Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

mooSocial Store Plugin SQL注入漏洞

mooSocial Store Plugin is a social e-commerce extension plugin from mooSocial. A SQL injection vulnerability exists in mooSocial Store Plugin version 2.6, which stems from a blind SQL injection via the product parameter in the URL rewriting feature, which could lead to database query manipulation...

8.8CVSS5.8AI score0.00348EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

SocuSoft Flash Slideshow Maker Professional 安全漏洞

SocuSoft Flash Slideshow Maker Professional is a slideshow maker software from SocuSoft. A security vulnerability exists in SocuSoft Flash Slideshow Maker Professional version 5.20, which originates from a buffer overflow in the registration dialog box that could allow a local attacker to execute...

8.6CVSS6.5AI score0.00182EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. An OS command injection vulnerability exists in TOTOLINK A8000RU version 7.1cu.643b20200521, which originates from the parameter enable operation of the function setGameSpeedCfg in the Web Management Interface...

10CVSS7.3AI score0.01732EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.8 views

WordPress plugin QR Redirector 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS5.8AI score0.002EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

SB Admin SQL注入漏洞

SB Admin is a Bootstrap based open source admin backend template by Yash Pokharna individual developer. SB Admin suffers from an SQL injection vulnerability that stems from the operation of the function confirmloggedin on the parameter ID in the file /studentdel.php, which could lead to SQL...

7.5CVSS7.2AI score0.00319EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.14 views

SourceCodester Indian Invoicing System 代码注入漏洞

SourceCodester Indian Invoicing System is a SourceCodester open source Indian invoicing system. A code injection vulnerability exists in SourceCodester Indian Invoicing System version 0.x and earlier and version 1.0, which originates from the Invoice Template Render Database-Backed component's...

5.1CVSS5.4AI score0.00191EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

WordPress plugin GamiPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS5.8AI score0.00295EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

WordPress plugin Auto Affiliate Links 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in the Totolink A8000RU version 7.1cu.643b20200521, which originates from the function /cgi-bin/cstecgi.cgi in the file /cgi-bin/cstecgi.cgi in the componen...

10CVSS7.3AI score0.01909EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

SB Admin 代码注入漏洞

SB Admin is a Bootstrap based open source admin backend template by Yash Pokharna individual developer. SB Admin suffers from a code injection vulnerability that stems from manipulation of the parameter FIRSTNAME in the file /student.php, which could lead to a cross-site scripting attack. An...

5.1CVSS5.6AI score0.00248EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

Edimax EW-7438RPn 安全漏洞

The Edimax EW-7438RPn is a wireless signal extender from Taiwan, China-based Xunzhou Edimax Corporation. A security vulnerability exists in the Edimax EW-7438RPn version 1.31, which originates from the operation of the function formLogout in the file /goform/formLogout on the parameter submit-url...

9CVSS7.7AI score0.00589EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

Tenda F1202 安全漏洞

The Tenda F1202 is a dual-band Wi-Fi router with fifth-generation technology from Tenda, China. A security vulnerability exists in the Tenda F1202 version 1.2.0.20408, which originates from manipulation of parameter dips of function formGstDhcpSetSerof file /goform/GstDhcpSetSerof, and could resu...

9CVSS7.7AI score0.00438EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

SourceCodester Student Grades Management System 授权问题漏洞

SourceCodester Student Grades Management System is SourceCodester open source a student grades management system . SourceCodester Student Grades Management System 1.0 version of the authorization problem vulnerability , the vulnerability stems from the file classroom.php function...

6.5CVSS6.6AI score0.00272EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

Roundcube Webmail 跨站脚本漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source, which supports address book management, message searching, spell checking and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.6.16 and prior to 1.7, which stems from...

7.2CVSS5.6AI score0.00388EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

Roundcube Webmail 安全漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source, which supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.6.16 and 1.7.1, which stems from a remote image...

6.5CVSS5.8AI score0.00339EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

Roundcube Webmail 安全漏洞

Roundcube Webmail is an open source browser-based open source IMAP client from Roundcube that supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.6.x 1.6.16 and 1.7.x 1.7.1 that stems from insecure...

7.5CVSS5.9AI score0.00414EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

Apache Syncope 安全漏洞

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration, and more. A security vulnerability exists in Apache Syncope versions 3.0 through...

7.2CVSS5.9AI score0.00652EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

miniclawd 操作系统命令注入漏洞

miniclawd is a lightweight personal AI assistant with multi-LLM and multi-channel support by Ziwen Personal Developer. miniclawd suffers from an OS command injection vulnerability that originates from the parameter manipulation of the function ExecTool.execute in the file /src/tools/exec.ts, whic...

7.5CVSS7AI score0.01385EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability in Mattermost versions 11.6.0 and prior to 11.6.x, 11.5.3 and prior to 11.5.x, 11.4.4 and prior to 11.4.x, and 10.11.14 and prior to 10.11.x, which stems from a failure to filt...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Apache ECharts 安全漏洞

Apache ECharts is a data visualization charting library from the Apache USA Foundation. A security vulnerability exists in Apache ECharts versions prior to 6.1.0, which stems from a failure to escape HTML strings in the rendering logic of the Lines family of tooltips, potentially leading to a...

6.1CVSS5.6AI score0.00759EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

GNU LibreDWG 缓冲区错误漏洞

GNU LibreDWG is a C language library for working with DWG files from the US GNU community. A buffer error vulnerability exists in GNU LibreDWG version 0.14 and earlier versions, which stems from an out-of-bounds read in the bitconvertTU function of the programs/dwggrep.c file in the Dwggrep Utili...

4.8CVSS6.2AI score0.00176EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

GNU LibreDWG 代码问题漏洞

GNU LibreDWG is a C language library for working with DWG files from the US GNU community. A code issue vulnerability exists in GNU LibreDWG version 0.14 and earlier versions, which stems from a null pointer dereference in the dwgnextentity function of the src/decode.c file in the DWG File Handle...

4.8CVSS6.2AI score0.00143EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 0.10.0 through 4.0.1, which stems from the use of an infinite timeout by the SOCKS5 transport during TLS upgrades, which could result in infinite blocking of the connection process...

8.2CVSS5.8AI score0.00703EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 3.1.1 through 4.0.1, which stems from a failure to perform cross-domain checks in the HTTP/3 redirect handler, potentially leading to the disclosure of sensitive data...

6.1CVSS5.8AI score0.00348EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.8 views

miniclawd 命令注入漏洞

miniclawd is a lightweight personal AI assistant with multi-LLM and multi-channel support by Ziwen Personal Developer. A command injection vulnerability exists in miniclawd, which stems from the parameter requires.bins operation of file /src/application/skills-loader.ts in the component...

7.5CVSS7.1AI score0.01385EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

MLflow 安全漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. A security vulnerability exists in MLflow 3.10.1.dev0 and prior versions, which stems from the...

9CVSS7.6AI score0.00345EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

WordPress plugin Newses 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.4CVSS5.8AI score0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

Tenda F1202 安全漏洞

The Tenda F1202 is a dual-band Wi-Fi router with fifth-generation technology from Tenda, China. A security vulnerability exists in the Tenda F1202 version 1.2.0.20408, which originates from manipulation of the parameter delno of the function formWrlExtraSet in the file /goform/WrlExtraSet, which...

9CVSS7.6AI score0.00579EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

Edimax EW-7438RPn 安全漏洞

The Edimax EW-7438RPn is a wireless signal extender from Taiwan, China-based Xunzhou Edimax Corporation. A security vulnerability exists in the Edimax EW-7438RPn version 1.31, which originates from a parameter manipulation of the function formHwSet in the file /goform/formHwSet, which could resul...

9CVSS7.6AI score0.00445EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

SourceCodester Simple POS and Inventory System 代码问题漏洞

SourceCodester Simple POS and Inventory System is SourceCodester open source a simple POS and inventory system . SourceCodester Simple POS and Inventory System 1.0 version of the code problem vulnerability , the vulnerability stems from the File Extension Handler component /admin/addproduct.php...

6.5CVSS6.7AI score0.00261EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

Code-Projects Employee Management System 代码注入漏洞

Code-Projects Employee Management System is a Code-Projects open source employee management system . A code injection vulnerability exists in Code-Projects Employee Management System version 1.0, which originates from manipulation of the parameter ID in file /myprofile.php and could lead to...

5.3CVSS5.4AI score0.00263EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Soroush IM Desktop App 安全漏洞

Soroush IM Desktop App is a cross-platform instant messaging client from Soroush Iran. A security vulnerability exists in Soroush IM Desktop App version 0.17.0, which stems from an authentication bypass that could allow a local attacker to remove passwords by injecting database entries that are...

7CVSS5.8AI score0.00122EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

Edimax BR-6675nD 命令注入漏洞

Edimax BR-6675nD is a dual-band broadband wireless router from China Xunzhou Edimax. A command injection vulnerability exists in Edimax BR-6675nD version 1.12, which originates from the operation of the function stainfo on the parameter interface in the file /goform/stainfo, which could lead to...

6.5CVSS6.6AI score0.01158EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Invoice-System 授权问题漏洞

Invoice-System is an invoice management system development exercise tool by Sushmita Palikhe individual developer. Invoice-System a0a3faa16dee2621b231ae227333f5761607283b and prior versions have an authorization issue vulnerability that stems from a parameter ID manipulation in the Profile Workfl...

5.3CVSS5.8AI score0.00198EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

Edimax EW-7438RPn 安全漏洞

The Edimax EW-7438RPn is a wireless signal extender from Taiwan, China-based Xunzhou Edimax Corporation. A security vulnerability exists in the Edimax EW-7438RPn version 1.31, which originates from the parameter submit-url operation of the function formLicence in the file /goform/formLicence, and...

9CVSS7.7AI score0.00589EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

Code-Projects Employee Management System 代码注入漏洞

Code-Projects Employee Management System is a Code-Projects open source employee management system. A code injection vulnerability exists in code-projects Employee Management System version 1.0, which originates from the manipulation of the parameter ID by an unknown function in the /applyleave.p...

5.3CVSS5.3AI score0.00336EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

KLiK SocialMediaWebsite 安全漏洞

KLiK SocialMediaWebsite is a simple PHP-based social media website by the individual developer Muhammad Saad. A security vulnerability exists in KLiK SocialMediaWebsite version 1.0, which originates from the HTTP GET Request Parameter Handler component and could lead to injection...

7.5CVSS6.6AI score0.00242EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.18 views

Code-Projects Employee Management System SQL注入漏洞

Code-Projects Employee Management System is a Code-Projects open source employee management system . Code-Projects Employee Management System version 1.0 suffers from a SQL injection vulnerability that originates from the operation of the parameter pid by an unknown function in the /psubmit.php...

6.5CVSS6.7AI score0.00246EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

yudao-cloud 代码问题漏洞

yudao-cloud is a backend management system for YunaiV individual developers. A code issue vulnerability exists in yudao-cloud version 2026.03, which originates from the function IotDataSinkHttpConfig operation in the file /admin-api/iot/data-sink/create in the component Admin API Endpoint, which...

5.8CVSS5.8AI score0.0036EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.8 views

Taier 操作系统命令注入漏洞

Taier is a distributed scheduling system open-sourced by Kangaroo Cloud DTStack. It is designed to reduce the cost of ETL, clarify complex dependencies between tasks, and reduce labor costs for submission, scheduling, and operations. Taier version 1.4.0 suffers from an OS command injection...

6.5CVSS6.6AI score0.01364EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

Genetec Security Center 安全漏洞

Genetec Security Center is a unified security platform from Genetec. Connect your security systems, sensors and data in one interface to streamline your operations. Genetec Security Center has a security vulnerability that stems from being susceptible to SQL injection attacks...

6.6CVSS5.9AI score0.0034EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

Mozilla Firefox for iOS 安全漏洞

Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A security vulnerability exists in Mozilla Firefox for iOS prior to version 151.1, which stems from the incorrect display of specially crafted right-to-left domain names and internationalized...

5.4CVSS5.7AI score0.00199EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Edimax BR-6478AC 命令注入漏洞

Edimax BR-6478AC is a dual-band Gigabit router from China Xunzhou Edimax. A command injection vulnerability exists in Edimax BR-6478AC version 1.23, which originates from the operation of the function formAccept on the parameter submit-url in the file /goform/formAccept in the POST Request Handle...

6.5CVSS6.7AI score0.01364EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Code-Projects Employee Management System 代码注入漏洞

Code-Projects Employee Management System is a Code-Projects open source employee management system . A code injection vulnerability exists in code-projects Employee Management System version 1.0, which originates from manipulation of the parameter ID in the file /eloginwel.php, and could lead to...

5.3CVSS5.3AI score0.00263EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

Cargo 安全漏洞

Cargo is a Rust package manager open-sourced by The Rust Programming Language. A security vulnerability exists in Cargo that stems from the incorrect handling of symbolic links in a crate tarball downloaded from a third-party registry, which could lead to a malicious crate overwriting the source...

6.5CVSS5.9AI score0.00294EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Edimax EW-7438RPn 安全漏洞

The Edimax EW-7438RPn is a wireless signal extender from Taiwan, China-based Xunzhou Edimax Corporation. A security vulnerability exists in the Edimax EW-7438RPn version 1.31, which originates from the parameter submit-url operation of the function formAccept in the file /goform/formAccept, and m...

9CVSS7.7AI score0.00751EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

mcp-debugger 路径遍历漏洞

mcp-debugger is debugmcp open source a multi-language debugging tool . debugmcp mcp-debugger 0.20.0 and earlier versions of the path traversal vulnerability , the vulnerability stems from the operation of the parameters of the function handleGetSourceContext in the file src/server.ts , which may...

5.3CVSS5.8AI score0.00438EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

SourceCodester Indian Invoicing System SQL注入漏洞

SourceCodester Indian Invoicing System is a SourceCodester open source Indian invoicing system. SourceCodester Indian Invoicing System version 1.0 suffers from a SQL injection vulnerability that stems from the Invoice Generation Handler component's manipulation of the parameter...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

Tenda F1202 安全漏洞

The Tenda F1202 is a dual-band Wi-Fi router with fifth-generation technology from Tenda, China. A security vulnerability exists in the Tenda F1202 version 1.2.0.20408, which originates from the operation of the function fromPptpUserAdd in the file /goform/PptpUserAdd on the parameter opttype, whi...

9CVSS7.7AI score0.00438EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

SourceCodester Simple POS and Inventory System SQL注入漏洞

SourceCodester Simple POS and Inventory System is SourceCodester open source a simple POS and inventory system . SourceCodester Simple POS and Inventory System version 1.0 suffers from a SQL injection vulnerability that originates from the manipulation of parameter IDs by unknown functions in the...

5.8CVSS5.8AI score0.00258EPSS
Exploits0References6
Total number of security vulnerabilities195539