Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/17 12:0 a.m.13 views

Joomla! extension EkRishta SQL注入漏洞

The Joomla! extension EkRishta is an open-source community extension designed to provide Joomla websites with functions for matchmaking and marriage-related services. Version 2.10 of the Joomla! extension EkRishta contains a SQL injection vulnerability. This vulnerability stems from persistent...

8.8CVSS5.8AI score0.00317EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.11 views

ProcessMaker 安全漏洞

ProcessMaker is a web-based system developed by ProcessMaker Inc. in the PHP language, used for business process management BPM and workflow management. Version 3.5.4 of ProcessMaker contains a security vulnerability. This vulnerability stems from a local file inclusion flaw, which allows...

6.9CVSS5.9AI score0.00776EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.9 views

Home Assistant 路径遍历漏洞

Home Assistant is an open-source family automation management system developed by Home Assistant. This system is primarily used to control household automation devices. Version 1.10.0 of Home Assistant contains a path traversal vulnerability. This vulnerability stems from path traversal issues,...

8.7CVSS5.8AI score0.00498EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.15 views

OpenSolution Quick.CMS 跨站脚本漏洞

OpenSolution Quick.CMS is a lightweight website content management system developed by the Polish company OpenSolution. Version 6.7 of OpenSolution Quick.CMS contains a cross-site scripting vulnerability. This vulnerability stems from a cross-site scripting flaw in the sliders form, allowing...

5.4CVSS5.9AI score0.00178EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.13 views

WordPress plugin Backup and Restore 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.9AI score0.00397EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.10 views

Social & Mobile Color Notes 安全漏洞

Social & Mobile Color Notes is a note application developed by Social & Mobile that supports text recording, task management, and color categorization. Version 1.4 of Social & Mobile Color Notes contains a security vulnerability. This vulnerability stems from a denial-of-service issue, which coul...

8.7CVSS5.8AI score0.00284EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.12 views

WordPress plugin Supsystic Membership SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.12 views

OKI sPSV Port Manager 代码问题漏洞

OKI sPSV Port Manager is a network printing management tool developed by OKI Corporation in Japan. It supports the configuration of printing ports, device connections, and the management of printing services. Version 1.0.41 of OKI sPSV Port Manager contains a code vulnerability. This vulnerabilit...

8.5CVSS6AI score0.00114EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.13 views

bloofoxCMS 跨站请求伪造漏洞

BloofoxCMS is a PHP-based content management system developed by the BloofoxCMS team. Version 0.5.2.1 of BloofoxCMS has a cross-site request forgeing vulnerability. This vulnerability allows attackers to trick users into accessing malicious pages and performing administrative operations. Attacker...

6.9CVSS5.8AI score0.00146EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.12 views

Yerootech iDS6 DSSPro Digital Signage System 安全漏洞

The Yerootech iDS6 DSSPro Digital Signage System is a digital signage management system developed by Yerootech that supports the distribution of multimedia content and centralized control. Version 6.2 of the Yerootech iDS6 DSSPro Digital Signage System contains a security vulnerability. This...

9.8CVSS5.8AI score0.00429EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.11 views

LayerBB SQL注入漏洞

LayerBB is a set of small-scale forum software. Version 1.1.4 of LayerBB contains an SQL injection vulnerability. This vulnerability stems from SQL injection issues, which may allow unauthenticated attackers to inject SQL code through the searchquery parameter, thereby manipulating database queri...

8.8CVSS5.9AI score0.00237EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.10 views

Tonec Fze Internet Download Manager 安全漏洞

Tonec Fze Internet Download Manager Idm is a tool developed by the American company Tonec Fze that can increase download speed by up to 5 times and helps to resume and schedule downloads. Version 6.38.12 of Tonec Fze Internet Download Manager contains a security vulnerability. This vulnerability...

6.9CVSS6AI score0.00147EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.15 views

Flexense VX Search 代码问题漏洞

Flexense VX Search is a rule-based automatic file search solution provided by Flexense Corporation. It allows users to search for files based on file type, category, file name, size, location, extension, regular expressions, text and binary patterns, creation, modification, and last access dates,...

8.5CVSS6.2AI score0.00121EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.12 views

Net::Statsd::Lite 注入漏洞

Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.9.0 have a injection vulnerability. This vulnerability arises from the lack of checks for line breaks, colons, or vertical bars in...

6.5CVSS5.8AI score0.00306EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.10 views

DENX Software Engineering Das U-Boot 访问控制错误漏洞

DENX Software Engineering's Das U-Boot is a general-purpose bootloader developed by the German company DENX Software Engineering. Versions of DENX Software Engineering's Das U-Boot prior to version 2026.04 contained an access control vulnerability. This vulnerability stemmed from the omission of...

8.2CVSS5.8AI score0.00126EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.8 views

jsondiffpatch 安全漏洞

jsondiffpatch is a software developed by Benjamín Eidelman, designed for differentiating and patching JavaScript object functions. Versions of jsondiffpatch prior to 0.7.6 contained security vulnerabilities. These vulnerabilities stemmed from the lack of restrictions on access to special properti...

8.8CVSS5.8AI score0.00378EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.11 views

jsondiffpatch 跨站脚本漏洞

jsondiffpatch is a software developed by Benjamín Eidelman, designed for differentiating and patching JavaScript object functions. Versions of jsondiffpatch prior to 0.7.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of JSON values and property...

6.1CVSS5.6AI score0.00191EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.13 views

Ocproducts Composr CMS 跨站脚本漏洞

Ocproducts Composr CMS is an open-source content management system CMS developed by the British company Ocproducts, written in PHP language. Version Ocproducts Composr CMS 10.0.34 has a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site script in the banner...

6.4CVSS5.6AI score0.00239EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.11 views

Jsonpickle 代码注入漏洞

Jsonpickle is a software developed by the individual who created Jsonpickle, designed for Python to serialize Python objects into JSON format. Version 2.0.0 of jsonpickle contains a code injection vulnerability. This vulnerability stems from deserialization issues, allowing attackers to execute...

9.8CVSS6.2AI score0.00696EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.9 views

EgavilanMedia PHPCRUD SQL注入漏洞

EgavilanMedia PHPCRUD is a PHP development framework provided by EgavilanMedia that supports database operations such as creation, deletion, modification, and viewing, along with rapid generation of backend management pages. Version 1.0 of EgavilanMedia PHPCRUD contains a SQL injection...

8.8CVSS6AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.12 views

Syncplify Server 代码问题漏洞

Syncplify Server is an FTP server provided by the Syncplify company. Version 5.0.37 of Syncplify Server has a code vulnerability. This vulnerability stems from an unreferenced service path within the SMWebRestServicev5 service. This could allow local attackers to exploit the unreferenced binary...

8.5CVSS5.9AI score0.00114EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.10 views

WordPress plugin Sticky Notes Color Widgets 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.7CVSS5.8AI score0.00284EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.13 views

WordPress plugin HS Brand Logo Slider 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS6.4AI score0.00541EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.12 views

Textpattern CMS 跨站请求伪造漏洞

TextPattern CMS is a content management system based on PHP developed by the TextPattern team. Version 4.9.0-dev of TextPattern CMS has a cross-site request forgeing vulnerability. This vulnerability stems from a remote code execution flaw, allowing authenticated attackers to use the plugin uploa...

8.8CVSS6.5AI score0.00315EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.10 views

WordPress plugin Anti-Malware Security and Bruteforce Firewall 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.7CVSS5.9AI score0.00652EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.12 views

WordPress plugin Multicollab: Content Team Collaboration and Editorial Workflow 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.9AI score0.00237EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.12 views

IObit Advanced SystemCare Service 代码问题漏洞

IObit Advanced SystemCare Service is a Windows background service component developed by IObit that supports system optimization, performance cleanup, and security maintenance. Version 13.0.0.157 of IObit Advanced SystemCare Service contains a code vulnerability. This vulnerability stems from an...

8.5CVSS6AI score0.00116EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.11 views

wordpress plugin Supsystic Backup 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.9CVSS5.9AI score0.00673EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.11 views

WordPress plugin Buddypress 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.6AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.13 views

FUEL CMS SQL注入漏洞

Fuel CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.4.13 of Fuel CMS has a SQL injection vulnerability. This vulnerability stems from a blind SQL injection flaw, allowing authenticated attackers to manipulate database queries throug...

7.1CVSS5.9AI score0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.11 views

WordPress plugin Cookie Law Bar 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.11 views

WordPress plugin Sticky Notes Widget 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.7CVSS5.8AI score0.00284EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.10 views

WordPress plugin Supsystic Pricing Table SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS6AI score0.00276EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.11 views

WordPress plugin theme Wibar 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.11 views

CouchCMS 跨站脚本漏洞

CouchCMS is an open-source content management system designed for designers. Version 2.2.1 of CouchCMS has a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting issues, allowing authenticated attackers to upload malicious SVG files through the file upload featur...

5.4CVSS5.7AI score0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.17 views

Cybertron Privacy Drive 代码问题漏洞

Cybertron Privacy Drive is a security software from Cybertron Corporation that supports disk encryption, creation of virtual encrypted volumes, and protection of privacy data. Version 3.17.0 of Cybertron Privacy Drive has a code vulnerability. This vulnerability stems from an unreferenced service...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.14 views

WordPress plugin WP Learn Manager 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS5.9AI score0.00214EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.11 views

MyBB Timeline Plugin 跨站脚本漏洞

The MyBB Timeline Plugin is a plugin provided by MyBB Corporation that offers dynamic timeline displays and social activity stream functions for MyBB forums. Version 1.0 of the MyBB Timeline Plugin contained a cross-site scripting vulnerability. This vulnerability stemmed from cross-site scriptin...

6.9CVSS5.6AI score0.00232EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.13 views

Kite 代码问题漏洞

Kite is an AI code development tool developed by the Kite company in the United States. Version Kite 4.2.0.1 U1 contains a code vulnerability. This vulnerability stems from an unresolved service path in the KiteService Windows service, which may allow local attackers to gain elevated privileges b...

8.5CVSS5.9AI score0.00115EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.13 views

Macaron Notes 安全漏洞

Macaron Notes is a note-taking application developed by Macaron Corporation that supports sticky note recording, schedule organization, and personalized theme management. Version 5.5 of Macaron Notes contains a security vulnerability. This vulnerability stems from allowing attackers to cause...

8.7CVSS5.8AI score0.00284EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.13 views

NetArt Media News Lister 跨站脚本漏洞

NetArt Media News Lister is a website news management system developed by NetArt Media in Bulgaria. It supports news publishing, article management, and content display. NetArt Media News Lister has a cross-site scripting vulnerability. This vulnerability stems from the title parameter in the new...

6.4CVSS5.7AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.11 views

CodeKernel Token - Queue Management System 跨站脚本漏洞

CodeKernel Token - Queue Management System is a Laravel-based queueing and customer waiting list management system developed by CodeKernel. Version 4.0.0 of CodeKernel Token - Queue Management System contains a cross-site scripting vulnerability. This vulnerability stems from storage-type...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.11 views

babl 资源管理错误漏洞

Babl is a GEGL open-source image processing library that supports high-performance pixel format conversion and image data processing. Version 0.1.62 of Babl contains a resource management vulnerability. This vulnerability stems from a failure in the double release detection mechanism. It could...

9.8CVSS5.9AI score0.00459EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.11 views

WordPress plugin Essential Chat Support 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.13 views

WordPress plugin Supsystic Digital Publications 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.7CVSS5.6AI score0.00495EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.14 views

My Notes Safe 安全漏洞

My Notes Safe is a security note-taking app developed by GuiWei, which supports encrypted note storage and privacy protection. Version 5.3 of My Notes Safe has a security vulnerability. This vulnerability stems from allowing attackers to inject excessively long strings into note fields, leading t...

8.7CVSS5.8AI score0.00284EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.10 views

WordPress plugin Supsystic Ultimate Maps SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.11 views

CMS Made Simple 跨站脚本漏洞

CMS Made Simple CMSMS is an open-source content management system developed by the Cmsms team. This system supports role-based permission management systems, wizard-based installation and update mechanisms, and intelligent caching features. Version 2.2.15 of CMS Made Simple contains a cross-site...

6.4CVSS5.6AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

CouchCMS 代码问题漏洞

CouchCMS is an open-source content management system CMS designed for designers. Version 2.2.1 of CouchCMS has a code vulnerability caused by server-side request forgeing issues. This vulnerability could allow authenticated attackers to initiate arbitrary HTTP requests by uploading malicious SVG...

5.3CVSS6AI score0.00238EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.15 views

Huawei HarmonyOS 权限许可和访问控制问题漏洞

Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. Huawei HarmonyOS has vulnerabilities related to permission management and access control. These vulnerabilities stem from issues wit...

3.6CVSS5.8AI score0.00077EPSS
Exploits0References1
Total number of security vulnerabilities195539