Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

Nordex N149/4.0-4.5 Wind Turbine Web Server SQL注入漏洞

The Nordex N149/4.0-4.5 Wind Turbine Web Server is a web server component developed by the German company Nordex, used for remote monitoring and management of the Nordex N149 wind turbine system. The 4.0 version of the Nordex N149/4.0-4.5 Wind Turbine Web Server has a SQL injection vulnerability...

8.8CVSS6.2AI score0.00343EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.9 views

oinone-pamirs 注入漏洞

Oinone-Pamirs is an AI-driven low-code development framework developed by Oinone. Versions of Oinone-Pamirs 7.2.0 and earlier had a SQL injection vulnerability. This vulnerability stems from the queryListByWrapper interface’s RSQLToSQLNodeConnector.makeVariable function, which allows for SQL...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

REDAXO-AddOn: MyEvents SQL注入漏洞

REDAXO-AddOn: MyEvents is a multilingual event management plugin developed by Joachim Wendenburg. Version 2.2.1 of REDAXO-AddOn: MyEvents contains an SQL injection vulnerability. This vulnerability arises from injecting SQL code through the myeventsid parameter, potentially allowing authenticated...

7.1CVSS5.9AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

GitBucket 访问控制错误漏洞

GitBucket is an open-source Git code hosting platform based on Scala. Version 4.23.1 of GitBucket contains a vulnerability related to access control. This vulnerability stems from the generation of weak secret tokens and the insecure file upload feature, which may allow unauthenticated attackers ...

9.8CVSS6.1AI score0.00589EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.14 views

Joomla JoomOCShop 跨站请求伪造漏洞

Joomla JoomOCShop is an open-source extension for Joomla that supports the integration of Joomla and OpenCart. Version 1.0 of Joomla JoomOCShop contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, which may allow attackers to perform...

5.3CVSS5.7AI score0.00164EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

Beetl 输入验证错误漏洞

Beetl is a high-speed template engine developed by xiandafu’s individual developers. Versions of Beetl 3.20.2 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from improper handling of special elements within expression language statements in th...

7.5CVSS7.1AI score0.00406EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.9 views

JoomSky Joomla! Component Js Jobs 跨站请求伪造漏洞

JoomSky Joomla! Component Js Jobs is a human resources component developed by JoomSky Corporation, designed for publishing job listings, managing positions, and facilitating job applications on Joomla websites. Version 1.2.0 of JoomSky Joomla! Component Js Jobs contains a cross-site request...

6.9CVSS5.8AI score0.00143EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

H2O 信息泄露漏洞

H2O is an open-source memory platform for distributed, scalable machine learning developed by H2O.ai. Versions of H2O 7402 and earlier contained a vulnerability known as information leakage, which originated from the importFiles function in the PersistNFS.java file within the ImportFile API...

7.5CVSS6AI score0.00497EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.9 views

H2O 安全漏洞

H2O is an open-source memory platform for distributed, scalable machine learning developed by H2O.ai. Versions of H2O such as h2o-3 7402 and earlier contain security vulnerabilities. These vulnerabilities stem from improper access control in the exec function of the AstSetProperty.java file withi...

6.9CVSS6AI score0.0031EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the ogssbisubscriptiondataadd and ogssbinfserviceadd functions i...

6.5CVSS5.8AI score0.00455EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the ogssbiclientadd function in the library/lib/sbi/client.c...

6.5CVSS5.8AI score0.0038EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.14 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from unknown functions in the NRF component’s...

6.5CVSS5.8AI score0.0039EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.14 views

Net::Statsd::Tiny 注入漏洞

Net::Statsd::Tiny is a lightweight StatsD client developed by Robert Rothenberg, which supports the aggregation of multiple metrics. Versions of Net::Statsd::Tiny prior to 0.3.8 had an injection vulnerability. This vulnerability stemmed from the lack of checks for line breaks, colons, or vertical...

8.2CVSS5.8AI score0.00344EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

Crypt::OpenSSL::PKCS12 缓冲区错误漏洞

Crypt::OpenSSL::PKCS12 is an open-source cryptographic extension module developed by Dan Sully for the Perl language. It primarily provides interface calls to the OpenSSL PKCS12 API. Versions of Crypt::OpenSSL::PKCS12 up to 1.94 contained a buffer error vulnerability. This vulnerability arises wh...

9.8CVSS6.3AI score0.00648EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

hive 路径遍历漏洞

Hive is a multi-agent workflow execution engine developed by Aden. Versions of Hive prior to 0.11.0 contained a path traversal vulnerability. This vulnerability stemmed from the readeventstail function in the Delete Request Handler component, where the routessessions.py file exhibited path...

9.1CVSS7.2AI score0.0061EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from the ranuefindbyamfuengapid function in the context.c file of the...

6.5CVSS6.6AI score0.00224EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.10 views

Bylancer Zechat SQL注入漏洞

Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat has a SQL injection vulnerability. This vulnerability stems from the v parameter being subject to SQL injecti...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.15 views

Bert-VITS2 路径遍历漏洞

Bert-VITS2 is a core text-to-speech model developed by Fish Audio. Bert-VITS2 has a path traversal vulnerability, which stems from the getallmodels function in the hiyoriUI.py file within the Model Handler component. Attackers could potentially exploit this vulnerability remotely...

7.5CVSS7.1AI score0.00611EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

Investintech SlimPDF Reader 缓冲区错误漏洞

Investintech SlimPDF Reader is a free PDF reader and viewer provided by the Canadian company Investintech. Versions of Investintech SlimPDF Reader 2.0.13 and earlier contain a buffer error vulnerability. This vulnerability stems from a stack buffer overflow in the sub3B4610 function within the...

7.5CVSS6.9AI score0.00261EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

WordPress plugin Simple Fields 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

6.9CVSS5.9AI score0.00533EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.14 views

Joomla jCart for OpenCart 跨站请求伪造漏洞

Joomla jCart for OpenCart is an open-source extension that integrates Joomla with OpenCart. It’s a e-commerce shopping cart extension. Version 2.3.0.2 of Joomla jCart for OpenCart contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery,...

6.9CVSS5.7AI score0.00191EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.14 views

TP-Link TL-WR720N 跨站请求伪造漏洞

The TP-Link TL-WR720N is a home wireless router by TP-Link Corporation, which supports wireless network sharing and routing functions. The TP-Link TL-WR720N has a cross-site request forgery vulnerability. This vulnerability arises from cross-site request forgery attacks, allowing attackers to...

5.3CVSS5.8AI score0.0018EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

H3C Magic B3 缓冲区错误漏洞

H3C Magic B3 is a wireless router produced by H3C Corporation in China. The H3C Magic B3 100R002 and earlier versions had a buffer overflow vulnerability. This vulnerability stemmed from improper handling of the parameter “param” in the UpdateWanParams function within the /goform/aspForm file,...

8.6CVSS7.6AI score0.0048EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

Open5GS 缓冲区错误漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain a buffer error vulnerability. This vulnerability stems from the reuse of a resource after it has been released in the...

6.5CVSS5.9AI score0.00367EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.13 views

WordPress plugin Peugeot Music 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.8CVSS5.9AI score0.00515EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

Alloksoft AVI DivX MPEG to DVD Converter 安全漏洞

Alloksoft AVI DivX MPEG to DVD Converter is a multimedia conversion tool developed by Alloksoft Corporation, capable of converting video formats such as AVI, DivX, and MPEG, as well as creating DVDs. Version 2.6.1217 of Alloksoft AVI DivX MPEG to DVD Converter contains a security vulnerability...

8.6CVSS6.5AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.10 views

Kalcaddle Kodbox 注入漏洞

Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle. Versions of Kalcaddle Kodbox prior to 1.64 have a injection vulnerability. This vulnerability stems from the improper handling of the parameter fmpegBin in the parseVideoInfo function of t...

6.5CVSS6.6AI score0.01182EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

PublicCMS 加密问题漏洞

PublicCMS is an open-source content management system CMS developed by PublicCMS Company in China using the Java language. Version PublicCMS 5.202506.d contains a security vulnerability related to encryption. This vulnerability stems from the getSignKey function in the...

6.9CVSS6AI score0.00281EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from the ogssbinfinstancesetid function in the...

6.5CVSS5.8AI score0.0038EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.14 views

Bylancer Zechat SQL注入漏洞

Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat has a SQL injection vulnerability. This vulnerability stems from SQL injections in the hashtag parameter,...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.10 views

Bylancer Zechat 跨站请求伪造漏洞

Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat contains a cross-site request forgeing vulnerability. This vulnerability allows attackers to bypass anti-CSRF...

5.4CVSS5.7AI score0.00145EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

WordPress plugin WP with Spritz 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.7CVSS5.9AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

Bert-VITS2 路径遍历漏洞

Bert-VITS2 is a core text-to-speech model developed by Fish Audio. Bert-VITS2 has a path traversal vulnerability. This vulnerability stems from the improper handling of the datadir parameter in the generateconfig function of the Gratuit Interface component, resulting in path traversal. Attackers...

7.5CVSS7.1AI score0.00512EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

oinone-pamirs 路径遍历漏洞

Oinone-Pamirs is an open-source AI-driven low-code development framework by Oinone. Versions of Oinone-Pamirs 7.2.0 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the request.getParameter function in the RestController component’s LocalFileClient.java file,...

4.3CVSS5.8AI score0.00216EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

PublicCMS 安全漏洞

PublicCMS is an open-source content management system CMS developed in Java by PublicCMS Company in China. Version Sanluan PublicCMS 5.202506.d contains a security vulnerability. This vulnerability stems from a business logic error in the...

6.9CVSS6.7AI score0.00331EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

Vercel AI SDK 资源管理错误漏洞

Vercel AI SDK is a JavaScript SDK provided by Vercel that supports the integration of large language models, streaming responses, and AI application development. Vercel AI SDK versions 3.0.97 and earlier contain a resource management vulnerability. This vulnerability stems from the functions...

6.5CVSS5.8AI score0.00561EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.10 views

CAAL 代码问题漏洞

CAAL is a self-hosted voice assistant developed by CoreWorxLab, ensuring data and keys are secure. Versions of CAAL 1.6.0 and earlier contain code vulnerabilities. These vulnerabilities stem from unknown functions in the src/caal/webhooks.py file within the test-hass endpoint, which involve...

7.5CVSS7.2AI score0.00309EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

ACL Analytics 代码注入漏洞

ACL Analytics is a data analysis platform provided by ACL Corporation, which supports audit analysis, data mining, and risk monitoring. Versions 11.x to 13.0.0.579 of ACL Analytics have a code injection vulnerability. This vulnerability stems from the use of the EXECUTE function, which may allow...

9.8CVSS6.2AI score0.00576EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

WordPress plugin Google Drive 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.7CVSS5.9AI score0.00641EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.9 views

oinone-pamirs 输入验证错误漏洞

Oinone-Pamirs is an AI-driven low-code development framework developed by Oinone. Versions of Oinone-Pamirs 7.2.0 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from a deserialization issue in the JsonUtils.parseMap function within the...

6.5CVSS6.7AI score0.00242EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

Metasoft MetaCRM 访问控制错误漏洞

Metasoft MetaCRM is a customer relationship management system software developed by Metasoft, a Chinese company. Versions of Metasoft MetaCRM 6.4.0 Beta06 and earlier contained a access control error vulnerability. This vulnerability stemmed from an improper handling of the File parameter by an...

7.5CVSS7.1AI score0.00278EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.21 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the ogssbidiscoveryoptionparseplmnlist function...

6.5CVSS5.8AI score0.0039EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

Kilo Code 信息泄露漏洞

Kilo Code is an open-source AI coding assistant developed by Kilo Code. Versions of Kilo Code 7.0.47 and earlier contained a vulnerability known as information leakage. This vulnerability stemmed from improper handling of the parameter KILOCONFIGCONTENT in the Load function of the Environment...

6.5CVSS5.8AI score0.00316EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.14 views

WooCommerce 路径遍历漏洞

WooCommerce is an open-source e-commerce platform built on WordPress by WooCommerce Inc. Version 3.3.6 of WooCommerce has a path traversal vulnerability. This vulnerability allows any registered user to submit unescaped file names through the deleteexportfile AJAX operation, potentially leading t...

8.7CVSS5.8AI score0.00613EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.10 views

PublicCMS 安全漏洞

PublicCMS is an open-source content management system CMS developed by PublicCMS Company in China using the Java language. Version Sanluan PublicCMS 5.202506.d contains a security vulnerability. This vulnerability stems from the improper handling of the templateContent parameter in the execute...

6.5CVSS6.5AI score0.00232EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

Zenar Content Management System 跨站脚本漏洞

Zenar Content Management System is a set of open-source content management systems developed by the Zenar team. The Zenar Content Management System has a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting, which allows unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.10 views

H2O 输入验证错误漏洞

H2O is an open-source memory platform for distributed, scalable machine learning developed by H2O.ai. Versions of H2O 7402 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from a deserialization issue in the importBinaryModel function of the...

9.8CVSS7.1AI score0.00409EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.32 views

Kilo Code 路径遍历漏洞

Kilo Code is an open-source AI coding assistant developed by Kilo Code. Versions of Kilo Code 7.0.47 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of parameters File in the Bun.file function within the File Diff API Endpoint component...

6.5CVSS5.8AI score0.0058EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

Z-BlogPHP 安全漏洞

Z-BlogPHP is an open-source PHP-based blog system developed by the Z-Blog community. Version Z-BlogPHP 1.7.4.3430 contains a security vulnerability. This vulnerability stems from an improper authorization in the CheckComment function of the commend Approval Handler component’s csystemevent.php...

6.5CVSS6.6AI score0.00201EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.14 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the ogstimeradd function in the nausf-handler.c file within the...

6.5CVSS5.8AI score0.00372EPSS
Exploits1References2
Total number of security vulnerabilities195539