4.0.12 contained a path traversal vulnerability. This vulnerability stemmed from a one-byte error in the SafeOutPathBuilder::restoreSymlink function, which could allow attacke...

3.6CVSS5.3AI score0.00116EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

ESP-IDF 输入验证错误漏洞

ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.5.4 and 6.0 of ESP-IDF contain input validation vulnerabilities. These vulnerabilities stem from issues with the security service wrapper component in the esptee module, which...

9.3CVSS5.3AI score0.00126EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

National Security Agency Ghidra 路径遍历漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to 12.0.4 contained a path traversal vulnerability. This vulnerability stemmed from the theme import feature not verifying...

8.4CVSS5.5AI score0.00215EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Silverpeas 安全漏洞

Silverpeas is an open-source business collaboration platform developed by Silverpeas. This platform includes applications such as project management, blogs, forums, and document management. Versions of Silverpeas prior to 6.4.6 contained security vulnerabilities, which were caused by improper...

6.5CVSS5.3AI score0.00327EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

NSA Ghidra 安全漏洞

NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Previous versions of NSA Ghidra, such as version 12.1, contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the...

6.7CVSS5.4AI score0.00151EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

ImageMagick 资源管理错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2.23 and 6.9.13-48 contained a resource management vulnerability. This vulnerability stemmed from...

7.5CVSS5.3AI score0.00301EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Roxy-WI 输入验证错误漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from HAProxy saving unvalidated and unescaped JSON field values direct...

9.9CVSS6AI score0.00439EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

QNAP QTS 路径遍历漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have path traversal vulnerabilities, which allow remote attackers to access unexpected files or system data after...

6.5CVSS6AI score0.00392EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.22 views

WordPress plugin Yoast Duplicate Post 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.2AI score0.00141EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

VMware Spring Data KeyValue和VMware Spring Data Redis 安全漏洞

VMware Spring Data KeyValue and VMware Spring Data Redis are both products of the American company VMware. VMware Spring Data KeyValue is a key-value storage data access framework. VMware Spring Data Redis is a Redis data access framework. Both VMware Spring Data KeyValue and VMware Spring Data...

6.4CVSS5.4AI score0.00202EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

VMware Spring Data Commons 安全漏洞

VMware Spring Data Commons is a data access abstraction framework developed by VMware, Inc. There is a security vulnerability in VMware Spring Data Commons. This vulnerability stems from the internal property lookup cache, which permanently retains strings provided by attackers as cache keys...

7.5CVSS5.4AI score0.00363EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

TP-LINK Archer 操作系统命令注入漏洞

TP-LINK Archer is a series of routers produced by TP-LINK Corporation. The TP-LINK Archer has a vulnerability related to operating system command injection, which stems from improper filtering of special characters in the VPN module. This vulnerability may allow adjacent, authenticated attackers ...

8.5CVSS5.9AI score0.01069EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

WordPress plugin Anti-Spam by CleanTalk 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.2AI score0.00296EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

Nimiq 代码问题漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.4.0 had code vulnerabilities. These vulnerabilities stemmed from the DhtResults accumulator in handledhtget, which was only initialized when the first DHT record passed validation. This allowed...

7.5CVSS5.3AI score0.00346EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.29 views

VMware Spring Security 代码问题漏洞

VMware Spring Security is a security framework provided by the American company VMware, designed to provide descriptive security protection for Spring-based applications. Versions of VMware Spring Security from 7.0.0 to 7.0.5 have code vulnerabilities. These vulnerabilities stem from attackers wh...

7.3CVSS5.5AI score0.00198EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

WordPress plugin Store Locator 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

3.5CVSS5.1AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

Umbraco 跨站脚本漏洞

Umbraco is an open-source content management system CMS written in C by the Danish company Umbraco. Versions of Umbraco from 14.0.0 to 17.4.0 had a cross-site scripting vulnerability. This vulnerability allowed authenticated users to inject HTML into input fields, with improperly encoded output i...

4.6CVSS5AI score0.00136EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

spring security 资源管理错误漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. There is a resource management vulnerability in Spring Security. This vulnerability arises from the use of spring-security-saml2-service-provider and REDIRECT when...

7.5CVSS5.9AI score0.00331EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

National Security Agency Ghidra 数据伪造问题漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Prior to version 12.1 of National Security Agency Ghidra, there was a data manipulation vulnerability. This vulnerability stemmed from the PKIAuthenticationModule.authenticat...

8.8CVSS5.3AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.25 views

VMware Spring Data MongoDB 安全漏洞

VMware Spring Data MongoDB is a MongoDB data access framework developed by the American company VMware. There is a security vulnerability in VMware Spring Data MongoDB, which stems from insufficient validation of bound parameters in repository query methods using the @Query annotation and regular...

5.9CVSS5.3AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Slate Digital Connect 安全漏洞

Slate Digital Connect is an audio plugin management and licensing client developed by Slate Digital. Version 1.37.0 of Slate Digital Connect contains a security vulnerability. This vulnerability stems from a check-time and usage-time race condition in the PID-based client authentication process. ...

8.4CVSS5.3AI score0.00131EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.36 views

QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞

QNAP Systems QTS and QNAP Systems QuTS Hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability stems from command injection, which...

8.6CVSS6AI score0.00977EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Prior versions of the Nimiq network-libp2p 1.4.0 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of the kad get-record query, where incorrect validation of records resulted in...

5.3CVSS5.3AI score0.00297EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

ESP-IDF 缓冲区错误漏洞

ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1 of ESP-IDF contain buffer overflow vulnerabilities. These vulnerabilities stem from an out-of-bounds read issue in the DHCP server option...

6.5CVSS5.8AI score0.00246EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

Jenkins 安全漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have security vulnerabilitie...

5.3CVSS5.4AI score0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

ImageMagick 资源管理错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-47 and 7.1.2-22 contained a resource management vulnerability. This vulnerability stemmed from a...

7.5CVSS5.3AI score0.00495EPSS
Exploits0References2
Total number of security vulnerabilities195539