Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

Russh 输入验证错误漏洞

Russh is a Rust SSH client and server library developed by Eugene as an individual contributor. In versions of Russh from 0.37.0 to 0.61.0, there was a vulnerability related to input validation errors. This vulnerability stemmed from the keyboard interaction authentication process, where a...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

VMware Spring Data Relational 安全漏洞

VMware Spring Data Relational is a relational database access framework developed by VMware, Inc. There is a security vulnerability in VMware Spring Data Relational, which stems from the improper escaping of external control inputs when using StringMatcher in Query By Example. Attackers can use...

4.8CVSS5.3AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

ESP-IDF 缓冲区错误漏洞

ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0 of ESP-IDF contain buffer error vulnerabilities, which stem from out-of-bounds reads in the BlueDroid AVRCP vendor-command parser...

4.6CVSS5.5AI score0.00228EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Cloud hypervisor 资源管理错误漏洞

Cloud Hypervisor is a virtual machine monitor developed by Cloud Hypervisor Company, designed for modern cloud workloads. Versions of Cloud Hypervisor from 21.0 to 51.2 contained a resource management vulnerability. This vulnerability stemmed from submitting two virtio-block descriptors with the...

8.9CVSS5.3AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-49 and 7.1.2-24 contained security vulnerabilities. These vulnerabilities stemmed from the...

4.7CVSS5.3AI score0.00092EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

VMware Spring for Apache Kafka 输入验证错误漏洞

VMware Spring for Apache Kafka is a Kafka messaging integration framework developed by VMware, Inc. Versions of Spring for Apache Kafka such as 4.0.0 and earlier, 3.3.0 and earlier, 3.2.0 and earlier, 2.9.0 and earlier, and 2.8.0 and earlier have a input validation vulnerability. This vulnerabili...

6.5CVSS5.4AI score0.0024EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...

5.7CVSS5.8AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Jenkins 输入验证错误漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have a vulnerability related...

7.4CVSS5.5AI score0.00364EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of inclusion of CAPSYSTIME in the capability checks during PodSpec security validation. As a result, tenan...

8.5CVSS5.5AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Concrete CMS 代码问题漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS prior to 9.5.2 had code vulnerabilities. These vulnerabilities stemmed from calls to the unserialize function in the Permission, Cache, and Search components, which could allow unauthorize...

8.4CVSS5.6AI score0.0014EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Metrics::Any::Adapter::SignalFx 注入漏洞

Metrics::Any::Adapter::SignalFx is a Perl metric collection adapter module developed by PEVANS’ personal developers. Versions of Metrics::Any::Adapter::SignalFx prior to version 0.04 contained an injection vulnerability. This vulnerability occurred because the labels function did not check for li...

6.5CVSS5.3AI score0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

VMware Spring Data REST 安全漏洞

VMware Spring Data REST is a data interface provided by the American company VMware. It is used to build HTTP resources that drive hypermedia, based on Spring Data repositories. These resources are designed to manage domain models of applications and provide hypermedia-driven services for...

8.1CVSS5.4AI score0.00393EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions, developed by Erlang/OTP. This library can catch exceptions caused by Node.js’s built-in APIs. Erlang/OTP ssh versions prior to 6.0.0 had a security vulnerability. This vulnerability stemmed from the sshauth module’s use of...

6.3CVSS5.4AI score0.00354EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability stems from command injection, which...

8.6CVSS6AI score0.01049EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

Splunk Cloud Platform和Splunk Enterprise 访问控制错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. Vulnerabilities in access control...

9.8CVSS5.8AI score0.88171EPSS
Exploits5References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Frappe Learning Management System 注入漏洞

Frappe Learning Management System is an easy-to-use open-source learning management system developed by Frappe. Versions of the Frappe Learning Management System prior to 2.53.0 had a injection vulnerability. This vulnerability allowed authenticated users to provide malicious content in certain...

5.4CVSS5.3AI score0.00136EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

FlashMQ 安全漏洞

FlashMQ is a fast and lightweight MQTT proxy server developed by Wiebe Cazemier. Versions of FlashMQ prior to 1.26.2 contained a security vulnerability. This vulnerability stemmed from the ability of authorized clients to submit excessive requests beyond the allowed buffer size, triggering an...

6.5CVSS5.5AI score0.00301EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Fission 访问控制错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained a access control vulnerability. This vulnerability stemmed from the Fission Function’s access webhook verifying that the spec.secrets.namespace and spec.configmaps.namespace...

8.5CVSS5.3AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

Snappy 代码问题漏洞

Snappy is a PHP library developed by KNP Labs’ individual developers. It allows for the generation of thumbnails, snapshots, or PDFs from URLs or HTML pages. Versions of Snappy prior to 1.7.0 contained code vulnerabilities. These vulnerabilities stemmed from the xsl-style-sheet option, which coul...

6.9CVSS5.5AI score0.00249EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.27 views

ConnectWise ScreenConnect 安全漏洞

ConnectWise ScreenConnect is a self-hosted remote desktop software application developed by ConnectWise. Versions of ConnectWise ScreenConnect prior to version 26.2 contained a security vulnerability. This vulnerability stemmed from the lack of input validation for the token expiration duration...

4.7CVSS5.4AI score0.00221EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

WordPress plugin Juicer 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.3AI score0.00158EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

ImageMagick 资源管理错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2.23 and 6.9.13-48 contained a resource management vulnerability. This vulnerability stemmed from...

7.5CVSS5.3AI score0.00301EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

WordPress plugin Schema and Structured Data for WP and AMP 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

9.1CVSS5.5AI score0.00426EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained a security vulnerability. This vulnerability stemmed from the lack of validation in the Environment.spec.runtime.podSpec/spec.builder.podSpec field. When using MergePodSpec,...

9.9CVSS5.3AI score0.003EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-24 contained a buffer error vulnerability. This vulnerability could occur when using the...

5.5CVSS5.6AI score0.00103EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Roxy-WI 代码问题漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier have a code vulnerability. This vulnerability stems from the /smon/agent/route function directly passing URL path components to requests.get, which may all...

6.5CVSS5.4AI score0.00218EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

QNAP license center 路径遍历漏洞

QNAP Systems License Center is a licensing management system operated by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems License Center prior to 1.9.56 contained a path traversal vulnerability. This vulnerability allows local attackers to use administrative accounts to...

6.9CVSS5.9AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

ImageMagick 代码问题漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. There were code-related vulnerabilities in versions of ImageMagick prior to 6.9.13-50 and 7.1.2-25. These vulnerabilities stemmed from...

4.3CVSS5.3AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-23 contained security vulnerabilities. These vulnerabilities were caused by a lack of depth checks,...

6.2CVSS5.3AI score0.0012EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

ImageMagick 资源管理错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-47 and 7.1.2-22 contained a resource management vulnerability due to a lack of chec...

7.5CVSS5.2AI score0.00441EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-47 and 7.1.2-22 contained a buffer error vulnerability. This vulnerability occurred when malicious...

5.1CVSS5.6AI score0.0012EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions, developed by Erlang/OTP. This library can catch exceptions caused by the built-in APIs of node.js. There were security vulnerabilities in versions of Erlang/OTP erts prior to 15.2.7.9, as well as in versions 16.4.0.2 and...

8.8CVSS5.8AI score0.00497EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained a buffer error vulnerability. This vulnerability could be...

5.7CVSS5.7AI score0.00093EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

ImageMagick 信息泄露漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained a vulnerability related to information leakage. This vulnerability stemm...

4.1CVSS5.3AI score0.00109EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

ImageMagick 竞争条件问题漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained a race condition vulnerability. This vulnerability stemme...

4.1CVSS5.3AI score0.00077EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-47 and 7.1.2-22 contained a buffer error vulnerability. This vulnerability stemmed...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-47 and 7.1.2-22 contained a buffer error vulnerability. This vulnerability stemmed from a single-b...

5.3CVSS5.6AI score0.0024EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by built-in APIs in node.js. Erlang/OTP’s erlinterface versions prior to 5.5.2.1, 5.7.0.1, and 5.8.1 have security vulnerabilities. These vulnerabilities arise from the eisprintterm...

6.9CVSS5.8AI score0.00136EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

Roxy-WI 输入验证错误漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from the EscapedString verifier failing to properly prevent path...

8.1CVSS5.3AI score0.00304EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contain security vulnerabilities. These vulnerabilities stem from the SanitizeFilePath function, which uses string prefix checks instead of directory boundary checks. As a result,...

3.6CVSS5.3AI score0.00114EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Palo Alto Networks Prisma Access Agent for Linux 安全漏洞

Palo Alto Networks Prisma Access Agent for Linux is a Linux terminal security access client provided by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks Prisma Access Agent for Linux, which stems from a security control bypass. This vulnerability could allow local...

6.9CVSS5.3AI score0.00115EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Fission 输入验证错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained a input validation vulnerability. This vulnerability stemmed from the HTTPTriggerSpec.Validate method, which ignored the RelativeURL and Prefix fields during validation. As a...

4.3CVSS5.3AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Russh 安全漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. Versions of Russh prior to 0.60.3 contained security vulnerabilities. These vulnerabilities stemmed from CryptoVec’s use of unchecked capacity growth and unchecked length arithmetic, which could lead to buffe...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

TDengine 数字错误漏洞

TDengine is an open-source, high-performance, cloud-native time series database developed by the TDengine company. There are digital error vulnerabilities in the TDengine 3.4.0.0 to 3.4.1.5 version. These vulnerabilities stem from unverified remote attackers sending specially crafted RPC packets,...

7.5CVSS5.4AI score0.00539EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...

5.7CVSS5.9AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

WordPress plugin Simple Link Directory 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.4CVSS5.2AI score0.00141EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

libnfs 安全漏洞

libnfs is a network file system access client library developed by Ronnie Sahlberg. Versions of libnfs prior to 55c18ea contained security vulnerabilities; these vulnerabilities stemmed from unvalidated string sizes, which could lead to integer overflows when connecting to specially crafted NFS...

7.1CVSS5.4AI score0.00192EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Plonky3 数据伪造问题漏洞

Plonky3 is an open-source implementation of the Polynomial IOP cryptographic primitive toolkit by Plonky3 developers. Versions of Plonky3 prior to 0.4.3 and 0.5.3 contained a data forgery vulnerability. This vulnerability allowed attackers to control the observations made by the prover, resulting...

8.9CVSS5.3AI score0.00108EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

Palo Alto Networks GlobalProtect app 日志信息泄露漏洞

The Palo Alto Networks GlobalProtect app is a network protection software developed by Palo Alto Networks. The GlobalProtect app for macOS has a vulnerability related to log information leakage. This vulnerability allows local users to obtain the configuration passwords necessary to disable,...

6.9CVSS5.3AI score0.00104EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

WordPress plugin Easy Twitter Feeds 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

5.1CVSS5.2AI score0.00104EPSS
Exploits0References1
Total number of security vulnerabilities195539