Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

Microsoft Azure Resource Manager和Microsoft Azure Local 授权问题漏洞

Microsoft Azure Resource Manager and Microsoft Azure Local are both products of Microsoft Corporation in the United States. Microsoft Azure Resource Manager is a service for deploying and managing resources. Microsoft Azure Local is a hybrid cloud infrastructure platform. There are authorization...

10CVSS5.8AI score0.00494EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.12 views

NOVUS Automation AirGate 4G firmware 安全漏洞

NOVUS Automation AirGate 4G firmware is an industrial IoT gateway firmware system developed by NOVUS Automation in Brazil. Version 1.1.16 of NOVUS Automation AirGate 4G firmware contains a security vulnerability. This vulnerability stems from improper endpoint access control in the /uci/get/...

9.1CVSS5.8AI score0.0024EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

HCL Connections 安全漏洞

HCL Connections is a corporate collaboration platform developed by the Indian company HCL. There is a security vulnerability in HCL Connections, which stems from ineffective access control. This vulnerability may allow unauthorized users to update data in certain scenarios...

4.6CVSS5.8AI score0.00122EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.14 views

iCMS 安全漏洞

iCMS is a software application. It is a highly efficient and concise content management system built using PHP and MySQL. iCMS has security vulnerabilities, which stem from authorization bypasses. This could allow attackers to gain unauthorized access by manipulating HTTP redirect headers during...

9.3CVSS5.8AI score0.00254EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.12 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

HSC MailInspector 跨站脚本漏洞

HSC MailInspector is a mail security analysis and filtering system developed by the Brazilian company HSC. Version 5.3.3-7 of HSC MailInspector contains a cross-site scripting vulnerability. This vulnerability arises from the use of alternative or obfuscated JavaScript syntax in user-controlled...

6.1CVSS5.6AI score0.00244EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

FacturaScripts 输入验证错误漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2026 contained a vulnerability related to input validation errors. This vulnerability stemmed from the Plugins::add function not properly verifying the file paths in...

7.2CVSS6.2AI score0.00522EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions 11.5, 11.1.5, 10.13.11, and 11.3.4.0 of Mattermost Plugins contain security vulnerabilities. These...

6.5CVSS5.8AI score0.00228EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

OpENer 缓冲区错误漏洞

OpENer is an open-source industrial Ethernet protocol stack developed by the EIP Stack Group, supporting connections for I/O devices. Version OpENer v2.3-558-g1e99582 contains a buffer error vulnerability. This vulnerability stems from an out-of-bounds read in the CreateCommonPacketFormatStructur...

6.2CVSS6AI score0.00114EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

Thermo Fisher Scientific Torrent Suite Dx 安全漏洞

Thermo Fisher Scientific Torrent Suite Dx is a clinical gene sequencing data analysis platform provided by Thermo Fisher Scientific. Versions of Thermo Fisher Scientific Torrent Suite Dx prior to 5.14.2 contained security vulnerabilities. These vulnerabilities were due to issues with privilege...

8.8CVSS5.8AI score0.0026EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

Open Source Point of Sale 路径遍历漏洞

Open Source Point of Sale is an open-source sales point system based on the Open Source Point of Sale framework. Versions of Open Source Point of Sale 3.4.2 and earlier have a path traversal vulnerability. This vulnerability arises from the operation of the getPicThumb function in the...

5.3CVSS5.9AI score0.0039EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.12 views

DumbAssets 跨站脚本漏洞

DumbAssets is a physical asset tracking and management tool developed by DumbWare. Versions of DumbAssets 1.0.11 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting issue in asset fields. It allowed attackers to create o...

6.1CVSS5.9AI score0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

FreePBX 代码问题漏洞

FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI graphical web-based interface. Versions of FreePBX prior to 16.0.71 and 17.0.6 contained code vulnerabilities. These vulnerabilities stemmed from the backup module failing ...

8.6CVSS6.2AI score0.00896EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.12 views

Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions 11.5, 11.1.5, 10.13.11, and 11.3.4.0 of Mattermost Plugins contain security vulnerabilities. These...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

Perforce P4 代码注入漏洞

Perforce P4 is an enterprise-level version control and code management platform provided by Perforce Corporation. Versions of Perforce P4 prior to 2025.2 Patch 2 contained a code injection vulnerability, which stemmed from issues with the command-line client and could potentially pose security...

7.7CVSS5.9AI score0.00449EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.8 views

Intelbras VIP-1230-D-G4 安全漏洞

The Intelbras VIP-1230-D-G4 is an industrial-grade IP camera from the Brazilian company Intelbras, which supports PoE power supply. The Intelbras VIP-1230-D-G4 V2.800.00IB00C.0.T version has a security vulnerability. This vulnerability stems from the password reset function under /OutsideCmd, and...

5.3CVSS5.8AI score0.00349EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

Edimax BR-6428nS 缓冲区错误漏洞

The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. The Edimax BR-6428NS v41.10 version has a buffer overflow vulnerability. This vulnerability stems from the function formL2TPSetup in the POST Request Handler component, which handles the parameter L2TPUserName and leads to ...

9CVSS7.6AI score0.00573EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.12 views

Dell Live Optics 信任管理问题漏洞

Dell Live Optics is an IT infrastructure analysis and capacity assessment platform developed by the American company Dell. Dell Live Optics has a trust management vulnerability, which stems from improper certificate verification. This vulnerability could allow remote unauthenticated attackers to...

6.8CVSS5.8AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

HSC MailInspector 安全漏洞

HSC MailInspector is a mail security analysis and filtering system developed by the Brazilian company HSC. Version 5.3.3-7 of HSC MailInspector contains a security vulnerability. This vulnerability arises from the text parameter used in the endpoint/tap/dw.php script to construct file paths, whic...

7.5CVSS5.8AI score0.00595EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

Projectworlds Hospital Management System 注入漏洞

Projectworlds Hospital Management System is a hospital management system developed by the Austrian company Projectworlds. Version 1.0 of the Projectworlds Hospital Management System has a SQL injection vulnerability. This vulnerability arises from the function getAllPatientDetail in the GET...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

Basamak DernekWeb 跨站脚本漏洞

Basamak DernekWeb is an association and membership management system developed by the Turkish company Basamak. Versions of Basamak DernekWeb prior to 30122025 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during the web page generation process, whi...

8.8CVSS5.7AI score0.00303EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.12 views

BigBlueButton 跨站脚本漏洞

BigBlueButton is an open-source web conferencing system developed by the BigBlueButton community. Versions of BigBlueButton prior to 3.0.19 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to clean up user input in public chat areas during recording and...

6.5CVSS5.6AI score0.00257EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

Joplin 安全漏洞

Joplin is an open-source note-taking and to-do application developed by Laurent Cozic. Versions of Joplin prior to 3.5.7 contained a security vulnerability. This vulnerability stemmed from path traversal vulnerabilities in the importer; the OneNote converter did not clean up embedded file names...

8.2CVSS5.8AI score0.00206EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.12 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost 11.5.1 and earlier, including 11.5.x, have security vulnerabilities. These vulnerabilities stem from the lack of verification of channel members when processing AI-assisted...

6.5CVSS5.8AI score0.00205EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.5.1 and earlier of the 11.5.x series, as well as versions 10.11.13 and earlier of the 10.11.x series, and 11.4.3 and earlier of the 11.4.x series. Thes...

4.3CVSS5.9AI score0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.14 views

lwip 缓冲区错误漏洞

lwIP is an open-source implementation of the TCP/IP protocol stack developed by lwIP Developers. Versions of lwIP 2.2.1 and earlier contained a buffer error vulnerability. This vulnerability originated from the function snmpparseinboundframe in the SNMPv3 USM Handler component. The operation of t...

10CVSS7.5AI score0.01016EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

Summarize 代码问题漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 have code vulnerabilities. These vulnerabilities stem from issues with the hover summary feature, which may allow malicious pages to assign synthetic mouse hover events on...

7.4CVSS5.9AI score0.0033EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

HSC MailInspector 安全漏洞

HSC MailInspector is a mail security analysis and filtering system developed by the Brazilian company HSC. Version 5.3.3-7 of HSC MailInspector contains security vulnerabilities. These vulnerabilities stem from improper control of file paths provided to users. When the...

7.5CVSS5.8AI score0.00372EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There were security vulnerabilities in MongoDB Server versions prior to 7.0...

7.1CVSS5.8AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.16 views

WordPress plugin Ajax Load More 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.1CVSS5.7AI score0.00184EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

Claude HUD 代码问题漏洞

Claude HUD is a Claude Code plugin developed by Jarrod Watts, which displays context usage, tool states, and progress. Versions of Claude HUD prior to 0.0.12 contained code vulnerabilities. These vulnerabilities stemmed from command injection issues, allowing local attackers to execute arbitrary...

7.8CVSS6.5AI score0.0051EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.12 views

Net::Statsd::Lite 注入漏洞

Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.10.0 have a vulnerability due to the setadd method not checking for line breaks, colons, or pipes, which may lead to metric...

7.3CVSS5.8AI score0.00226EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.13 views

amf 安全漏洞

AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the RANConfiguration function in the file ngap/handler.go, which allows null pointer...

5.3CVSS5.8AI score0.00303EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.23 views

MLflow 安全漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of mlflow prior to 3.11.0 contained a security vulnerability. This vulnerability stemmed...

7CVSS7.3AI score0.00193EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

amf 安全漏洞

AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the function UERadioCapabilityCheckResponse in the file ngap/dispatcher.go, which leads to...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.12 views

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from an authorization flaw in the content script’s window.postMessage bridging mechanism, which could allow...

6.1CVSS5.9AI score0.00195EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.13 views

Offline Hospital Management System 安全漏洞

Offline Hospital Management System is a hospital information management system developed by silverplugins21. Version 5.3.0 of Offline Hospital Management System has a security vulnerability. This vulnerability stems from improper configuration of the Electron renderer. By enabling Node.js...

7.3CVSS6.4AI score0.00318EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

chroma 代码注入漏洞

Chroma is an open-source AI data infrastructure tool developed by Chroma. Versions of Chroma 1.0.0 and later have a code injection vulnerability. This vulnerability stems from a pre-authentication code injection issue, allowing unauthenticated attackers to execute arbitrary code on the server by...

10CVSS6.3AI score0.12387EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.16 views

amf 安全漏洞

AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain security vulnerabilities. These vulnerabilities stem from unknown functions in the NGAP Message Handler component, specifically in the file ngap/handler.go, which...

5.3CVSS5.8AI score0.00303EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.10 views

Alloksoft Fast AVI MPEG Splitter 安全漏洞

Alloksoft Fast AVI MPEG Splitter is a multimedia processing tool developed by Alloksoft Corporation, capable of quickly splitting and trimming video files in formats such as AVI and MPEG. Version 1.2 of Alloksoft Fast AVI MPEG Splitter contains a security vulnerability. This vulnerability stems...

8.6CVSS6.4AI score0.00148EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

DataEase 注入漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. Version 2.10.20 of DataEase contains a injection vulnerability. This...

7.2CVSS5.9AI score0.00387EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.13 views

EMQX 竞争条件问题漏洞

EMQX is an MQTT message server provided by the EMQX company. Versions of EMQX 6.2.0 and earlier contained a race condition vulnerability. This vulnerability stemmed from unknown functions in the QoS 2 PUBLISH Packet Handler component, specifically the emqxpersistentsessionds.erl file. Attackers...

3.1CVSS5.6AI score0.00282EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.16 views

AstrBot 路径遍历漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework developed by AstrBot. Versions of AstrBot 4.23.5 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of the postfile function in the File Upload Handler component...

6.5CVSS6.5AI score0.00358EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

qs 代码问题漏洞

QS is a JavaScript library developed by Jordan Harband. Versions of QS from 6.11.1 to 6.15.2 had code vulnerabilities. This vulnerability occurred when calling qs.stringify on an array containing null or undefined, with arrayFormat set to comma and encodeValuesOnly set to true. This resulted in a...

6.3CVSS5.9AI score0.00351EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

Crypt::OpenSSL::PKCS12 安全漏洞

Crypt::OpenSSL::PKCS12 is an open-source cryptographic extension module developed by Dan Sully for the Perl language. It primarily provides functionality for calling the OpenSSL PKCS12 API. Versions of Crypt::OpenSSL::PKCS12 up to 1.94 contained security vulnerabilities. These vulnerabilities...

9.8CVSS5.8AI score0.00447EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.9 views

PublicCMS 授权问题漏洞

PublicCMS is an open-source content management system CMS developed in Java by PublicCMS Company in China. Version 5.202506.d of PublicCMS has a vulnerability related to authorization. This vulnerability stems from the execute function in the Trade Address Query Handler component, specifically in...

6.9CVSS6AI score0.00403EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

AI SDK 命令注入漏洞

AI SDK is a TypeScript AI toolkit open-sourced by Vercel. Versions of AI SDK 3.0.97 and earlier have a command injection vulnerability. This vulnerability stems from the run function in the PR Branch Name Interpolation component, where operating system commands can be injected, potentially allowi...

7.5CVSS6AI score0.04261EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

Vercel AI SDK 代码问题漏洞

Vercel AI SDK is a JavaScript SDK developed by Vercel that supports the integration of large language models, streaming responses, and AI application development. Versions of Vercel AI 3.0.97 and earlier contain code vulnerabilities. These vulnerabilities stem from the validateDownloadUrl functio...

7.5CVSS7.2AI score0.00385EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

Z-BlogPHP 安全漏洞

Z-BlogPHP is an open-source PHP-based blog system developed by the Z-Blog community. Version Z-BlogPHP 1.7.4.3430 contains a security vulnerability. This vulnerability stems from an improper authorization in the CheckComment function of the commend Approval Handler component’s csystemevent.php...

6.5CVSS6.6AI score0.00201EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.14 views

Flexense VX Search 安全漏洞

Flexense VX Search is a rule-based automatic file search solution provided by Flexense Corporation. It allows users to search for files based on file type, category, file name, size, location, extension, regular expressions, text and binary patterns, creation, modification, and last access dates,...

8.6CVSS6.2AI score0.00148EPSS
Exploits0References2
Total number of security vulnerabilities195539