Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/23 12:0 a.m.10 views

WordPress plugin WishList Member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.00248EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.14 views

cal.diy 代码问题漏洞

cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier have code vulnerabilities. These vulnerabilities stem from the Logo API component file apps/web/app/api/logo/route.ts, specifically the function validateUrlForSSRF, which may lead to...

5CVSS6AI score0.00199EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.15 views

Edimax BR-6428nS 命令注入漏洞

The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. Version 1.10 of the Edimax BR-6428nS contains a command injection vulnerability. This vulnerability stems from improper handling of the parameter “repeaterSSID” in the formWlbasic function within the POST request processing...

6.5CVSS6.7AI score0.01398EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.9 views

Smartshop SQL注入漏洞

Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a SQL injection vulnerability. This vulnerability arises from injecting SQL code through the searched parameter in the search.php file. It may allow unauthenticated attackers to manipulat...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.10 views

Smartshop SQL注入漏洞

Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter, which may allow unauthenticated attackers to execute arbitrary SQL queries...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.9 views

WordPress plugin Ultimate Form Builder Lite SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS6AI score0.00214EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.10 views

Audiograbber 安全漏洞

Audiograbber is a software tool developed by Audiograbber Inc. for capturing audio CDs and converting them into digital audio format. Version 1.83 of Audiograbber contained a security vulnerability. This vulnerability stemmed from a local buffer overflow, which could allow attackers to execute...

8.6CVSS6.3AI score0.00162EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.12 views

WordPress plugin WooCommerce PayPal Payments 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.2CVSS5.8AI score0.00401EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.12 views

WordPress plugin Wishlist Member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.9 views

vps-inventory-monitoring 代码注入漏洞

vps-inventory-monitoring is a web inventory monitoring tool developed by individual developer 546669204. vps-inventory-monitoring has a code injection vulnerability, which stems from the use of the eval function in the VpsTest Console component file app/index/command/VpsTest.php, specifically...

6.5CVSS6.7AI score0.00237EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.11 views

Edimax BR-6428nS 安全漏洞

The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. Version 1.10 of the Edimax BR-6428nS contains a security vulnerability. This vulnerability stems from improper handling of the parameter “vapurl” in the “formWirelessTbl” function within the POST request processing program,...

9CVSS7.8AI score0.00542EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.11 views

WordPress plugin Wishlist Member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.8CVSS6AI score0.00244EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.9 views

UserSpice 安全漏洞

UserSpice is an open-source PHP framework for user management and identity authentication. Version 4.3.24 of UserSpice contains a security vulnerability that stems from username enumeration. This vulnerability could allow unauthenticated attackers to discover valid usernames by sending POST...

9.8CVSS5.8AI score0.00433EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.9 views

Joomla Component jomres 跨站请求伪造漏洞

The Joomla component jomres is a hotel and property online reservation management component developed by the Jomres developer. Version 9.11.2 of the Joomla component jomres contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, allowing...

5.3CVSS5.7AI score0.00132EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.12 views

Edimax EW-7438RPn 操作系统命令注入漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Versions of Edimax EW-7438RPn prior to 1.31 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the function formWpsStart in the webs component...

6.5CVSS6.6AI score0.01519EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.9 views

WordPress plugin Form Maker SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.1CVSS6AI score0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.11 views

D-Link DIR-601 安全漏洞

The D-Link DIR-601 is a home wireless router produced by D-Link Corporation. The D-Link DIR-601 2.02NA version has a security vulnerability. This vulnerability arises from manipulating the tablename parameter in POST requests, which may allow unauthenticated attackers to retrieve sensitive...

8.7CVSS5.8AI score0.00585EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.10 views

UserSpice 跨站脚本漏洞

UserSpice is an open-source PHP framework for user management and identity authentication developed by UserSpice. Version 4.3.24 of userSpice contains a cross-site scripting vulnerability. This vulnerability stems from the injection of malicious scripts through the X-Forwarded-For HTTP header,...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.11 views

New API 安全漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.12.1 contain security vulnerabilities. These vulnerabilities stem from the RelayMidjourneyImage/GetByOnlyMJId function in the router/relay-router.go file of the Midjourney Image Relay Endpoint...

6.3CVSS5.8AI score0.00291EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.10 views

10-Strike Network Scanner 安全漏洞

The 10-Strike Network Scanner is a local area network device discovery and network scanning tool developed by the 10-Strike company in the United States. Version 3.0 of the 10-Strike Network Scanner contains a security vulnerability. This vulnerability stems from a local buffer overflow in the ho...

8.6CVSS6.2AI score0.00166EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.16 views

Yakamara Media Redaxo CMS Mediapool Addon 安全漏洞

Yakamara Media Redaxo CMS Mediapool Addon is an extension for media resource management within the REDAXO content management system developed by Yakamara Media. Versions of Yakamara Media Redaxo CMS Mediapool Addon prior to version 5.5.1 contained security vulnerabilities. These vulnerabilities...

8.8CVSS6.1AI score0.00452EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.12 views

WordPress plugin Contact Form Maker SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.11 views

Edimax BR-6428nS 安全漏洞

The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. Version 1.10 of the Edimax BR-6428nS contains a security vulnerability. This vulnerability stems from improper handling of the parameter “pppUserName” in the POST request processing program, specifically in the...

9CVSS7.8AI score0.00542EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.10 views

Dolibarr ERP CRM 代码注入漏洞

Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Version 7.0.3 of Dolibarr ERP CRM contains a code injection vulnerability. This vulnerability stems from injecting PHP code via the dbname parameter, which may allow unauthenticated attackers to execu...

9.8CVSS6.1AI score0.01701EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.10 views

Smartshop SQL注入漏洞

Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter, which may allow unauthenticated attackers to execute arbitrary SQL queries...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.11 views

Joomla Component Ek Rishta SQL注入漏洞

The Joomla component Ek Rishta is a Joomla-based dating and networking website component developed by the Ek Rishta team. Version 2.10 of the Ek Rishta component contains a SQL injection vulnerability. This vulnerability arises from injecting SQL code via the cid parameter, which may allow...

8.8CVSS5.9AI score0.00358EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.9 views

Edimax BR-6428nS 命令注入漏洞

The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. Version 1.10 of the Edimax BR-6428nS has a command injection vulnerability. This vulnerability stems from improper handling of multiple parameters in the system function of the goform/formWlanM file during POST request...

6.5CVSS6.6AI score0.01158EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.10 views

SIPp 安全漏洞

SIPp is an open-source SIP protocol testing tool and traffic generator developed by SIPp. Versions of SIPp 3.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from local buffer overflows in the handling of command-line parameters, which could allow local attackers to...

8.6CVSS6.2AI score0.00162EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.9 views

amf 缓冲区错误漏洞

AMF is an open-source library under Apache License, developed by Free5GC. Versions of AMF prior to 2.1.1 contain a buffer error vulnerability, which stems from unknown features of the PathSwitchRequest handler. This vulnerability may lead to memory corruption...

6.5CVSS6.7AI score0.00228EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.13 views

Smartshop 跨站请求伪造漏洞

Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, allowing attackers to manipulate user profiles by tricking authenticated users into...

5.3CVSS5.7AI score0.00132EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.9 views

cal.diy 安全漏洞

cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier contain security vulnerabilities, which stem from unknown functions and may lead to cross-site request forgery attacks...

5.3CVSS5.6AI score0.00194EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.15 views

SourceCodester Hospitals Patient Records Management System SQL注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability stems from...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.13 views

amf 缓冲区错误漏洞

AMF is an open-source library under Apache License, developed by Free5GC. Versions of AMF prior to 2.1.1 contain a buffer error vulnerability. This vulnerability stems from unknown code in the NGReset Message Handler component, which may lead to memory corruption...

6.5CVSS6.8AI score0.00228EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.12 views

amf 缓冲区错误漏洞

AMF is an open-source library under Apache License, developed by Free5GC. Versions of AMF prior to 2.1.1 contain a buffer error vulnerability, which stems from unknown parts of the NGSetupRequest Handler component, potentially leading to memory corruption...

6.5CVSS6.7AI score0.00228EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.11 views

amf 缓冲区错误漏洞

AMF is a control plane function in the Aether SD-Core Project’s open-source 5G core network. Versions of AMF prior to 2.1.1 contained a buffer error vulnerability. This vulnerability originates from the PDUSessionResourceModifyIndication function in the /go/src/amf/ngap/handler.go file, and it...

6.5CVSS6.8AI score0.00228EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.19 views

New API SQL注入漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.12.1 have a SQL injection vulnerability. This vulnerability originates from the SearchUserTopUps/SearchAllTopUps function in the model/topup.go file of the self Endpoint component, which may lead to...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fragment transmission helper function failing to propagate the SKBFLSHAREDFRAG bit. This coul...

8.8CVSS5.8AI score0.00135EPSS
Exploits7References7
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the skbtrycoalesce function does not propagate the SKBFLSHAREDFRAG flag during...

7.8CVSS6.1AI score0.03663EPSS
Exploits11References12
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.10 views

10-Strike Network Inventory Explorer 安全漏洞

10-Strike Network Inventory Explorer is a scanning software developed by 10-Strike Corporation. It is used to track hardware and software on network computers. Version 8.54 of 10-Strike Network Inventory Explorer contains a security vulnerability. This vulnerability stems from a stack-based buffe...

8.6CVSS6.5AI score0.00162EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

Dell ECS 访问控制错误漏洞

Dell ECS is an enterprise-level object storage solution from the American company Dell. Versions 3.5 and 3.6 of Dell ECS contain access control vulnerability issues. This vulnerability stems from improper access control in the identity and access management module, which may allow remote...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Ubiquiti UniFi OS Server 安全漏洞

The Ubiquiti UniFi OS Server is a server platform developed by the Ubiquiti company, designed for managing UniFi networks and security devices. The Ubiquiti UniFi OS Server has a security vulnerability, which stems from improper input validation. This vulnerability could allow malicious actors wi...

9.1CVSS5.9AI score0.01248EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

WordPress plugin CBX 5 Star Rating & Review 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.8AI score0.00264EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.12 views

CIOP-PIB STER 安全漏洞

CIOP-PIB STER is a occupational safety and human ergonomics risk assessment software system developed by the Polish company CIOP-PIB. Versions of CIOP-PIB STER prior to version 9.5 contained security vulnerabilities. These vulnerabilities stemmed from the use of unencrypted TCP traffic for data...

8.7CVSS5.8AI score0.00225EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

WordPress plugin KIA Subtitle 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00249EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Microsoft Azure Entra ID 安全漏洞

Microsoft Azure Entra ID is a cloud-based identity and access management service provided by Microsoft Corporation in the United States. There is a security vulnerability in Microsoft Azure Entra ID, which stems from improper permission management. This vulnerability could allow unauthorized...

7.5CVSS5.8AI score0.00551EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.15 views

Microsoft Office SharePoint 代码问题漏洞

Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. There is a code vulnerability in Microsoft Office SharePoint, which stems from deserializing untrusted data, potentially allowing authorized attackers to execute...

8.8CVSS6.2AI score0.03219EPSS
Exploits4References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

BentoML 后置链接漏洞

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Versions of BentoML prior to 1.4.38 contained a post-link vulnerability. This vulnerability stemmed from the fact that the bui...

5.5CVSS5.8AI score0.00284EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.14 views

Arm NN 安全漏洞

Arm NN is an open-source machine learning inference engine optimized for the Arm architecture, developed by Arm Software. Versions of Arm NN prior to 2026-03-27 contained a security vulnerability. This vulnerability stemmed from integer overflow in the TensorShape::GetNumElements function, which...

6.2CVSS6AI score0.00132EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.14 views

ClipBucket 安全漏洞

ClipBucket is an open-source PHP script developed by MacWarrior. It is available for free download and used to create video-sharing websites. Version 5.5.2 of ClipBucket contains a security vulnerability. This vulnerability stems from the authentication interface, the login page endpoint, and the...

7.3CVSS6.1AI score0.00324EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Ubiquiti UniFi OS Server 安全漏洞

The Ubiquiti UniFi OS Server is a server platform developed by the Ubiquiti company, designed for managing UniFi networks and security devices. The Ubiquiti UniFi OS Server has a security vulnerability that stems from path traversal attacks. This vulnerability may allow malicious actors with...

7.7CVSS5.8AI score0.0068EPSS
Exploits0References1
Total number of security vulnerabilities195539