Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/24 12:0 a.m.13 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring self-learning capabilities. Versions of Hermes Agent prior to 2026.4.16 contained a security vulnerability. This vulnerability stemmed from improper handling of the executecode function in the Environment Variable Handler...

7.5CVSS7.1AI score0.0038EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

jasypt-spring-boot 安全漏洞

jasypt-spring-boot is an integration tool developed by Ulises Bocchio, a personal developer, that provides attribute encryption support for Spring Boot applications. There are security vulnerabilities in versions of jasypt-spring-boot 3.0.5 and earlier, as well as versions 4.0.4 and earlier. Thes...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.10 views

Edimax EW-7438RPn 安全漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Versions of Edimax EW-7438RPn prior to 1.31 contained a security vulnerability. This vulnerability stemmed from the formWizSurvey function in the webs component files or goform/formWizSurvey, which handled...

9CVSS7.5AI score0.00542EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.9 views

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A8000RU 7.1cu.643b20200521 version has a vulnerability related to operating system command injection. This vulnerability stems from improper handling of the command parameter in the setTracerouteCfg...

10CVSS7.3AI score0.01732EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Version 2026.4.23 of Hermes Agent contains a security vulnerability. This vulnerability stems from improper handling of the scancontextcontent function in the agent/promptbuilder.py file, which may...

7.5CVSS7.1AI score0.00305EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.13 views

Edimax EW-7438RPn 安全漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Versions of Edimax EW-7438RPn prior to 1.31 contained a security vulnerability. This vulnerability stemmed from the formWirelessTbl function in the webs component files and/goform/formWirelessTbl, which handl...

9CVSS7.7AI score0.00445EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Edimax BR-6675nD 命令注入漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. Version 1.12 of the Edimax BR-6675nD contains a command injection vulnerability. This vulnerability stems from the formUSBStorage function in the POST Request Handler component, specifically the...

6.5CVSS6.6AI score0.01158EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

SourceCodester Hospitals Patient Records Management System SQL注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability arises from...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Edimax BR-6675nD 安全漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. Version 1.12 of the Edimax BR-6675nD contains a security vulnerability. This vulnerability stems from the formsetPPPoE function in the POST Request Handler component, where improper handling of the...

9CVSS7.8AI score0.00445EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Edimax BR-6675nD 安全漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. Version 1.12 of the Edimax BR-6675nD contains a security vulnerability. This vulnerability stems from improper handling of parameters during the formWlSiteSurvey function in the POST Request Handler...

9CVSS7.5AI score0.00445EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.9 views

SourceCodester Hospitals Patient Records Management System SQL注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System has a SQL injection vulnerability. This vulnerability arises from...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.19 views

WineHQ Wine 安全漏洞

WineHQ Wine is an open-source compatibility layer software developed by WineHQ, capable of running Windows applications on Unix-like systems. There is a security vulnerability in WineHQ, which stems from a.desktop file registered as an EXE file MIME processor. This vulnerability may allow EXE fil...

7.3CVSS5.8AI score0.00179EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Vane 代码问题漏洞

Vane is a privacy-oriented AI chat engine developed by Kushagra Srivastava. It supports both local and cloud models. Versions of Vane prior to 1.12.1 contained code vulnerabilities. These vulnerabilities stemmed from unknown code in the Model Provider API component’s file...

7.5CVSS7.2AI score0.00278EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

JPress 授权问题漏洞

JPress is a blog platform developed using the Java language by the JPress team. Versions of JPress 1.0.3 and earlier contained an authorization vulnerability. This vulnerability stemmed from improper handling of the parameter id/userId in the UCenter Article Submission Endpoint component, which...

6.5CVSS6.7AI score0.00252EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Edimax EW-7438RPn 命令注入漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. The Edimax EW-7438RPn version 1.28a has a command injection vulnerability. This vulnerability stems from improper handling of parameters such as...

6.5CVSS6.7AI score0.01398EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.10 views

Hermes Agent 路径遍历漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring self-learning capabilities. Versions of Hermes Agent prior to 2026.4.16 contained a path traversal vulnerability. This vulnerability originated from the isblockeddevice function in the tools/filetools.py file within the readfi...

6.9CVSS6.6AI score0.00676EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Hugging Face Transformers 安全漏洞

Hugging Face Transformers is an open-source framework developed by Hugging Face for defining state-of-the-art machine learning models. It covers text, visual, audio, and multimodal models, and can be used for both inference and training. Prior versions of Hugging Face Transformers, such as 5.3.0,...

7.8CVSS7.5AI score0.00479EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.9 views

Edimax EW-7438RPn 安全漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Versions of Edimax EW-7438RPn prior to 1.31 contained a security vulnerability. This vulnerability stemmed from an unknown function in the webs component files located at goform/mp, which operated on the...

9CVSS7.6AI score0.00445EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.14 views

vBulletin 代码注入漏洞

vBulletin is an open-source web forum software based on PHP and MySQL developed by vBulletin Inc. Version vBulletin 6.x has a code injection vulnerability, which stems from improper operation of the Login component and may lead to cross-site scripting attacks...

5.1CVSS5.7AI score0.00279EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.10 views

Edimax BR-6675nD 命令注入漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. Version 1.12 of the Edimax BR-6675nD contains a command injection vulnerability. This vulnerability stems from improper handling of multiple parameters in the formWlanMP function of the goform/formWlanMP...

6.5CVSS6.6AI score0.01158EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.10 views

Edimax BR-6675nD 安全漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. Version 1.12 of the Edimax BR-6675nD contains a security vulnerability. This vulnerability stems from improper handling of the parameter “pppUserName” in the formWanTcpipSetup function within the POST...

9CVSS7.5AI score0.00445EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.8 views

TOTOLINK A8000RU 操作系统命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a vulnerability related to operating system command injection. This vulnerability stems from improper handling of the resetFlags parameter in the function...

10CVSS7.3AI score0.01732EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.10 views

SourceCodester SUP Online Shopping 代码注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping contains a code injection vulnerability. This vulnerability arises from improper handling of the productName parameter in the file...

4.8CVSS5.7AI score0.00202EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.10 views

Edimax BR-6675nD 安全漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. A security vulnerability exists in the Edimax BR-6675nD version 1.12; this vulnerability stems from improper handling of the pptpUserName parameter in the POST Request Handler component...

9CVSS7.5AI score0.00542EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Besen BS20 EV Charging Station 授权问题漏洞

The Besen BS20 EV Charging Station is an AC electric vehicle wall-mounted charging station developed by the Chinese company Besen. The version of the Besen BS20 EV Charging Station dated 20260426 and earlier contained an authorization issue vulnerability. This vulnerability stemmed from improper...

9.2CVSS7.2AI score0.00454EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

TOTOLINK A8000RU 操作系统命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a vulnerability related to operating system command injection. This vulnerability stems from improper handling of the mode parameter in the setScheduleCfg functi...

10CVSS7.3AI score0.0209EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.9 views

Edimax BR-6675nD 命令注入漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. Version 1.12 of the Edimax BR-6675nD contains a command injection vulnerability. This vulnerability stems from improper handling of the parameter “pinCode” in the POST Request Handler component...

6.5CVSS6.7AI score0.01158EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.16 contain security vulnerabilities. These vulnerabilities stem from the checkallcommandguards function in the tools/approval.py component file, which may lea...

7.5CVSS7.1AI score0.00278EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.9 views

Edimax EW-7438RPn 安全漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. The Edimax EW-7438RPn version 1.28a has a security vulnerability. This vulnerability stems from improper handling of the parameter “key1” by the formwlencrypt24g function in the component POST Request Handler...

9CVSS7.7AI score0.00445EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.10 views

TOTOLINK A8000RU 操作系统命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a vulnerability related to operating system command injection. This vulnerability stems from improper handling of the parameter “ip” in the function...

10CVSS7.3AI score0.01732EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

TOTOLINK A8000RU 操作系统命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a vulnerability related to operating system command injection. This vulnerability stems from improper handling of the parameter “lang” in the function...

10CVSS7.3AI score0.01732EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.10 views

cal.diy 访问控制错误漏洞

cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier contain a security vulnerability related to access control. This vulnerability stems from the getServerSideProps function in the Generic React API component file...

6.9CVSS6AI score0.0041EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.10 views

Prefect 参数注入漏洞

Prefect is a workflow orchestration tool developed by Prefect OpenSource, enabling developers to build, monitor data pipelines, and respond to them. Version 3.6.18 of Prefect contains a parameter injection vulnerability. This vulnerability stems from the reference field in the GitHubRepository...

8.5CVSS7.7AI score0.00298EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Edimax BR-6675nD 安全漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. A security vulnerability exists in the Edimax BR-6675nD version 1.12; this vulnerability stems from improper handling of the parameter “pppUserName” in the POST Request Handler component...

9CVSS7.5AI score0.00445EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.9 views

Edimax BR-6675nD 安全漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. A security vulnerability exists in the Edimax BR-6675nD version 1.12; this vulnerability stems from improper handling of the parameter L2TPUserName in the POST Request Handler component...

9CVSS7.5AI score0.00445EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Edimax EW-7438RPn 命令注入漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Version 1.12 of the Edimax EW-7438RPn contains a command injection vulnerability. This vulnerability stems from improper handling of the parameter submit-url in the formAccept function of the component POST...

6.5CVSS6.6AI score0.01158EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.12 views

Edimax BR-6675nD 命令注入漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. Version 1.12 of the Edimax BR-6675nD contains a command injection vulnerability. This vulnerability stems from improper handling of parameters such as...

6.5CVSS6.7AI score0.01171EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

PostCSS 安全漏洞

PostCSS is an open-source style transformation tool developed by PostCSS. Versions of PostCSS 7.1.1 and earlier contained a security vulnerability. This vulnerability stemmed from improper handling of the toString function in the file/src/selectors/container.js component AST serialization, which...

5.3CVSS5.8AI score0.00325EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.13 views

SPIP 输入验证错误漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.15 had a vulnerability related to input validation errors, which stemmed from an open-redirecting vulnerability in the action/cookie.php file within ecrire...

3.5CVSS5.8AI score0.00186EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.14 views

RuoYi 代码问题漏洞

RuoYi is a backend management system developed by RuoYi, a personal developer in China. Versions of RuoYi 3.9.2 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of the FileUploadUtils.upload function in the Common Upload Endpoint component, which may lead t...

6.5CVSS6.7AI score0.00195EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.8 views

JeecgBoot 授权问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Version 3.9.1 of JeecgBoot contains an authorization vulnerability. This vulnerability stems from an unknown handling of files in the OpenAPI Endpoint component, which may lead to...

6.3CVSS5.8AI score0.00357EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.12 views

Tenda F456 安全漏洞

The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a security vulnerability. This vulnerability stems from improper handling of the parameter “page” in the function frmL7ImForm located in the file/goform/L7Im. It may lead to a...

9CVSS7.5AI score0.00438EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.12 views

Edimax EW-7438RPn 命令注入漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Version 1.12 of the Edimax EW-7438RPn has a command injection vulnerability. This vulnerability stems from improper handling of the parameter maxConn/timeOut in the formConnectionSetting function of the Setti...

6.5CVSS6.6AI score0.01158EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Besen BS20 EV Charging Station 安全漏洞

The Besen BS20 EV Charging Station is an AC electric vehicle wall-mounted charging station developed by the Chinese company Besen. The Besen BS20 EV Charging Station, including versions dated before April 2026, contains security vulnerabilities. These vulnerabilities stem from improper operation ...

5.1CVSS5.8AI score0.00158EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.9 views

Vane 访问控制错误漏洞

Vane is a privacy-oriented AI chatbot engine developed by Kushagra Srivastava. It supports both local and cloud models. Versions of Vane prior to 1.12.1 contained an access control vulnerability. This vulnerability stemmed from an unknown feature in the file route.ts within the component API, whi...

6.3CVSS6.1AI score0.00437EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.10 views

Edimax EW-7438RPn 命令注入漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Version 1.12 of the Edimax EW-7438RPn contains a command injection vulnerability. This vulnerability stems from improper handling of the parameter “method” in the function formEZCHNwlanSetup of the component...

6.5CVSS6.6AI score0.01158EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.12 views

Ettercap 安全漏洞

Ettercap is an open-source suite designed to protect against man-in-the-middle attacks. It features sniffing of real-time connections and dynamic content filtering. Versions of Ettercap prior to 0.8.3 contained security vulnerabilities. These vulnerabilities stemmed from improper parameter handli...

6.3CVSS6.5AI score0.00319EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.10 views

Besen BS20 EV Charging Station 安全漏洞

The Besen BS20 EV Charging Station is an AC electric vehicle wall-mounted charging station developed by the Chinese company Besen. The Besen BS20 EV Charging Station, including versions dated before April 2026, has a security vulnerability. This vulnerability stems from improper operation of...

3.1CVSS5.7AI score0.00294EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.9 views

Joomla Component Ek Rishta SQL注入漏洞

The Joomla Component Ek Rishta is a Joomla-based dating and networking website component developed by the Ek Rishta team. Version 2.10 of the Ek Rishta component contains an SQL injection vulnerability. This vulnerability arises from the injection of malicious code through the username parameter,...

8.8CVSS6.2AI score0.00358EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.10 views

WordPress plugin WishList Member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS5.9AI score0.00258EPSS
Exploits0References3
Total number of security vulnerabilities195539