Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Dell VxRail 日志信息泄露漏洞

Dell VxRail is a single HCI platform offered by the American company Dell. It is designed for each VMware workload and use case, including VDI and computationally intensive applications. It also enables the hosting of both traditional and modern applications in true hybrid cloud infrastructure...

6.7CVSS5.8AI score0.00117EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

WordPress plugin MotoPress Hotel Booking 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS6AI score0.00278EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.20 views

WordPress plugin Easy Elements for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS5.8AI score0.00541EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Ubiquiti UniFi OS Server 安全漏洞

The Ubiquiti UniFi OS Server is a server platform developed by the Ubiquiti company, designed for managing UniFi networks and security devices. The Ubiquiti UniFi OS Server has a security vulnerability that stems from path traversal attacks. This vulnerability could allow malicious actors with...

10CVSS5.8AI score0.02269EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Ubiquiti UniFi OS Server 安全漏洞

The Ubiquiti UniFi OS Server is a server platform developed by the Ubiquiti company, designed for managing UniFi networks and security devices. The Ubiquiti UniFi OS Server has a security vulnerability, which stems from improper input validation. This vulnerability could allow malicious actors wi...

10CVSS5.9AI score0.78555EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

Ubiquiti UniFi OS Server 安全漏洞

The Ubiquiti UniFi OS Server is a server platform developed by the Ubiquiti company, designed for managing UniFi networks and security devices. The Ubiquiti UniFi OS Server has a security vulnerability that stems from improper access control. This vulnerability could allow malicious individuals...

10CVSS5.8AI score0.02452EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

Microsoft Power Pages 命令注入漏洞

Microsoft Power Pages is a secure, enterprise-level low-code SaaS platform provided by Microsoft. It is used for creating, hosting, and managing sophisticated external business websites. Microsoft Power Pages has a command injection vulnerability, which stems from improper neutralization of speci...

10CVSS6AI score0.00577EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

Dell PowerFlex Manager 安全漏洞

Dell PowerFlex Manager is a product of the American company Dell. Versions of Dell PowerFlex Manager prior to 4.6.2 contained security vulnerabilities. These vulnerabilities stemmed from the insecure storage of sensitive information, which could allow unauthenticated attackers with local access t...

5.5CVSS5.8AI score0.00103EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

Microsoft Planetary Computer Pro 代码问题漏洞

Microsoft Planetary Computer Pro is an enterprise-level geospatial data management and environmental analysis platform developed by Microsoft Corporation. There is a code vulnerability in Microsoft Planetary Computer Pro, which stems from deserializing unreliable data. This vulnerability could...

10CVSS5.8AI score0.00922EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6.0 to 2026.1.16.0, as well as versions prior to 2025.3.20.0, have security...

2.6CVSS5.8AI score0.00129EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

WordPress plugin Slider by Soliloquy 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

WordPress plugin Draft List 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.0022EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Easy Chat Server 安全漏洞

Easy Chat Server is a LAN chat server software developed by Easy Chat Server Inc. Version 3.1 of Easy Chat Server contains a security vulnerability. This vulnerability stems from the UserName parameter, which allows for directory traversal. As a result, remote attackers may gain access to sensiti...

6.5CVSS6AI score0.00866EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

amazon-braket-sdk-python 安全漏洞

Amazon Braket SDK Python is a Python development toolkit for Amazon Braket’s open-source quantum computing service. Versions of Amazon Braket SDK Python prior to 1.117.0 contained a security vulnerability. This vulnerability stemmed from an insecure deserialization mechanism in the job result...

7.5CVSS6.2AI score0.0038EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Microsoft Azure Virtual Network Gateway 输入验证错误漏洞

Microsoft Azure Virtual Network Gateway is a cloud gateway service provided by Microsoft that supports VPN and cross-network connectivity. There is an input validation vulnerability in Microsoft Azure Virtual Network Gateway, which stems from improper input validation. This vulnerability may allo...

9.9CVSS6AI score0.00525EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.12 views

Docker Model Runner 安全漏洞

Docker Model Runner is an open-source Docker model runner developed by Docker. There is a security vulnerability in Docker Model Runner MLX. This vulnerability stems from the unconditional import and execution of any Python file in the model directory. It may allow malicious models to be pulled...

8.8CVSS6.2AI score0.00224EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.16 views

Microsoft Entra 安全漏洞

Microsoft Entra is an identity and access management system developed by the American company Microsoft. There is a security vulnerability in Microsoft Entra, which stems from using alternative paths or channels to bypass authentication. This could allow unauthorized attackers to gain elevated...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

WordPress plugin FluentCRM 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.4CVSS6AI score0.00645EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

Follett Destiny Library Manager 安全漏洞

Follett Destiny Library Manager is a school library resource and collection management system developed by the Follett company in the United States. The version 2202rc1 of Follett Destiny Library Manager contains security vulnerabilities. These vulnerabilities are due to directory traversal...

7.5CVSS6AI score0.00715EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.13 views

Microsoft Azure Orbital Spatio 代码问题漏洞

Microsoft Azure Orbital Spatio is a satellite geospatial data processing and analysis platform developed by Microsoft Corporation. There is a code vulnerability in Microsoft Azure Orbital Spatio, which stems from unlimited upload of dangerous types of files. This vulnerability could allow...

10CVSS6AI score0.00534EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Avantra 安全漏洞

Avantra is a SAP software developed by the Avantra company. Versions of Avantra prior to 25.3.0 contained security vulnerabilities. These vulnerabilities stemmed from unprotected credential transmission, which could lead to sniffing attacks...

9.1CVSS5.8AI score0.00192EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.12 views

TeamViewer DEX Platform On-Premises 安全漏洞

The TeamViewer DEX Platform On-Premises is a locally deployed digital employee experience management platform by the German company TeamViewer. Prior to version 9.2 of the TeamViewer DEX Platform On-Premises, there were security vulnerabilities. These vulnerabilities stemmed from incorrect...

5.4CVSS5.8AI score0.00141EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6.0 to 2026.1.16.0, as well as versions prior to 2025.3.20.0, have security...

5.4CVSS5.8AI score0.00142EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

CIOP-PIB STER 安全漏洞

CIOP-PIB STER is a occupational safety and human ergonomics risk assessment software system developed by the Polish company CIOP-PIB. Versions of CIOP-PIB STER prior to version 9.5 contained security vulnerabilities. These vulnerabilities stemmed from the use of weak password encoding algorithms,...

8.7CVSS5.8AI score0.00225EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

CIOP-PIB STER SQL注入漏洞

CIOP-PIB STER is a occupational safety and human factors risk assessment software system developed by the Polish company CIOP-PIB. Versions of CIOP-PIB STER prior to version 9.5 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of multiple search filter...

8.7CVSS5.8AI score0.00225EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...

6.5CVSS5.8AI score0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

libheif 缓冲区错误漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a buffer error vulnerability. This vulnerability arises from the fact that the number of samples declared in the saiz frame exceeds the...

8.1CVSS6AI score0.00302EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

libheif 代码问题漏洞

Libheif is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of Libheif prior to 1.21.2 have a code vulnerability that can be exploited through format-errors in HEIF sequence files. This vulnerability allows for out-of-bound reads,...

6.5CVSS5.9AI score0.00253EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.12 views

Mantis Bug Tracker 跨站脚本漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions 2.11.0 to 2.28.1 of Mantis Bug Tracker contain a cross-site scripting vulnerability. This vulnerability stems from allowing any authenticated user to inject arbitrary HTML through the update accoun...

7.2CVSS5.8AI score0.00424EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Version 3.15.2 of Typebot contains a security vulnerability. This vulnerability arises from the use of Array.filter with asynchronous callbacks in the getLinkedTypebots API endpoint, causing the authorization check to always...

6.5CVSS5.8AI score0.00256EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

Dell PowerFlex Manager 安全漏洞

Dell PowerFlex Manager is a software-defined infrastructure deployment and lifecycle management platform developed by the American company Dell. Versions of Dell PowerFlex Manager prior to 4.6.2 contain security vulnerabilities. These vulnerabilities stem from the insecure storage of sensitive...

5.5CVSS5.8AI score0.00102EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

WordPress plugin WP Blockade 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.8AI score0.00249EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.12 views

Request Tracker 安全漏洞

Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions prior to Request Tracker 5.0.10, as well as versions 6.0.0 to 6.0.2, contained security vulnerabilities. These vulnerabilities stemmed from the fact that data controlled by users during spreadsheet...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.16.0 and earlier contained a security vulnerability. This vulnerability stemmed from the WhatsApp Cloud API webhook endpoint not verifying the x-hub-signature-256 HMAC signature, allowing unauthenticate...

6.5CVSS5.8AI score0.0014EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.12 views

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the findResult query not filtering results based on typebotId, which could lead to the loading of result data from...

3.1CVSS5.8AI score0.00186EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.12 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have security vulnerabilities. These vulnerabilities stem from a vulnerability that can be exploited by cross-site request forgery attacks. This could allow victims with...

4.3CVSS5.7AI score0.00103EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.13 views

Request Tracker 跨站请求伪造漏洞

Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions 6.0.0 to 6.0.2 of Request Tracker contain a cross-site request forgeing vulnerability. This vulnerability arises from cross-site request forgery, allowing attackers to induce logged-in users to acce...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

authentik 安全漏洞

Authentik is an open-source identity provisioning application developed by Authentik. Versions of Authentik prior to 2025.12.5, as well as versions from 2026.2.0-rc1 to 2026.2.2, contained security vulnerabilities. These vulnerabilities stemmed from the PATCH /api/v3/core/users/pk/ API, which...

8.1CVSS5.9AI score0.00392EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contain security vulnerabilities. These vulnerabilities stem from the fact that the bot-engine still allows any authenticated user to use credentials from any workspace through the...

7.1CVSS5.8AI score0.00271EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.14 views

Ruby 竞争条件问题漏洞

Ruby is a cross-platform, object-oriented dynamic type programming language developed by Yukihiro Matsumoto. Prior to Ruby 4.0.5, there was a race condition vulnerability. This vulnerability stemmed from a race condition in the getaddrinfo handling process based on pthread, where reusing resource...

8.1CVSS5.8AI score0.00478EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.16 views

Sunshine 信任管理问题漏洞

Sunshine is an Open Source Moonlight-based autonomous gaming streaming host developed by LizardByte. Earlier versions of Sunshine, such as 2026.516.143833, had vulnerabilities related to trust management. These vulnerabilities stemmed from improper handling of OpenSSL verification results. Custom...

9.8CVSS5.8AI score0.00291EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

WordPress plugin Alfie – Feed Plugin 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00164EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Zephyr 安全漏洞

Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, caused by a bit offset issue. A remote attacker can set an unvalidated negative value of logannounceinterval by sending a specially crafted PTPMSGMANAGEMENT message...

6.5CVSS5.8AI score0.00194EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

WordPress plugin FastX theme 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

4.3CVSS5.8AI score0.0023EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.12 views

Docker Model Runner 安全漏洞

Docker Model Runner is an open-source Docker model runner developed by Docker. Docker Model Runner vllm-metal contains a security vulnerability. This vulnerability arises from setting trustremotecode=True without any sandbox protection. It may allow arbitrary Python files to be executed during...

8.8CVSS6.3AI score0.00224EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Microsoft Azure Stack HCI 输入验证错误漏洞

Microsoft Azure Stack HCI is a hybrid product developed by Microsoft Corporation. It can host Windows and Linux VMs or containerized workloads along with their storage. There is an input validation vulnerability in Microsoft Azure Stack HCI, which stems from improper input validation. This...

7.7CVSS5.8AI score0.00579EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

WordPress plugin Ditty 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

WordPress plugin Vedrixa Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.14 views

JupyterHub 跨站请求伪造漏洞

JupyterHub is an open-source service designed for multi-user environments using Jupyter. Versions 4.1.0 to 5.4.4 of JupyterHub contain a cross-site request forgeing vulnerability. This vulnerability arises from the improper handling of XSRF protections, which mistakenly treat requests with the...

5.4CVSS5.7AI score0.00159EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

shell-quote 安全漏洞

Shell-quote is a software package developed by Jordan Harband. It is used for parsing and quoting shell commands. Shell-quote has a security vulnerability. This vulnerability stems from the quote function not verifying the object token input and the operator model used in parse. As a result, line...

9.2CVSS5.7AI score0.00848EPSS
Exploits1References5
Total number of security vulnerabilities195539