Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

CtrlPanel.gg 跨站脚本漏洞

CtrlPanel.gg is an open-source hosting service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg 1.1.1 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the content of responses in the ticket reply system was not...

8.7CVSS5.6AI score0.00349EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

CtrlPanel.gg 操作系统命令注入漏洞

CtrlPanel.gg is an open-source hosting service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg 1.1.1 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the Web installer performing the install.lock check...

10CVSS6.2AI score0.00821EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

CtrlPanel.gg 访问控制错误漏洞

CtrlPanel.gg is an open-source hosting service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg 1.1.1 and earlier contained a access control vulnerability. This vulnerability stemmed from multiple administrator controllers exposing unauthorized access to DataTable...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Joplin 安全漏洞

Joplin is an open-source note-taking and to-do application developed by Laurent Cozic. Joplin versions 3.6.14 and earlier contained a security vulnerability. This vulnerability stemmed from insufficient length validation in the title input function, allowing attackers to exploit it by inserting...

5.5CVSS5.8AI score0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

faraday 代码问题漏洞

Faraday is an open-source HTTP client library developed by LostIsland. There are code vulnerabilities in the Faraday version 2.0.0 to 2.14.1. These vulnerabilities stem from the fact that requests passed as URI objects still allow protocol-related host overrides, leading to request forgery attack...

6.5CVSS5.9AI score0.00272EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.14 views

KiTTY 缓冲区错误漏洞

KiTTY is a lightweight telnet and WindowsSSH client. Versions of Kitty 0.46.2 and earlier contained a buffer error vulnerability, which was caused by an unsigned 32-bit arithmetic integer overflow in handlecomposecommand. This overflow led to excessive reading or writing operations of the heap...

9.9CVSS6AI score0.00286EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Sensorweb ScadaBR 信任管理问题漏洞

Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation for creating automated data acquisition and monitoring applications. Version ScadaBR 1.2.0 contains a vulnerability related to trust management. This vulnerability arises from the use of hard-coded credentials,...

9.8CVSS5.8AI score0.00387EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

Sensorweb ScadaBR 访问控制错误漏洞

Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation for creating automated data acquisition and monitoring applications. Version 1.2.0 of Sensorweb ScadaBR contains an access control vulnerability. This vulnerability stems from the lack of authentication for...

9.1CVSS6AI score0.00448EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Sensorweb ScadaBR 跨站请求伪造漏洞

Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation for creating automated data acquisition and monitoring applications. Version 1.2.0 of Sensorweb ScadaBR contains a vulnerability related to cross-site request forgeing. This vulnerability arises when attackers...

8.8CVSS5.7AI score0.00178EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Windmill 安全漏洞

Windmill is a low-code development platform open source by Windmill Labs, Inc. Versions of Windmill prior to 1.703.2 contained security vulnerabilities. These vulnerabilities stemmed from the binding and mounting of directories under /etc in the nsjail sandbox configuration file without any...

8.6CVSS5.9AI score0.0024EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.14 views

NanoMQ 代码问题漏洞

NanoMQ is an open-source IoT edge platform broker developed by EMQ in the United States. Versions of NanoMQ prior to 0.24.10 contained code vulnerabilities. These vulnerabilities stemmed from a flaw during the client’s MQTT session recovery when cleanstart=0: the ppeer callback function in the...

5.9CVSS5.9AI score0.00401EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.14 views

KiTTY 安全漏洞

KiTTY is a lightweight telnet and Windows SSH client. Kitty versions 0.46.2 and earlier have a security vulnerability caused by a heap buffer overflow in loadimagedata. This vulnerability allows processes that write to the terminal stdin to trigger a crash through the APC graphical protocol...

8.8CVSS6AI score0.00367EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

terrascan 安全漏洞

Trenescan is an open-source infrastructure code static security analysis tool developed by Tenable. Versions of Trenescan 1.18.3 and earlier contain security vulnerabilities. These vulnerabilities stem from server-side request forgeing vulnerabilities in the external URL parsing of uploaded IaC...

9.2CVSS5.9AI score0.00479EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

HestiaCP 安全漏洞

HestiaCP is an open-source control panel designed for modern networks, offering a lightweight yet powerful solution. Versions 1.2.0 to 1.9.4 of HestiaCP contain security vulnerabilities. These vulnerabilities stem from an IP spoofing vulnerability, allowing unauthorized remote attackers to bypass...

8.7CVSS5.9AI score0.00241EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

TYPO3 Extension Site Crawler 代码问题漏洞

TYPO3 Extension Site Crawler is an open-source extension for TYPO3 that handles site crawling and indexing tasks. There are code vulnerabilities in TYPO3 Extension Site Crawler; these vulnerabilities stem from the direct deserialization of the X-T3Crawler-Meta response header, which may lead to...

7.1CVSS6.1AI score0.00389EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

TYPO3 Extension Faceted Search 代码问题漏洞

TYPO3 Extension Faceted Search is an open-source extension for TYPO3 that enables faceted searching. TYPO3 Extension Faceted Search has code-related vulnerabilities. These vulnerabilities stem from the OOXML parsing in the file indexer, where external entity parsing is not disabled. This could...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

EspoCRM 跨站脚本漏洞

EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. Versions of EspoCRM 9.3.3 and earlier contained a cross-site scripting vulnerability. This...

6.8CVSS5.7AI score0.00211EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Apache OFBiz 代码注入漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had a code injection vulnerability, which originated from a code injection...

6.5CVSS5.9AI score0.00497EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.8 views

Apache OFBiz 代码问题漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained code vulnerabilities, which were caused by server-side request forgei...

7.5CVSS5.9AI score0.0046EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.15 views

ExifReader 安全漏洞

ExifReader is a image metadata extraction library developed by Mattias Wallander. Versions of ExifReader prior to 4.39.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size restrictions when decompressing PNG zTXt metadata, which could lead to the generation of...

6.9CVSS5.8AI score0.00464EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.8 views

MantisBT 安全漏洞

MantisBT is a set of web-based open-source defect tracking systems developed by the MantisBT team. This system provides project management and defect tracking services through web-based operations. Versions 2.28.0 and 2.28.1 of MantisBT contain security vulnerabilities. These vulnerabilities stem...

5.3CVSS5.8AI score0.0034EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Mullvad VPN desktop and mobile app 安全漏洞

The Mullvad VPN desktop and mobile app is an open-source VPN client application developed by Mullvad VPN. Versions of the Mullvad VPN desktop and mobile app prior to 2026.1 contained a security vulnerability. This vulnerability stemmed from the installer’s failure to verify the validity of the...

7.8CVSS5.8AI score0.00107EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Drupal Colorbox Inline 跨站脚本漏洞

Drupal Colorbox Inline is a Drupal pop-up display module developed by the Drupal company. Versions of Drupal Colorbox Inline prior to 2.1.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input validation during web page generation, which could lead to...

5.4CVSS5.6AI score0.00177EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Drupal Obfuscate 跨站脚本漏洞

Drupal Obfuscate is a Drupal module from the Drupal community. Versions of Drupal Obfuscate prior to 2.0.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input validation during the web page generation process, which could lead to cross-site scripting...

6.1CVSS5.6AI score0.00196EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Drupal core 安全漏洞

Drupal Core is a free, open-source content management system developed in PHP by the Drupal community. There are security vulnerabilities in Drupal Core, which stem from improper control of dynamic object attribute determination, potentially leading to object injection attacks. The following...

6.6CVSS5.8AI score0.00399EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.14 views

Drupal core 跨站脚本漏洞

Drupal Core is a free, open-source content management system developed in PHP by the Drupal community. Drupal Core has a cross-site scripting vulnerability, which stems from improper input during the web page generation process, potentially leading to cross-site scripting attacks. The following...

6.1CVSS5.6AI score0.00238EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

Mantis Bug Tracker 信息泄露漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker 2.28.1 and earlier contained a vulnerability related to information leakage. This vulnerability stemmed from allowing users to list and download attachments that they had...

5.3CVSS5.8AI score0.00362EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Mantis Bug Tracker 信息泄露漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker 2.28.1 and earlier contained a vulnerability related to information leakage. This vulnerability occurred due to the use of a custom POST request through the private issue...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

CtrlPanel-gg 安全漏洞

CtrlPanel-gg is an open-source, easy-to-use, and free billing solution developed by CtrlPanel-gg. Versions of CtrlPanel-gg 1.1.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the datatable method in the administrator role management interface, which directly insert...

4.8CVSS5.7AI score0.00216EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Drupal Node View Permissions 代码问题漏洞

Drupal Node View Permissions is a Drupal content access control module developed by the Drupal company. There is a code vulnerability in Drupal Node View Permissions, which stems from improper checks for exceptional or special cases, potentially leading to forced browsing. The following versions...

3.7CVSS5.9AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

Apache OFBiz 安全漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained security vulnerabilities, which were caused by the use of hard-coded...

9.1CVSS5.8AI score0.00421EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Apache OFBiz 安全漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained security vulnerabilities, which were caused by improper handling of...

6.5CVSS5.8AI score0.00487EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1 contain security vulnerabilities. These...

6CVSS5.8AI score0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

Joplin 信息泄露漏洞

Joplin is an open-source note-taking and to-do application developed by Laurent Cozic. Joplin versions 3.5.2 and earlier contained a vulnerability that led to information leakage. This vulnerability originated from a logical error in the delta API, allowing recipients of shared notes to download...

5.7CVSS5.8AI score0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Sensorweb ScadaBR 操作系统命令注入漏洞

Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation for creating automated data acquisition and monitoring applications. Version 1.2.0 of Sensorweb ScadaBR contains a vulnerability related to operating system command injection. This vulnerability arises from OS...

9.8CVSS5.9AI score0.01317EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

TYPO3 Extension News system SQL注入漏洞

TYPO3 Extension News system is an open-source extension for TYPO3 that allows for the publishing of news and content. The TYPO3 Extension News system has a SQL injection vulnerability, which stems from insufficient user input cleaning. This vulnerability could allow unauthenticated attackers to...

8.2CVSS6AI score0.00386EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.8 views

Apache OFBiz 代码注入漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a code injection vulnerability. This vulnerability stemmed from...

8.8CVSS5.9AI score0.0055EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.19 views

apscheduler 安全漏洞

apscheduler is a Python task scheduling and queueing system developed by Alex Grönholm. There are security vulnerabilities in the apscheduler 3.10.x version and 4.0.0a5 version. These vulnerabilities stem from the unmarshalobject function in JSONSerializer and CBORSerializer, which allows arbitra...

9.8CVSS6.3AI score0.0081EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

TYPO3 Extension Faceted Search 安全漏洞

TYPO3 Extension Faceted Search is an open-source extension for TYPO3 that enables faceted searching. There is a security vulnerability in TYPO3 Extension Faceted Search. This vulnerability stems from the additionaltables configuration in the page and ttcontent indexers, which allows arbitrary tab...

5.9CVSS5.9AI score0.00318EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.14 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 9.28.0, there were security...

5.3CVSS5.8AI score0.00413EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Mozilla Firefox多款产品 访问控制错误漏洞

Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...

9.3CVSS5.8AI score0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Mozilla多款产品 安全漏洞

Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...

8.6CVSS5.8AI score0.00344EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

GLPI 安全漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases to manage various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

5.1CVSS5.8AI score0.00217EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

OpenHarmony 安全漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contain security vulnerabilities, and attackers can exploit these vulnerabilities to cause denial-of-service attacks...

3.3CVSS5.8AI score0.00094EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Apache OFBiz 访问控制错误漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a security vulnerability related to access control, which stemmed fro...

5.3CVSS5.8AI score0.00416EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a security vulnerability. This vulnerability stemmed from insufficient execution of Service Worker policies, which could allow remote attackers to bypass the same-origin policy...

4.3CVSS5.9AI score0.00224EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. In versions prior to 148.0.7778.179, there was a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation, which could allow remote attackers to exploit the system by leaking cross-source data...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a security vulnerability. This vulnerability stemmed from insufficient execution of the ServiceWorker strategy, which could allow remote attackers to leak cross-source data through...

4.3CVSS5.9AI score0.00218EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after QUIC release, which could allow remote attackers to execute arbitrary code within a...

8.8CVSS6.2AI score0.00365EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

billabear 安全漏洞

Billabear is an open-source self-hosted subscription management and billing system developed by Billabear. There is a security vulnerability in Billabear, which stems from the fact that the names of user-controlled metric filters and aggregation properties in the EventRepository are directly...

8.8CVSS6.1AI score0.00365EPSS
Exploits0References2
Total number of security vulnerabilities195539