Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

Trend Micro Apex One 后置链接漏洞

Trend Micro Apex One is a terminal protection software developed by Trend Micro, a US-based company. Trend Micro Apex One has a postback link vulnerability, which stems from issues with the scanning engine’s link tracking mechanism. This vulnerability may allow local attackers to gain elevated...

7.8CVSS7.1AI score0.00544EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a security vulnerability in FreeBSD. This vulnerability arises from the fact that, when processing extended attributes, the kernel module does not verify whether the list returned by the daemon process ends with...

5.5CVSS5.7AI score0.00284EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

Trend Micro TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞

Trend Micro TrendAI Vision One Endpoint Security – Standard Endpoint Protection is an enterprise endpoint security platform provided by Trend Micro that offers capabilities for detecting terminal threats, antivirus protection, and managing security policies. There are access control vulnerability...

7.8CVSS6.6AI score0.00213EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

Digital Operation Services WiFiBurada 安全漏洞

Digital Operation Services WiFiBurada is an application developed by Digital Operation Services. Versions of Digital Operation Services WiFiBurada dated before May 20, 2026, have security vulnerabilities. These vulnerabilities stem from the exposure of private personal information to unauthorized...

7.1CVSS5.8AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have security vulnerabilities, which stem from IDOR. These vulnerabilities may allow unauthorized parties to access confirmation messages and obtain ratings...

6.3CVSS5.8AI score0.00195EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

FreeBSD 缓冲区错误漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. FreeBSD has a buffer error vulnerability, which stems from ptracePTSCREMOTE failing to properly validate the parameters of syscall2 and syscall2 system calls. This vulnerability may allow users with debugging capabilitie...

8.4CVSS6.4AI score0.00196EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

TEİAŞ Mobile Application 安全漏洞

TEİAŞ Mobile Application is a mobile application developed by the Turkish company TEİAŞ, which provides information and services related to power transmission operations. Versions of the TEİAŞ Mobile Application from 1.6.2 to 1.13 contained security vulnerabilities. These vulnerabilities were due...

6.3CVSS5.8AI score0.00184EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a security vulnerability in FreeBSD, which stems from the lack of verification that the socket descriptors are within the FDSETSIZE limit, potentially leading to stack corruption. If the target application runs...

8.8CVSS5.8AI score0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

Altium 365 访问控制错误漏洞

Altium 365 is a product design and development platform provided by the American company Altium. Altium 365 has a security vulnerability related to access control, which stems from the lack of authentication. This vulnerability could allow unauthenticated attackers to read, inject, modify, or...

10CVSS5.8AI score0.00339EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

WordPress plugin Broadstreet 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.9AI score0.00219EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.13 views

Netatalk SQL注入漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.1.0 to 4.4.2 of Netatalk have a SQL injection vulnerability. This vulnerability stems from the MySQL CNID backend’s SQL...

8.8CVSS5.9AI score0.00371EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

Mattermost Mobile Apps 跨站请求伪造漏洞

Mattermost Mobile Apps is a messaging mobile application developed by the American company Mattermost. Versions of Mattermost Mobile Apps prior to 2.0.37, 11.0.4 and earlier, 11.1.3 and earlier, 11.3.2 and earlier, as well as 10.11.11.0 and earlier, contain a cross-site request forgeing...

6.1CVSS5.7AI score0.00117EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from schred qdisc directly calling dequeue of sub-qdisc instead of peek and qdiscdequeuepeeked. This could...

5.8AI score0.00118EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from multiple POST parameters in the dbloader.php file—ticketsdb, ticketshost, ticketsuser, a...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS prior to 9.5.0 had a cross-site request forgeing vulnerability. This vulnerability stemmed from the concrete/controllers/backend/file rescan function, which was vulnerable to cross-site...

8.8CVSS5.7AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions prior to Concrete CMS 9.5.0 had a cross-site request forgeing vulnerability, which was exploited through the concrete/controllers/dialog/page/bulk/cache code...

8.8CVSS5.7AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.13 views

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS from 9 to 9.5.0 had a cross-site request forgeing vulnerability, which originated from the concrete/controllers/dialog/logs/bulk/delete file...

8.8CVSS5.7AI score0.00142EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions prior to Concrete CMS 9.5.0 contained security vulnerabilities. These vulnerabilities stemmed from the User Profile Editing controller, which passed the entire original POST array to UserInfo::update...

5.3CVSS5.8AI score0.00182EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have security vulnerabilities, which stem from IDOR. These vulnerabilities may allow unauthorized access to all conversation messages and file attachments...

6.3CVSS5.8AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have security vulnerabilities. These vulnerabilities stem from an oversight in the handling of OAuth 2.0 authorization codes, which bypasses account status checks. This could...

6.4CVSS5.8AI score0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have a security vulnerability. This vulnerability stems from an insecure direct object reference in the attachments parameter of the AddMessage/UpdateMessage functions, which may...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

Drupal 跨站脚本漏洞

Drupal is an open-source content management system developed using the PHP language by the Drupal community. Versions of Drupal 7.x-1.11 and earlier, including 7.x-1.x, have a cross-site scripting vulnerability. This vulnerability stems from the rendering pipeline of the Term Reference Tree...

5.4CVSS5.7AI score0.00172EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier had a cross-site request forgeing vulnerability. This vulnerability stemmed from a CSRF vulnerability in the installpackage method, which could allow attackers to force t...

8.8CVSS5.8AI score0.00171EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have security vulnerabilities. These vulnerabilities stem from the fact that the actiongetevents function in the calendar block does not check the canView permissions of...

6.3CVSS5.8AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have a security vulnerability. This vulnerability arises from failing to clean up the path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field...

9.4CVSS6.1AI score0.00738EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the disabling of TLS certificate verification in incs/functions.inc.php,...

8.2CVSS5.8AI score0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

Authen::TOTP 安全特征问题漏洞

Authen::TOTP is a two-factor authentication OTP generation and verification tool developed by tchatzi’s developer. Prior to version 0.1.1 of Authen::TOTP, there were security vulnerabilities related to the use of the Perl built-in rand function for generating secrets. This function is predictable...

7.5CVSS5.8AI score0.00416EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from hardcoding MySQL database connection credentials in the importmdb.php file...

9.2CVSS5.9AI score0.00297EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the POST parameter tickid being directly concatenated into the WHERE clause of the SELEC...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the fact that the POST parameters frmticketid and frmrespid were directly concatenated...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the direct concatenation of the sort and dir GET parameters into the ORDER BY clause in...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the offset GET parameters in the ajax/sitincidents.php file being directly concatenated...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the ticketid GET parameter in routesi.php, allowing uncleaned values t...

5.4CVSS5.7AI score0.00169EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the frmaddstr POST parameter in the ics213rr.php file, allowing...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.8 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the frmaddstr POST parameter in the ics214.php file, allowing uncleane...

5.4CVSS5.8AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the frmaddstr POST parameter in the ics213.php file, allowing uncleane...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

Request Tracker 跨站脚本漏洞

Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions 5.0.4 to 5.0.9, as well as 6.0.0 to 6.0.2, have a cross-site scripting vulnerability. This vulnerability stems from the Page parameter in GET requests, which may lead to reflective cross-site...

6.1CVSS5.7AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of validation for the portcount field in the t7xxport EnumMsghandler function. This...

8.8CVSS5.8AI score0.00272EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

PowerDNS Authoritative 访问控制错误漏洞

PowerDNS Authoritative is a DNS server software developed by PowerDNS Corporation. PowerDNS Authoritative has a vulnerability related to access control, which stems from incorrect behavior in the view of TCP PROXY requests...

4.8CVSS5.8AI score0.00142EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

Concrete CMS 信息泄露漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier had a vulnerability related to information leakage. This vulnerability stemmed from insufficient permission checks in the use of controllers, which could allow...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions prior to Concrete CMS 9.5.0 had a cross-site request forgeing vulnerability. This vulnerability stemmed from the concrete/controllers/backend/file function, which was vulnerable to cross-site request...

8.8CVSS5.7AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.15 views

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions prior to Concrete CMS 9.5.0 had a cross-site request forgeing vulnerability, which was exploited through the concrete/controllers/dialog/page/bulk/design code...

8.8CVSS5.7AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS from 9 to 9.5.0 had a cross-site request forgeing vulnerability, which originated from the concrete/controllers/dialog/page/bulk/delete file...

8.8CVSS5.7AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.14 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have security vulnerabilities, which stem from IDOR. These vulnerabilities could allow unauthorized attackers to submit restricted survey options through public survey endpoints...

6.3CVSS5.8AI score0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

Concrete CMS 跨站脚本漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from an exploit of the updateCollectionAliasExternal function, which allowed for bypassed cleanup...

5.4CVSS5.6AI score0.0015EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.13 views

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system designed for teams. Versions of Concrete CMS 9.5.0 and earlier contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the reverse implementation of CSRF token checks in the DeleteFile controller, which could...

4.3CVSS5.7AI score0.00116EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have a security vulnerability. This vulnerability stems from the submitpassword method bypassing the viewfile permission checks, which may allow unauthorized access to files...

6.3CVSS5.8AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.14 views

Concrete CMS 代码问题漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have code vulnerabilities. These vulnerabilities stem from the RSS Displayer block accepting arbitrary feed URLs without validation, which may lead to redirection to...

6.4CVSS6AI score0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.23 views

Webmin 跨站脚本漏洞

Webmin is a set of web-based system management tools for Unix-like operating systems, developed by the Webmin community. Versions of Webmin prior to 2.641 contained a cross-site scripting vulnerability. This vulnerability stemmed from the email template description field in the System and Server...

5.4CVSS5.9AI score0.00168EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system designed for teams. Versions of Concrete CMS 9.5.0 and earlier contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of validation on CSRF tokens, which could allow attackers to force administrators...

8.8CVSS5.8AI score0.00122EPSS
Exploits0References1
Total number of security vulnerabilities195539