Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

twitter-clone SQL注入漏洞

twitter-clone is an application by Fiffe Individual Developers. twitter-clone uses + Vue 3 + light to go development + TailwindCSS + PostgreSQL + recapitulate Twitter-Clone version 1 suffers from a SQL injection vulnerability that stems from the injection of malicious code via the name parameter,...

8.8CVSS6.2AI score0.00337EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

TOTOLINK CA750-PoE 操作系统命令注入漏洞

The TOTOLINK CA750-PoE is a wireless network access device from China-based TOTOLINK Electronics TOTOLINK. The TOTOLINK CA750-PoE version 6.2c.510 suffers from an operating system command injection vulnerability, which originates from the Setting Handler component's setNetworkDiag function in the...

6.5CVSS6.6AI score0.01803EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

SB Admin SQL注入漏洞

SB Admin is a Bootstrap based open source admin backend template by Yash Pokharna individual developer. SB Admin has a SQL injection vulnerability that originates from the parameter FIRSTNAME/LastName/EMAIL operation of the function confirmloggedin in the file studenttrans.php, which could lead t...

7.5CVSS7.2AI score0.00319EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Collectric CMU SQL注入漏洞

The Collectric CMU is a smart meter device from Collectric in the Netherlands that supports power metering with supporting communication extensions. A SQL injection vulnerability exists in Collectric CMU version 1.0, which stems from the presence of Boolean-based blind SQL injection in the lang...

8.8CVSS5.9AI score0.0039EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

Code-Projects Employee Management System SQL注入漏洞

Code-Projects Employee Management System is a Code-Projects open source employee management system . Code-Projects Employee Management System version 1.0 has a SQL injection vulnerability , the vulnerability stems from the wrong operation of the parameter ID in the file...

6.5CVSS6.7AI score0.00246EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

Edimax BR-6478AC 安全漏洞

Edimax BR-6478AC is a dual-band Gigabit router from China Xunzhou Edimax. A security vulnerability exists in Edimax BR-6478AC version 1.23, which originates from the operation of the function formL2TPSetup in the file /goform/formL2TPSetup in the POST Request Handler component/goform/formL2TPSetu...

9CVSS7.8AI score0.00589EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

WordPress plugin Stripe Payment Gateway for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS5.8AI score0.00352EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.15 views

SourceCodester Student Grades Management System 授权问题漏洞

SourceCodester Student Grades Management System is SourceCodester open source a student grades management system . SourceCodester Student Grades Management System version 1.0 has an authorization issue vulnerability , the vulnerability stems from the operation of the parameter studentid in the fi...

6.5CVSS6.6AI score0.00261EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the parameter enable of the function setStaticDhcpRules in the Web Management Interface compone...

10CVSS7.3AI score0.01732EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

Code-Projects Employee Management System 代码注入漏洞

Code-Projects Employee Management System is a Code-Projects open source employee management system . A code injection vulnerability exists in code-projects Employee Management System version 1.0, which originates from manipulation of the parameter ID in the file /empproject.php, and could lead to...

5.3CVSS5.3AI score0.00263EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

GNU LibreDWG 安全漏洞

GNU LibreDWG is a C language library for working with DWG files from the US GNU community. A security vulnerability exists in GNU LibreDWG version 0.14 and earlier versions, which stems from a heap buffer overflow in the read2004compressedsection function of the src/decode.c file in the Dwgread...

5.3CVSS6.2AI score0.00124EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

Roundcube Webmail 安全漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube open source, which supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.6.16 and 1.7.1, which originates from a poison bypa...

3.7CVSS5.9AI score0.00433EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Roundcube Webmail 安全漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube that supports address book management, message searching, spell checking, and more. A security vulnerability exists in Roundcube Webmail versions 1.6.14 through 1.6.16 and prior to 1.7.1, which stems from the remote image...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.30 views

Roundcube Webmail SQL注入漏洞

Roundcube Webmail is Roundcube open source a browser-based open source IMAP client, which supports address book management, message search, spell checking and so on. Roundcube Webmail 1.6.x versions prior to 1.6.16 and 1.7.x versions prior to 1.7.1 SQL injection vulnerability , the vulnerability...

8.1CVSS5.9AI score0.00764EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions 0 through prior to 4.0.1, which stems from a URL query component that does not percentile encode CRLF characters, potentially resulting in HTTP request splitting...

7.5CVSS5.8AI score0.00421EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions prior to 2.0.0 through 4.0.1, which stems from a WebSocket client that does not set an upper limit on memory consumption, potentially leading to resource exhaustion...

8.7CVSS5.8AI score0.00825EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 0.9.0 through 4.0.1, which stems from a lack of CRLF sequence checking of the domain and path options in the cookie setup function, which could lead to HTTP response splitting...

5.3CVSS5.8AI score0.00374EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.13 views

Roundcube Webmail 跨站脚本漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source that supports address book management, message searching, spell checking, and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.6.16 and prior to 1.7.1, which stems fro...

4.4CVSS5.7AI score0.00239EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.13 views

Roundcube Webmail 代码问题漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source that supports address book management, message searching, spell checking and more. A code issue vulnerability exists in Roundcube Webmail versions 1.6.x 1.6.14 through 1.6.16 and versions prior to 1.7.x 1.7.1,...

7.2CVSS5.8AI score0.00301EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions 2.0.0-beta.1 through prior to 4.0.1, which stems from the Alt-Svc response header parser's inability to guarantee forward progress, potentially leading to infinite loops and CPU exhaustion...

8.7CVSS5.8AI score0.00703EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.7 views

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is characterized by scalability and dynamic monitoring. Apache Airflow suffers from a security vulnerability that stems from...

8.1CVSS5.8AI score0.0059EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework from VMware that integrates Artificial Intelligence and Large Language Modeling capabilities in the Spring ecosystem. A security vulnerability exists in VMware Spring AI versions 1.1.0 through 1.1.x. The vulnerability stems from a failure to clean up...

6.5CVSS5.8AI score0.00398EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

Nord VPN 安全漏洞

Nord VPN is a proxy software from Nord VPN, Inc. A security vulnerability exists in Nord VPN version 6.14.31 that stems from a denial of service in the password field, which could allow an unauthenticated attacker to crash the application by submitting an extra-long string...

8.7CVSS5.8AI score0.00386EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

GNU LibreDWG 安全漏洞

GNU LibreDWG is a C language library for working with DWG files from the US GNU community. A security vulnerability exists in GNU LibreDWG version 0.14 and earlier versions, which stems from a heap buffer overflow in the decompressR2004section function of the src/decode.c file in the Dwgread...

5.3CVSS6.2AI score0.00154EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.13 views

Jimeng MCP 路径遍历漏洞

Jimeng MCP is an MCP server for cc individual developers that integrates i.e. Dream AI image and video generation. Jimeng MCP version 1.10.0 has a path traversal vulnerability , the vulnerability stems from the file src/api.ts function getFileContent/uploadCoverFile/generateImage/generateVideo on...

6.5CVSS6.6AI score0.00337EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

NEC Aterm 安全漏洞

NEC Aterm is a series of wireless routers from Nippon Electric NEC. A security vulnerability exists in NEC Aterm that stems from an OS command injection issue, which could allow execution of arbitrary OS commands over an adjacent network if a malicious third party gains administrator access to th...

8.5CVSS6AI score0.00722EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. An OS command injection vulnerability exists in TOTOLINK A8000RU version 7.1cu.643b20200521, which originates from the parameter of the function UploadFirmwareFile in the file /cgi-bin/cstecgi.cgi in the component W...

10CVSS7.3AI score0.02094EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.24 views

WordPress plugin eMagicOne Store Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

9.3CVSS5.9AI score0.00372EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

Apache Syncope 安全漏洞

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration, and more. A security vulnerability exists in Apache Syncope versions 3.0 through...

4.9CVSS5.8AI score0.00436EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the enable operation of the parameter of the function setRemoteCfg in the Web Management...

10CVSS7.3AI score0.01732EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.13 views

Apache Shiro 安全漏洞

Apache Shiro is a set of Java security frameworks for performing authentication, authorization, encryption, and session management from the Apache Foundation USA. A security vulnerability exists in Apache Shiro versions 2.0-alpha through 2.2.0 and 3.0.0-alpha-1, which stems from insufficient...

5.4CVSS5.8AI score0.00352EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the operation of the parameter enabled of the function setOpenVpnCfg in the file...

10CVSS7.3AI score0.01909EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the operation of the function setMacFilterRules in the parameter enable in the Web Management...

10CVSS7.3AI score0.01732EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. An OS command injection vulnerability exists in TOTOLINK A8000RU version 7.1cu.643b20200521, which originates from the operation of the parameter enabled of the function setWanCfg in the file /cgi-bin/cstecgi.cgi in...

10CVSS7.3AI score0.02094EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

WordPress plugin Team Showcase 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS5.7AI score0.00171EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.13 views

Code-Projects Employee Management System 代码注入漏洞

Code-Projects Employee Management System is a Code-Projects open source employee management system. A code injection vulnerability exists in code-projects Employee Management System version 1.0, which originates from the manipulation of the parameter ID by an unknown function in the /applyleave.p...

5.3CVSS5.3AI score0.00336EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Besen BS20 EV Charging Station 安全漏洞

The Besen BS20 EV Charging Station is an AC electric vehicle wall-mounted charging station developed by the Chinese company Besen. The Besen BS20 EV Charging Station, including versions dated before April 2026, contains security vulnerabilities. These vulnerabilities stem from improper operation ...

3.1CVSS5.8AI score0.00192EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Besen BS20 EV Charging Station 安全漏洞

The Besen BS20 EV Charging Station is an AC electric vehicle wall-mounted charging station developed by the Chinese company Besen. The Besen BS20 EV Charging Station, including versions dated 20260426 and earlier, contains a security vulnerability. This vulnerability stems from improper operation...

6.3CVSS5.8AI score0.00268EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.9 views

Hermes Agent 操作系统命令注入漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent 5157f5427f19488b31c6fdebbacd15d798ce7f63 and earlier versions have a vulnerability related to operating system command injection. This vulnerability stems from improper...

7.5CVSS7.2AI score0.01657EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.12 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Version Hermes Agent 2026.4.23 contains a security vulnerability. This vulnerability stems from improper handling of the parameter HERSERENABLEPROJECTPLUGINS in the function discoverdashboardplugins ...

5.3CVSS6AI score0.00228EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.16 views

Edimax EW-7438RPn 操作系统命令注入漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Versions of Edimax EW-7438RPn prior to 1.31 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the formWizSurvey function in the webs component files or...

6.5CVSS6.6AI score0.01519EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.10 views

TOTOLINK A8000RU 操作系统命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains an operating system command injection vulnerability. This vulnerability stems from improper handling of the provider parameter in the setDdnsCfg function of the...

10CVSS7.3AI score0.01732EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.16 views

GNU SASL 代码问题漏洞

GNU SASL is a simple authentication and security layer framework from the GNU community in the United States, which implements several common SASL mechanisms. Versions of GNU SASL prior to 2.2.3 had code vulnerabilities; these vulnerabilities stemmed from a null pointer dereferencing in the...

7.5CVSS5.9AI score0.00455EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.9 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.16 contained a security vulnerability. This vulnerability stemmed from unknown functions in the Slack Agent/Mattermost Agent components, which manipulated the...

6.9CVSS6.6AI score0.00336EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Hermes Agent 访问控制错误漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring self-learning capabilities. Versions of Hermes Agent prior to 2026.4.23 contained a access control vulnerability. This vulnerability originated from the makerunenv function in the tools/environments/local.py file of the...

6.9CVSS6.1AI score0.00286EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Projectworlds Online Art Gallery Shop SQL注入漏洞

Projectworlds Online Art Gallery Shop is an online art gallery store open source by Projectworlds. Version 1.0 of Projectworlds Online Art Gallery Shop has a SQL injection vulnerability. This vulnerability stems from improper handling of the parameter sociallinked in the file admin/adminHome.php,...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.13 views

Edimax EW-7438RPn 安全漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Versions of Edimax EW-7438RPn prior to 1.31 contained a security vulnerability. This vulnerability stemmed from unknown functions in the webs component files and/goform/formWpsStart, which operated on...

9CVSS7.6AI score0.00445EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.8 views

itsourcecode Electronic Judging System SQL注入漏洞

itsourcecode Electronic Judging System is an open-source electronic referee system developed by itsourcecode. Version 1.0 of the itsourcecode Electronic Judging System has a SQL injection vulnerability. This vulnerability stems from improper handling of the Username parameter in the file...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.12 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.23 contained a security vulnerability. This vulnerability stemmed from unknown function operations on the parameter THREATPATTERNS in the agent/skillsguard.py...

7.5CVSS7.1AI score0.00305EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.20 views

H3C Magic B0 安全漏洞

H3C Magic B0 is a small wireless router produced by H3C Corporation. The H3C Magic B0 100R002 and earlier versions have security vulnerabilities. These vulnerabilities stem from improper handling of parameters in the function EditBasicSSID5G within the file/goform/aspForm. This may lead to a remo...

9CVSS7.6AI score0.00445EPSS
Exploits0References5
Total number of security vulnerabilities195539