Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from server-side request forgeing. This vulnerability could allow authenticated users with connector management privileges to bypass the...

7.7CVSS5.8AI score0.00199EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Music Player Daemon 安全漏洞

Music Player Daemon is an open-source music playback daemon. Versions of Music Player Daemon prior to 0.24.11 contained a security vulnerability. This vulnerability stemmed from a server-side request forgeing issue in CurlInputPlugin. When the CURLOPTFOLLOWLOCATION option was set, the...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

rustfs 访问控制错误漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained an access control vulnerability. This vulnerability stemmed from the fact that the GET /rustfs/console/license endpoint did not require authentication, allowing any client th...

6.9CVSS5.8AI score0.0031EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 29.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the joint token revalidation mechanism, which did not propagate the expiration...

8.1CVSS5.8AI score0.00249EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 29.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the application credential authentication plugin not verifying user identities...

8.8CVSS5.8AI score0.00303EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Kuma 安全漏洞

Kuma is a modern service mesh developed by Kuma OpenSource, based on Envoy. It can be run on Kubernetes and VMs, with single- or multi-zone capabilities, across various clouds. There were security vulnerabilities in versions of Kuma before 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5. These...

5.1CVSS5.8AI score0.00204EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Local Path Provisioner 安全漏洞

Local Path Provisioner is a Kubernetes local storage dynamic provisioning tool developed by Rancher. Versions of Local Path Provisioner prior to 0.0.36 contained security vulnerabilities. These vulnerabilities stemmed from insufficient validation of the helperPod.yaml template. Malicious users...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Zed 安全漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.229.0 contained security vulnerabilities. These vulnerabilities stemmed from the terminal tool’s permission system, which could be exploited by adding environment variables before allowed commands, allowing the hijacking...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

logback-core 安全漏洞

logback-core is the core module of the QOS.CH open-source logging framework. Versions of logback-core 1.5.32 and earlier contain security vulnerabilities. These vulnerabilities stem from the HardenedObjectInputStream module’s ability to deserialize untrusted data, which may lead to object injecti...

6.3CVSS5.8AI score0.0037EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

WordPress plugin PeachPay — Payments & Express Checkout for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

4.3CVSS5.7AI score0.00138EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

D-Link DWR-X1820 安全漏洞

The D-Link DWR-X1820 is a wireless router produced by D-Link Corporation. The D-Link DWR-X1820 has a security vulnerability. This vulnerability stems from the use of weak default passwords generated from the IMEI number, and no requirement is placed on users to change them. As a result, attackers...

6CVSS5.8AI score0.00141EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Universal Tool Calling Protocol 代码问题漏洞

Universal Tool Calling Protocol is an official Python implementation of the UTCP open-source protocol. Versions of Universal Tool Calling Protocol prior to 1.1.2 had code vulnerabilities. These vulnerabilities stemmed from the @utcp/http package’s blind SRFI vulnerability. The registerManual...

4.7CVSS5.9AI score0.00122EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Oracle Payroll 安全漏洞

Oracle Payroll is a corporate payroll calculation and distribution management system developed by Oracle, a company in the United States. Versions 12.2.3 to 12.2.15 of Oracle Payroll contain security vulnerabilities. These vulnerabilities stem from issues with the Internal Operations component,...

8.8CVSS5.8AI score0.00283EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

WordPress plugin FOX – Currency Switcher Professional for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.8AI score0.00213EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem...

7.5CVSS5.8AI score0.00273EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Oracle Payroll 安全漏洞

Oracle Payroll is an enterprise payroll calculation and payment management system developed by Oracle, a company in the United States. Versions 12.2.3 to 12.2.15 of Oracle Payroll contain security vulnerabilities. These vulnerabilities stem from issues with the Self Service Manager component, whi...

8.8CVSS5.8AI score0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

deepobj 安全漏洞

DeepObj is a deep object manipulation tool developed by RANFdev’s individual developer. Versions of DeepObj prior to 1.0.3 contained security vulnerabilities; these vulnerabilities could lead to prototype pollution when the property path included proto/constructor/prototype...

8.2CVSS5.8AI score0.00316EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

WordPress plugin Login No Captcha reCAPTCHA 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS5.7AI score0.00346EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Oracle Public Sector Financials (International) 安全漏洞

Oracle Public Sector Financials International is a financial management system for the public sector developed by Oracle Corporation. Versions 12.2.6 to 12.2.15 of Oracle Public Sector Financials International have security vulnerabilities. These vulnerabilities stem from issues with the...

7.7CVSS5.8AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Oracle iAssets 安全漏洞

Oracle iAssets is a corporate fixed asset self-service management system developed by Oracle, a company in the United States. Versions 12.2.3 to 12.2.15 of Oracle iAssets contain security vulnerabilities. These vulnerabilities stem from issues with the Internal Operations component, which may all...

9.9CVSS5.8AI score0.00283EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

XCharge C6 安全漏洞

XCharge C6 is a series of intelligent electric vehicle DC charging stations developed by the German company XCharge. The XCharge C6 has a security vulnerability, which stems from a stack-based buffer overflow in the signal processing logic. Attackers can exploit this vulnerability by physically...

8.6CVSS6.2AI score0.0023EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.18 views

CodeWhale 代码问题漏洞

CodeWhale is a terminal coding tool developed by Hunter Bown. Versions of CodeWhale prior to 0.8.22 contained code vulnerabilities. These vulnerabilities stemmed from the fetchurl tool’s ability to validate the IP address of the initial URL. However, the HTTP client was configured to follow...

7.4CVSS5.8AI score0.00226EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Oracle Payments 安全漏洞

Oracle Payments is a corporate payment processing and fund management platform owned by Oracle Corporation in the United States. Vulnerabilities exist in versions 12.2.3 to 12.2.15 of Oracle Payments, stemming from issues with the File Transmission component. These vulnerabilities could allow...

7.4CVSS5.8AI score0.00261EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

SDMC NE6037 信任管理问题漏洞

SDMC NE6037 is a wired modem produced by SDMC Corporation in China. The SDMC NE6037 cable modem routers come in versions 7.1.6.0.25 and 7.1.6.1.9B9. There are vulnerabilities related to trust management in these versions. The vulnerability stems from hard-coded passwords present in the Web...

9.8CVSS5.8AI score0.00535EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux 6.8, 7.17, and 7.0 versions have security vulnerabilities. These vulnerabilities stem from the use of uninitialized variables in notification processing code, which may lead t...

3.3CVSS5.8AI score0.00092EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux 6.8 version contained a security vulnerability. This vulnerability stemmed from the AppArmor AFINET/AFINET6 socket mediation code, where uninitialized variables might have bee...

3.3CVSS5.8AI score0.00094EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux 6.8 version contained a security vulnerability. This vulnerability stemmed from the lack of lock acquisition when modifying linked lists, which could lead to race conditions...

7.8CVSS6.1AI score0.00114EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the IO buffer of the xboxremote driver is located within the device structure,...

5.9AI score0.00119EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the batman-adv module’s failure to release the backbonegw reference when inserting a statement in...

5.8AI score0.00119EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.17 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the SPI/RSPI controller releases underlying resources such as DMA without properly...

5.8AI score0.00119EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iris driver continuing to access the buffer after calling sessionreleasebuf, potentially...

7.8CVSS5.9AI score0.00124EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the SPI controller does not properly unregister the controller before releasing...

5.8AI score0.00119EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper error handling in the drm/msm/gem module. This vulnerability may lead to null pointer...

5.8AI score0.00127EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the automatic dimming code in the HID applet b-kbd calling backlightdevicesetbrightness within...

5.9AI score0.00128EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the nodecnt competition between the destruction and write-back operations of extent nodes in f2fs...

5.8AI score0.00093EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the kthread lifecycle competition in the Wi-Fi RSI driver. When the kthreadcompleteandexit is...

5.8AI score0.00093EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the issue where sk is released during the ADDADDR retransmission in mptcp pm. This can lead to sk...

5.8AI score0.00127EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of atomic context scheduling in mptcp timestamp sockopt. This could lead to an atomic pan...

5.8AI score0.00128EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the LPGETSTATUS ioctl command in the usblp driver. This command fails to initialize heap memory,...

5.8AI score0.00128EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the cgroup setter in schedext reading scxroot before acquiring a lock. This could lead to reusing...

7CVSS5.8AI score0.0012EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the possibility of the length of the clc buffer in the mt7921 component decreasing below zero,...

5.9AI score0.00129EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

InHand IR Series 安全漏洞

The InHand IR Series is a series of industrial-grade cellular wireless routers produced by InHand Corporation in the United States. The InHand IR Series contains a security vulnerability, which stems from command injection in the IPSec VPN function. This vulnerability could allow attackers to gai...

9.8CVSS5.9AI score0.01243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

InHand IR Series 安全漏洞

The InHand IR Series is a series of industrial-grade cellular wireless routers produced by InHand Corporation in the United States. Several products in the InHand IR Series have security vulnerabilities. These vulnerabilities stem from command injection in the Admin Access function, which may all...

9.8CVSS5.9AI score0.01243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Tiny Technologies TinyMCE 跨站脚本漏洞

TinyMCE is a rich text editor developed by Tiny Technologies in the United States. Versions of TinyMCE prior to 5.11.1, 7.9.3, and 8.5.1 contained cross-site scripting vulnerabilities. These vulnerabilities stemmed from uncleaned data-mce- attributes, which could lead to storage-type XSS attacks...

8.7CVSS5.7AI score0.00281EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

TinyMCE 跨站脚本漏洞

TinyMCE is an open-source rich text editor developed by Tiny Technologies in the United States. Versions of TinyMCE prior to 5.11.1, 7.9.3, and 8.5.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-type XSS vulnerability in the media plugin. Attackers cou...

8.7CVSS5.7AI score0.00264EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Tiny Technologies TinyMCE 跨站脚本漏洞

TinyMCE is a rich text editor developed by Tiny Technologies in the United States. Versions of TinyMCE prior to 5.11.1, 7.9.3, and 8.5.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from forged mce:protected annotations, which could lead to storage-type XSS attacks...

8.7CVSS5.6AI score0.00281EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

WordPress plugin Shariff Wrapper 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00222EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Sensorweb ScadaBR 安全漏洞

Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation, designed for developing automated data acquisition and monitoring applications. Sensorweb ScadaBR has a security vulnerability, which stems from a reflection-type cross-site scripting issue in URL processing...

6.1CVSS5.6AI score0.00158EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Veeam Agent for Microsoft Windows 安全漏洞

Veeam Agent for Microsoft Windows is a data protection and disaster recovery solution developed by Veeam Corporation in the United States. Veeam Agent for Microsoft Windows has a security vulnerability that may lead to an increase in local privileges...

7.3CVSS7.1AI score0.00154EPSS
Exploits0References2
Total number of security vulnerabilities195539