Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/19 12:0 a.m.14 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability stems from an access control flaw in the Account Resources user lookup endpoint. It allows remote authenticated users who have at least one...

4.3CVSS6AI score0.0037EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from the improper application of the OIDC bypass feature in the domain-level notBefore policy. This vulnerability may cause revoked tokens to remain...

5.4CVSS5.8AI score0.00281EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Pharmacy Management System 安全漏洞

The Pharmacy Management System MPMS is a multilingual pharmacy management system developed by Mayuri K. The Pharmacy Management System 5c3d028 version has a security vulnerability. This vulnerability stems from the /api/user/signup endpoint, which fails to validate the role parameter in the reque...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Nozomi Networks CMC和Nozomi Networks Guardian 安全漏洞

Nozomi Networks CMC and Nozomi Networks Guardian are both products of Nozomi Networks, a company based in the United States. Nozomi Networks CMC is a network management platform. Nozomi Networks Guardian is a security software. Both Nozomi Networks CMC and Nozomi Networks Guardian have security...

5.1CVSS5.9AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

terrascan 代码问题漏洞

Trenescan is an open-source infrastructure code static security analysis tool developed by Tenable. Versions of Trenescan 1.18.3 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the webhookurl parameter of the file...

8.7CVSS6AI score0.00499EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Microsoft Defender 安全漏洞

Microsoft Defender is a threat protection software developed by the American company Microsoft. There is a security vulnerability in Microsoft Defender, and this vulnerability stems from a denial-of-service attack...

7.5CVSS6AI score0.63076EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

ExifReader 安全漏洞

ExifReader is a image metadata extraction library developed by Mattias Wallander. Versions of ExifReader prior to 4.39.0 contained security vulnerabilities. These vulnerabilities stemmed from insufficient boundary validation when processing ICC mluc tags, which could lead to a memory exhaustion...

8.7CVSS5.8AI score0.00528EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

NGINX JavaScript 安全漏洞

NGINX JavaScript is an extension developed by NGINX as open source. There is a security vulnerability in NGINX JavaScript. This vulnerability arises when configuring NGINX variables controlled by the jsFetchProxy directive, which may lead to a heap buffer overflow, resulting in the restart of the...

9.2CVSS6AI score0.00889EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Escargot 资源管理错误漏洞

Escargot is a lightweight JavaScript engine developed by Samsung as open source, suitable for resource-constrained embedded devices. Escargot has a resource management vulnerability that stems from the reuse of freed resources, potentially leading to pointer manipulation issues...

7.8CVSS5.7AI score0.00287EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.15 views

AMD多款产品 安全漏洞

AMD Ryzen and AMD EPYC are both products of American semiconductor company AMD. AMD Ryzen is a central processing unit CPU. AMD EPYC is a high-performance server processor. Several AMD products have security vulnerabilities. These vulnerabilities stem from improper input validation, which may all...

4.6CVSS5.8AI score0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a buffer overflow vulnerability, which was caused by GPU out-of-bound reads. This vulnerability could allow remote attackers to obtain sensitive information from process memory...

6.5CVSS6.1AI score0.00269EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.14 views

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.6 views

OpenHarmony 安全漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contain security vulnerabilities, and attackers can exploit these vulnerabilities to cause information leaks...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

WordPress plugin Kirki – Freeform Page Builder, Website Builder & Customizer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.5CVSS5.8AI score0.00404EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

OpenHarmony 资源管理错误漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contained a resource management vulnerability that allowed attackers to execute arbitrary code...

6.5CVSS6.1AI score0.00131EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...

8.8CVSS5.8AI score0.0033EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

Scalar 安全漏洞

Scalar is an interactive API documentation and testing tool developed by Scalar OpenSource. Version 0.1.13 of Scalar contains a security vulnerability. This vulnerability stems from an arbitrary file upload vulnerability in the scalarurl query parameter of the Scalar Proxy endpoint, which could...

9.8CVSS6.2AI score0.00526EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

CtrlPanel.gg 安全漏洞

CtrlPanel.gg is an open-source hosting service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg prior to 1.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the management settings update endpoint accepting user-provided class names and using th...

6.6CVSS6.5AI score0.00532EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Panabit PAP-XM320 操作系统命令注入漏洞

Panabit PAP-XM320 is an enterprise-level Internet behavior management and traffic control gateway device developed by Panabit Corporation. Versions of Panabit PAP-XM320 prior to v7.7 contain a vulnerability related to operating system command injection. This vulnerability arises from the...

8.8CVSS6.1AI score0.01667EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

SAMSUNG Walrus 代码问题漏洞

SAMSUNG Walrus is a WebAssembly runtime engine developed by South Korean company Samsung. There is a code vulnerability in SAMSUNG Walrus, which stems from null pointer dereferencing. This vulnerability could allow attackers to exploit it by using specially crafted WebAssembly modules that contai...

5.5CVSS5.9AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

SAMSUNG Escargot 安全漏洞

SAMSUNG Escargot is a memory-optimized JavaScript engine developed by South Korea’s Samsung Corporation. It is suitable for mid-range devices such as smartphones, tablets, and TVs. There is a security vulnerability in SAMSUNG Escargot, which stems from improper handling of exception conditions,...

5.5CVSS5.8AI score0.00266EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a security vulnerability caused by a Chromecast heap buffer overflow. This vulnerability could allow local attackers to execute arbitrary code within a sandbox through malicious...

7.5CVSS6.5AI score0.00187EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Rocket.Chat 访问控制错误漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. Vulnerabilities in access control existed in versions prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12. These vulnerabilities stemmed from the lack of room access checks for the...

5.3CVSS6.1AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

编号撤回

BYD Atto3 is a pure electric compact SUV produced by BYD Corporation of China. The BYD Atto3 has a security vulnerability. This vulnerability allows attackers to obtain permanently valid authentication keys through brute-force attacks, enabling them to perform flash memory operations on the ECUs...

5.8AI score0.00029EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Panabit PAP-XM320 操作系统命令注入漏洞

Panabit PAP-XM320 is an enterprise-level Internet access behavior management and traffic control gateway device developed by Panabit Corporation. Versions of Panabit PAP-XM320 prior to V7.7 contain a vulnerability related to operating system command injection. This vulnerability arises from the W...

5.4CVSS5.8AI score0.00743EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.8 views

OpenHarmony 缓冲区错误漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contained a buffer error vulnerability, which allowed attackers to execute arbitrary code in pre-installed applications...

8.8CVSS6.4AI score0.00552EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

Mozilla Thunderbird 缓冲区错误漏洞

Mozilla Thunderbird is an email client software developed by the Mozilla Foundation in the United States, and it is a standalone version of the Mozilla Application Suite. This software supports IMAP and POP email protocols, as well as HTML email formats. Version 150 of Mozilla Thunderbird contain...

8.8CVSS6.3AI score0.00335EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.14 views

Mozilla Firefox和Mozilla Thunderbird 访问控制错误漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...

6.5CVSS5.8AI score0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.8 views

Mozilla Firefox for Android 安全漏洞

Mozilla Firefox for Android is a web browser designed for Android devices by the Mozilla Foundation in the United States. Versions of Mozilla Firefox for Android prior to version 151 contained a security vulnerability, which was caused by a deceptive issue with the Toolbar component...

6.5CVSS5.8AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...

9.1CVSS5.8AI score0.0042EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that was separated from the Mozilla Application Suite. This software supports IMAP and POP email protocols, ...

7.5CVSS5.8AI score0.00332EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Drupal Orejime 跨站脚本漏洞

Drupal Orejime is a Drupal privacy and cookie consent management module developed by the Drupal company. Versions of Drupal Orejime prior to 2.0.16 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during the web page generation process, which could le...

6.1CVSS5.6AI score0.00196EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Mantis Bug Tracker 跨站脚本漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker 2.28.1 and earlier had a cross-site scripting vulnerability. This vulnerability occurred when cloning issues from other projects, where the clone form added the source project...

8.6CVSS5.7AI score0.00444EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

Template 跨站脚本漏洞

Template is a quick and simple string templating tool developed by Blake Embrey. Versions of Template 3.102 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the htmlfilter function not escaping single quotes, which could lead to HTML and JavaScript injection...

6.1CVSS5.7AI score0.00282EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

zenshin 安全漏洞

Zenshin is an animation list management and media streaming tool developed by Hitarth. Versions of Zenshin prior to 2.7.0 contained security vulnerabilities. These vulnerabilities stemmed from OS command injection in the /stream-to-vlc Express route, which could allow remote attackers to execute...

9.8CVSS6.1AI score0.01622EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

Eclipse Glassfish 代码注入漏洞

Eclipse Glassfish is an application server developed by the Eclipse Foundation. Eclipse Glassfish has a code injection vulnerability. This vulnerability stems from allowing users with panel access rights to send custom requests, thereby enabling them to execute arbitrary operating system commands...

9.1CVSS6.1AI score0.00819EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

Apache Camel 安全漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern and allows routing and mediation rules to be configured...

9.8CVSS6.5AI score0.01425EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

Vaadin Flow 安全漏洞

Vaadin Flow is an open-source application developed by Vaadin. It is a Java framework for the Vaadin platform, used to build modern websites that are visually appealing, perform well, and satisfy both you and your users. Versions of Vaadin Flow from 23.0.0 to 23.6.9, 24.0.0 to 24.10.3, and 25.0.0...

5.8CVSS5.8AI score0.00117EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

Apache OFBiz 授权问题漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a security vulnerability related to authorization logic. This...

9.8CVSS6.2AI score0.22876EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

TYPO3 Extension Frontend User Registration 安全漏洞

TYPO3 Extension Frontend User Registration is an open-source extension for TYPO3 that handles user registration at the frontend level. There is a security vulnerability in TYPO3 Extension Frontend User Registration. This vulnerability stems from the lack of restrictions on the submission of user...

6.9CVSS5.8AI score0.00352EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Apache OFBiz 注入漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had a vulnerability related to injections. This vulnerability stemmed from...

9.1CVSS5.8AI score0.00454EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

Apache OFBiz 跨站脚本漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had a cross-site scripting vulnerability; this vulnerability was due to imprope...

6.1CVSS5.6AI score0.0044EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Apache OFBiz 安全漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained security vulnerabilities, which were caused by improper input...

6.5CVSS5.8AI score0.00574EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

MLflow 访问控制错误漏洞

MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Version 3.9.0 of MLFlow contains a security vulnerability related to access control. This...

9.6CVSS7.6AI score0.00371EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Apache OFBiz 路径遍历漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had a path traversal vulnerability; this vulnerability stemmed from improper pa...

6.5CVSS5.8AI score0.00684EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.14 views

AutoGPT 代码问题漏洞

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. There were code vulnerabilities in versions 0.1.0 to 0.6.51 of AutoGPT. These vulnerabilities stemmed from the SendEmailBlock function, which accepted parameters for the smtpserver and...

5CVSS5.9AI score0.00304EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

AutoGPT 资源管理错误漏洞

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. In versions 0.4.2 to 0.6.51 of AutoGPT, there was a resource management vulnerability. This vulnerability occurred because the downloadagentfile endpoint created temporary files without...

7.5CVSS5.8AI score0.00396EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

HestiaCP 代码问题漏洞

HestiaCP is a lightweight and powerful control panel suitable for modern networks. Versions 1.9.0 to 1.9.4 of HestiaCP have code vulnerabilities. These vulnerabilities stem from deserialization in the Web terminal component, allowing unauthenticated remote attackers to execute root-level code...

10CVSS6AI score0.01072EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Apache OFBiz 路径遍历漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a path traversal vulnerability. This vulnerability was due to imprope...

6.1CVSS5.7AI score0.00588EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Apache OFBiz 安全漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained security vulnerabilities, which were caused by improper handling of...

6.5CVSS5.8AI score0.00541EPSS
Exploits0References1
Total number of security vulnerabilities195539