Lucene search
+L

8820 matches found

CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

shopper 授权问题漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 had authorization-related vulnerabilities. These vulnerabilities stemmed from two authorization flaws in the team settings system: the mount method in Settings/Team/Index was not...

9.9CVSS5.9AI score0.00321EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.12 views

RockyLinux 9 : firefox (RLSA-2026:19370)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19370 advisory. firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 CVE-2026-7323 firefox: thunderbird: Information disclosure du...

9.6CVSS6AI score0.00375EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the management tables for PaymentMethods, Currencies, and Carriers rendering inline switching options and...

6.5CVSS5.8AI score0.00221EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 7:51 p.m.20 views

USN-8341-1 openjdk-26 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS7.2AI score0.00702EPSS
Exploits0References10
Ubuntu
Ubuntu
added 2026/05/28 3:51 p.m.28 views

USN-8339-1: OpenJDK 25 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 11:57 a.m.18 views

USN-8332-1: CRaC JDK 17 vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
OSV
OSV
added 2026/05/28 11:45 a.m.19 views

USN-8331-1 openjdk-lts vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 11 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS7.2AI score0.00702EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.19 views

TP-Link多款产品 安全漏洞

TP-Link Tapo L535E are products of the TP-Link company from China. The TP-Link Tapo L535E is a smart color-adjustable LED bulb. The TP-Link Tapo P300 is a smart Wi-Fi multi-port plug-in device. The TP-Link Tapo D100C is a smart video doorbell with a wireless doorbell buzzer. Several TP-Link...

7.3CVSS5.9AI score0.00097EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Espressif Shared GitHub DangerJS 安全漏洞

Espressif Shared GitHub DangerJS is a code review tool developed by Espressif Systems for automatically checking the format of pull requests. Versions of Espressif Shared GitHub DangerJS prior to version 1.0.1 contained security vulnerabilities. These vulnerabilities stemmed from entrypoint.sh...

8.2CVSS5.9AI score0.00181EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/28 12:0 a.m.15 views

ffmpeg-4-4.4.7-2.1 on GA media (moderate)

ffmpeg-4-4.4.7-2.1 on GA media Announcement ID: openSUSE-SU-2026:10866-1 Rating: moderate Cross-References: CVE-2024-35366 CVE-2025-10256 CVE-2025-1594 CVE-2025-9951 CVSS scores: CVE-2024-35366 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2024-35366 SUSE : 6.9...

6.9CVSS5.8AI score0.00621EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Oracle Public Sector Financials (International) 安全漏洞

Oracle Public Sector Financials International is a financial management system for the public sector developed by Oracle Corporation. Versions 12.2.6 to 12.2.15 of Oracle Public Sector Financials International have security vulnerabilities. These vulnerabilities stem from issues with the...

7.7CVSS5.8AI score0.00211EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.15 views

RHEL 10 : httpd (RHSA-2026:21433)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21433 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp:...

9.8CVSS6.4AI score0.01376EPSS
Exploits0References12
CERT
CERT
added 2026/05/28 12:0 a.m.13 views

Casdoor contains multiple authentication bypass and access management vulnerabilities

Overview Casdoor versions 2.362.0 and earlier contain several identity and access management vulnerabilities that enable broad authentication bypass and privilege escalation. These flaws relate to Casdoor’s Security Assertion Markup Language SAML processing, account binding, and token exchange...

9.8CVSS5.9AI score0.0042EPSS
Exploits0
EUVD
EUVD
added 2026/05/27 3:38 a.m.17 views

EUVD-2026-32049

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

7CVSS5.9AI score0.00121EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.16 views

IBM Controller 信任管理问题漏洞

IBM Controller is a web-based financial consolidation tool developed by the American multinational company International Business Machines IBM. Versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2 of IBM Controller contain vulnerabilities related to trust management. These vulnerabilities stem from the us...

8.8CVSS5.9AI score0.0019EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

pam_usb 代码问题漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.0 have code vulnerabilities. These vulnerabilities stem from multiple auxiliary tools resolving external binary files through the PATH environment...

6.3CVSS6AI score0.00141EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Synology Surveillance Station 安全漏洞

Synology Surveillance Station is an application developed by Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. There are security vulnerabilities in versions of Synology Surveillance Station prior to 9.2.2.2-11575 and...

2.7CVSS5.8AI score0.00249EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

Phoenix Contact多款产品 代码问题漏洞

PHOENIX CONTACT AXC F 1152 and PHOENIX CONTACT AXC F 2152 are controller devices from the German company PHOENIX CONTACT. Several products from Phoenix Contact have code vulnerabilities. These vulnerabilities allow low-privilege local users to manipulate configuration or application-related files...

8.7CVSS5.9AI score0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

WordPress plugin Livemesh Addons for Beaver Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.13 views

PHOENIX CONTACT多款产品 数据伪造问题漏洞

PHOENIX CONTACT AXC F 1152, among others, are controller devices produced by the German company PHOENIX CONTACT. Several products from PHOENIX CONTACT have vulnerabilities related to data manipulation. These vulnerabilities stem from the lack of a data validation mechanism when allowing remote,...

8.8CVSS6.2AI score0.00218EPSS
Exploits0References1
Rows per page
Query Builder