Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

Concrete CMS 跨站脚本漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier had a cross-site scripting vulnerability. This vulnerability occurred due to the OAuth integration name being rendered using the t translation assistant. As a result, the...

7.3CVSS5.7AI score0.00181EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.17 views

Concrete CMS 代码问题漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have code vulnerabilities. These vulnerabilities stem from insecure deserialization in the ExpressEntryList block controller. This could allow malicious administrators wi...

8.9CVSS6.2AI score0.0047EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

IINA 参数注入漏洞

IINA is an open-source modern macOS video player developed by IINA. Versions of IINA prior to 1.4.3 had a parameter injection vulnerability. This vulnerability stemmed from the lack of validation for the mpvoptions/input-commands parameter via the custom URL scheme iina://open. This allowed remot...

8.8CVSS6.1AI score0.00702EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.8 views

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the disabling of TLS certificate verification in incs/login.inc.php,...

8.2CVSS5.8AI score0.00205EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the disabling of TLS certificate verification in the file...

8.2CVSS5.8AI score0.00173EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the disabling of TLS certificate verification in the ajax/reports.php file...

8.2CVSS5.8AI score0.00169EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the fact that the values of latitude, longitude, callsign, mph, altitude, and timestamp,...

8.8CVSS5.9AI score0.0024EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from multiple POST parameters in tables.php—tablename, indexname, and sortby—which were...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the type POST parameter in the landb.php file, allowing uncleaned valu...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the frmaddstr POST parameter was not cleared in icc202.php, allowin...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.8 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of cleanup in the deletemodule.php file, allowing multiple POST paramete...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to clean the frmaddstr POST parameter in ics205a.php, allowing for th...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the frmaddstr POST parameter was not cleared in ics205.php, allowin...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the circular.php file, where the frmid POST parameter was directly inserted into...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the direct insertion of the ticketid POST parameter into HTML form input fields...

5.4CVSS5.8AI score0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

MLflow 访问控制错误漏洞

MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code into repeatable runs, and sharing and deploying models. Versions of mlflow prior to 3.9.0 contained a access control vulnerability. This vulnerability...

6.5CVSS6.7AI score0.00441EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.16 views

PowerDNS Authoritative 命令注入漏洞

PowerDNS Authoritative is a DNS server software developed by PowerDNS Corporation. PowerDNS Authoritative has a command injection vulnerability, which stems from insufficient name validation during the AXFR process...

8.6CVSS5.8AI score0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fbdev: udlfb module. In this module, the dlfbopsmmap function does not set vmops, causing the...

7.3CVSS5.8AI score0.00113EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.20 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an incorrect inference of the zero-copy status during the cleanup phase before messages are...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system designed for teams. Versions of Concrete CMS prior to 9.5.0 had a cross-site request forgeing vulnerability. This vulnerability stems from the function concrete/controllers/backend/file removeFavoriteFolder$id, which is vulnerable to...

8.8CVSS5.7AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the direct concatenation of the id GET parameter in the ajax/mobilemain.php file into th...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

Uncrustify 安全漏洞

Uncrustify is an open-source multi-language source code formatting tool developed by uncrustify. The version UncrustifyUncrustifyd-0.82.0-132-bcc41cbdc contains security vulnerabilities. These vulnerabilities stem from buffer overflows in the checktemplate.cpp file, the checktemplate function, th...

6.2CVSS6AI score0.00134EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have security vulnerabilities, which stem from IDOR. These vulnerabilities may allow unauthorized access to all conversation messages and file attachments...

6.3CVSS5.8AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from IPv6: when the SRH compression level increases in RPL, the maclen header field is not reserved,...

9.8CVSS5.8AI score0.00475EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

authentik 安全漏洞

Authentik is an open-source identity provisioning application developed by Authentik. Versions of Authentik prior to 2025.12.4, as well as versions from 2026.2.0-rc1 to 2026.2.2, contain security vulnerabilities. These vulnerabilities stem from XML injection in SAML NameID fields, which could all...

8.7CVSS5.8AI score0.00502EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of current instead of waiter::task in the removewaiter function within the rtmutex. This...

7.8CVSS5.8AI score0.00125EPSS
Exploits7References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.8 views

PowerDNS Authoritative 资源管理错误漏洞

PowerDNS Authoritative is a DNS server software developed by PowerDNS Corporation. PowerDNS Authoritative has a resource management vulnerability, which stems from insufficient validation of Autoprimary SOA queries...

7.5CVSS5.8AI score0.00365EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

Netatalk 安全漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.0 to 4.4.2 of Netatalk have security vulnerabilities. These vulnerabilities stem from improper handling of uppercase...

3.1CVSS5.8AI score0.00257EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.8 views

Netatalk 缓冲区错误漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 1.3 to 4.4.2 of Netatalk contained a buffer error vulnerability. This vulnerability stemmed from out-of-bounds reading during...

7.1CVSS6AI score0.00171EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.11 views

NVIDIA BioNeMo 代码问题漏洞

NVIDIA BioNeMo is a generative AI model development and training platform for the biomedical field developed by NVIDIA Corporation in the United States. NVIDIA BioNeMo has code vulnerabilities, which stem from insecure data deserialization. These vulnerabilities may lead to code execution, denial...

7.8CVSS5.9AI score0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a resource management vulnerability. This vulnerability stemmed from the reuse of WebRTC after it was released, which could allow remote attackers to execute arbitrary code through ...

8.8CVSS6.2AI score0.00796EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

WordPress plugin Cost of Goods by PixelYourSite 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS5.7AI score0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

MongoDB C Driver 安全漏洞

The MongoDB C Driver is an open-source client driver library for connecting to and operating MongoDB databases in C-language programs. There is a security vulnerability in the MongoDB C Driver, which stems from the lack of proper validation of file metadata by the traditional GridFS API. This...

6CVSS5.8AI score0.00281EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.13 views

Talend Administration Center 安全漏洞

Talend Administration Center is a web-based application developed by Talend Corporation in the United States. It allows for centralized management of workspaces. Talend Administration Center has a security vulnerability that stems from stored XSS payloads. This vulnerability could be exploited by...

5.4CVSS5.8AI score0.00178EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.12 views

NVIDIA BioNeMo Core 安全漏洞

NVIDIA BioNeMo Core is a deep learning framework component developed by NVIDIA Corporation for biomedical and protein AI model development. There is a security vulnerability in NVIDIA BioNeMo Core, which stems from the loading of malicious files leading to path traversal. This vulnerability may...

8.8CVSS5.8AI score0.00764EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

Esri ArcGIS Server 安全漏洞

Esri ArcGIS Server is a web-based enterprise-level software platform provided by Esri that can deliver geographic services. Version 11.5 of Esri ArcGIS Server contains a security vulnerability. This vulnerability stems from a weakness in input validation within the login redirection workflow. Thi...

4.7CVSS5.8AI score0.003EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

WordPress plugin Anomify AI 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.9AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

WordPress plugin Infility Global SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.5CVSS5.9AI score0.00359EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.15 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq 1.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from malicious network peer nodes publishing specially crafted Kademlia DHT records where the length of the signature field is...

7.5CVSS5.8AI score0.00626EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.8 views

Rsync 缓冲区错误漏洞

Rsync is a fast and versatile file copying tool developed by RsyncProject. It is used for both remote and local files. Versions of Rsync 3.4.2 and earlier have a buffer error vulnerability. This vulnerability stems from a 32-bit signed counter in the compression token decoder that does not check...

8.1CVSS6AI score0.0078EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.18 views

WordPress plugin All in One SEO 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.11 views

libzypp 安全漏洞

Libzypp is a package manager developed by OpenSUSE. There is a security vulnerability in Libzypp, which arises when the chroot target is the system root directory. This vulnerability allows for traversing paths with root privileges, enabling execution of host binary files...

8.5CVSS5.9AI score0.00214EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting flaw in the dounitmail.php file. It could...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.16 views

Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...

6.5CVSS5.8AI score0.00396EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.25 views

WordPress plugin NextGEN Gallery 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.11 views

NVIDIA Triton Inference Server 资源管理错误漏洞

NVIDIA Triton Inference Server is an open-source software developed by NVIDIA Corporation. It helps standardize model deployment and provide fast, scalable AI capabilities in production environments. NVIDIA Triton Inference Server has a resource management vulnerability that stems from uncontroll...

7.5CVSS5.8AI score0.00411EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

WordPress plugin Sentence To SEO 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

WordPress plugin Easy Elements for Elementor – Addons & Website Templates 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

9.8CVSS5.8AI score0.00494EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.8 views

WordPress plugin Sticky 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

WordPress plugin Word 2 Cash 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.9AI score0.00153EPSS
Exploits0References1
Total number of security vulnerabilities195539