Lucene search
K

246 matches found

CNNVD
CNNVD
added 2026/03/30 12:0 a.m.9 views

SourceCodester Sales and Inventory System 安全漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a security vulnerability. This vulnerability stems from improper cleaning of the parameter limit...

6.1CVSS5.6AI score0.0021EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

Lychee 跨站脚本漏洞

Lychee is a beautiful and easy-to-use photo management system developed by The Lychee Organisation. It is used for managing and sharing photos. Versions of Lychee prior to 7.5.3 had a cross-site scripting vulnerability; this vulnerability occurred due to the lack of HTML cleaning when storing pho...

5.4CVSS5.6AI score0.00214EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.6 views

WordPress plugin WP Lightbox 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

4.8CVSS5.8AI score0.00189EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.6 views

OpenProject SQL注入漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 have a SQL injection vulnerability. This vulnerability arises from custom field names not being properly cleaned in SQL queries, which can allow SQL injection...

9.1CVSS6AI score0.00269EPSS
Exploits0References1
OSV
OSV
added 2026/03/16 8:45 p.m.5 views

GHSA-9F3R-2VGW-M8XP File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter

Description The resourcePatchHandler in http/resource.go validates the destination path against configured access rules before the path is cleaned/normalized. The rules engine rules/rules.go uses literal string prefix matching strings.HasPrefix or regex matching against the raw path. The actual...

6.5CVSS5.8AI score0.00387EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.10 views

PT-2026-25856

Name of the Vulnerable Software and Affected Versions File Browser versions 2.61.2 and below Description File Browser, a file managing interface, has an issue where an authenticated user with Create or Rename permissions can bypass administrator-configured deny rules. This is due to the order in...

6.5CVSS5.8AI score0.00387EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.6 views

glances SQL注入漏洞

Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.1 contained an SQL injection vulnerability. This vulnerability stemmed from the TimescaleDB export module using uncleaned data to construct SQL queries, which could lead to SQL injection attacks...

9.8CVSS5.9AI score0.00364EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.20 views

stabilizer 安全漏洞

Stabilizer is a performance evaluation tool developed by Charlie Curtsinger. Stabilizer has a security vulnerability, which stems from the direct transmission of uncleaned user input to os.system, potentially allowing remote attackers to execute arbitrary system commands...

7.8CVSS6.1AI score0.0053EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.5 views

NocoDB 跨站脚本漏洞

NocoDB is an open-source alternative to Airtable. It converts any MySQL, PostgreSQL, SQL Server, SQLite, and MariaDB databases into intelligent spreadsheets. Versions of NocoDB prior to 0.301.3 had a cross-site scripting vulnerability. This vulnerability occurred when rich text cell content was...

5.4CVSS5.7AI score0.00179EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.8 views

Manyfold 操作系统命令注入漏洞

Manyfold is a self-hosted web application developed by Manyfold OpenSource. Versions of Manyfold prior to 0.133.0 contained an operating system command injection vulnerability. This vulnerability stemmed from uncleaned filenames, which could lead to remote code execution...

8.8CVSS6.1AI score0.0037EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.8 views

Binardat 10G08-0800GSM 跨站脚本漏洞

Binardat 10G08-0800GSM is a high-performance switch from the Chinese company Binardat. The Binardat 10G08-0800GSM Network Switch V300SP10260209 and earlier versions have a cross-site scripting vulnerability. This vulnerability stems from uncleaned user input reflected in the web interface, which...

6.1CVSS5.6AI score0.00139EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.7 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions 4.0.0-RC1 to 4.16.17, and 5.0.0-RC1 to 5.8.21 of Craft CMS have security vulnerabilities. These vulnerabilities stem from the assembleLayoutFromPost function not properly cleaning user configuration data, which...

8.6CVSS6.2AI score0.0097EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.5 views

Craft CMS 跨站脚本漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions 5.0.0-RC1 to 5.8.21 of Craft CMS have a cross-site scripting vulnerability. This vulnerability stems from uncleaned entry type names, which may lead to storage-based cross-site scripting attacks...

4.8CVSS5.7AI score0.0031EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.8 views

SCEditor 跨站脚本漏洞

SCEditor is a visual editor developed by Sam Personal Developer. Versions of SCEditor prior to 3.2.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient cleanup of configuration options passed to sceditor.create, which could lead to cross-site scripting...

5.4CVSS6.4AI score0.00216EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.8 views

Navidrome 安全漏洞

Navidrome is an open-source web-based music collection server and streaming service developed by Navidrome. It allows users to listen to their music collections from any browser or mobile device. Versions of Navidrome prior to 0.60.0 contained security vulnerabilities; these vulnerabilities stemm...

6.1CVSS5.7AI score0.00297EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.6 views

gradle-completion security vulnerability

Gradle-completion is a autocompletion tool developed by Gradle as open source. Versions of Gradle-completion 9.3.0 and earlier have security vulnerabilities. These vulnerabilities stem from insufficient cleanup of Gradle task names and descriptions, which may lead to command injection and arbitra...

8.3CVSS6.1AI score0.00689EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.7 views

Group Office Cross-Site Script Vulnerabilities

Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 6.8.148, as well as versions 25.0.1 through 25.0.79, contained a cross-site scripting vulnerability. This vulnerability stemmed from the application storing uncleaned file names i...

5.4CVSS5.6AI score0.00246EPSS
Exploits1References4
OSV
OSV
added 2026/01/20 3:16 p.m.3 views

CVE-2025-1719

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory...

7.5CVSS5.9AI score0.00334EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.8 views

SiYuan cross-site scripting vulnerabilities

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan prior to 3.5.4 contained a cross-site scripting vulnerability. This vulnerability stemmed from the /api/icon/getDynamicIcon endpoint’s improper handling of uncleaned SVG inputs, which...

6.1CVSS5.7AI score0.00263EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.7 views

Progress LoadMaster 安全漏洞

Progress LoadMaster is a high performance Application Delivery Controller ADC and load balancer from Progress, Inc. A security vulnerability exists in Progress LoadMaster that stems from an uncleaned API input parameter, which could lead to the execution of arbitrary commands by an authenticated...

8.4CVSS7.1AI score0.25389EPSS
Exploits0References4
Rows per page
Query Builder