Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/15 12:0 a.m.8 views

Open WebUI 访问控制错误漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Prior to Open WebUI 0.9.0, there was an access control vulnerability. This vulnerability stemmed from the /responses endpoint in the OpenAI router, which accepted any authenticated user and directly...

7.1CVSS5.8AI score0.00306EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from FolderForm using modelconfig = ConfigDictextra=allow, which allowed arbitrary fields to ...

5CVSS5.9AI score0.00287EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

APM – Agent Package Manager 后置链接漏洞

APM – Agent Package Manager is an open-source AI-based dependency management tool developed by Microsoft. In versions 0.5.4 to 0.12.4 of APM, there was a post-link vulnerability. This vulnerability stemmed from calls to functions like Path.glob and Path.rglob, which followed symbolic links. As a...

7.4CVSS5.8AI score0.00654EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

APM – Agent Package Manager 路径遍历漏洞

APM – Agent Package Manager is an open-source AI-based dependency management tool developed by Microsoft. Versions of APM prior to 0.8.12 contained a path traversal vulnerability. This vulnerability stemmed from the lack of verification that the plugin paths were within the plugin directory, whic...

7.1CVSS5.8AI score0.00351EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

ws 安全漏洞

WS is a Node.js WebSocket library open source under WebSockets. Versions of WS prior to 8.20.1 contained a security vulnerability, which stemmed from an initialization memory leak when TypedArray was used as a reason parameter in the websocket.close implementation...

7.5CVSS5.8AI score0.00745EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of the getdumpable logic in ptrace, potentially leading to permission-related...

7.1CVSS6.1AI score0.0138EPSS
Exploits6References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

MLflow 安全漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of mlflow prior to 3.9.0 contain security vulnerabilities. These vulnerabilities stem fr...

8.6CVSS7.5AI score0.01502EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

AMD Processors 安全漏洞

AMD Processors are a series of processors developed by American semiconductor company AMD. There are security vulnerabilities in AMD Processors, stemming from the TOCTOU issue. These vulnerabilities may allow attackers to repeatedly load registers, leading to race conditions and potentially causi...

1.8CVSS5.8AI score0.00082EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

AMD Ryzen和AMD Athlon 安全漏洞

AMD Ryzen and AMD Athlon are both products of American semiconductor company AMD. AMD Ryzen is a type of Central Processing Unit CPU. AMD Athlon is a series of microprocessors. Both AMD Ryzen and AMD Athlon have security vulnerabilities. These vulnerabilities stem from improper protection of...

7.1CVSS5.9AI score0.00095EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Disc Soft DAEMON Tools Lite 安全漏洞

Disc Soft DAEMON Tools Lite is a software developed by Disc Soft that supports the mounting of disc images and the creation of virtual drives along with image file management. Versions 12.5.0.2421 to 12.5.0.2434 of Disc Soft DAEMON Tools Lite contain security vulnerabilities. These vulnerabilitie...

9.8CVSS5.9AI score0.01456EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

AMD Chipset 缓冲区错误漏洞

The AMD Chipset is a series of chips developed by American semiconductor company AMD. The AMD Chipset contains a buffer error vulnerability, which stems from out-of-bounds writing. This vulnerability could allow attackers to execute arbitrary code with elevated privileges, resulting in losses...

8.4CVSS6.4AI score0.00114EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

Medical Management System 访问控制错误漏洞

Medical Management System is a pharmacy management system developed by zhuozou. There is an access control vulnerability in Medical Management System, which stems from insecure permission settings, potentially allowing any user to reset their password...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Trog::TOTP 安全特征问题漏洞

Trog::TOTP is a Perl module developed by TEODESIAN’s individual developers, which supports time-based one-time password generation and two-factor authentication. Versions of Trog::TOTP prior to 1.006 contained security vulnerabilities. These vulnerabilities stemmed from the use of the built-in Pe...

7.5CVSS5.8AI score0.00316EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

AMD Ryzen 安全漏洞

The AMD Ryzen is a central processing unit CPU developed by American semiconductor company AMD. Several AMD products have security vulnerabilities, which stem from buffer overflow attacks. These vulnerabilities may allow local attackers to write beyond the bounds of the system, resulting in...

6.8CVSS6AI score0.00101EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

AMD Chipset 安全漏洞

The AMD Chipset is a series of chips developed by American semiconductor company AMD. The AMD Chipset contains security vulnerabilities; these vulnerabilities stem from the lack of checking return values, which may allow attackers to read or modify arbitrary addresses, resulting in losses related...

8.3CVSS5.9AI score0.00104EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

WordPress plugin Quick Playground 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.5CVSS6AI score0.00811EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Schlix CMS 代码注入漏洞

Schlix CMS is a set of open-source content management systems developed by Schlix company, based on PHP and MySQL. Version 2.2.6-6 of Schlix CMS has a code injection vulnerability. This vulnerability stems from a remote code execution issue, allowing authenticated attackers to execute arbitrary P...

8.8CVSS6.7AI score0.0071EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

AMD多款产品 安全漏洞

The AMD Instinct MI210 and AMD Instinct MI250 are both GPU acceleration cards developed by American semiconductor company AMD. Several AMD products have security vulnerabilities. These vulnerabilities stem from improper handling of insufficient permissions, which may allow attackers to provide...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Rapid7 Metasploit Pro 访问控制错误漏洞

Rapid7 Metasploit Pro is a penetration testing software developed by Rapid7, Inc. Rapid7 Metasploit Pro has a access control vulnerability. This vulnerability arises from the Metasploit PostgreSQL service attempting to load OpenSSL configuration files from a non-existent directory that is writabl...

9.3CVSS6.1AI score0.0017EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

AMD Chipset 安全漏洞

The AMD Chipset is a series of chips developed by American semiconductor company AMD. The AMD Chipset contains security vulnerabilities, which stem from incorrect default permissions. These vulnerabilities could allow attackers to gain elevated privileges and execute arbitrary code...

7CVSS6AI score0.00106EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

AMD多款产品 缓冲区错误漏洞

The AMD Instinct MI300A is a GPU acceleration card developed by American semiconductor company AMD. Several AMD products have a buffer error vulnerability, which stems from out-of-bounds read operations. This vulnerability may allow authorized attackers to access a small portion of memory beyond...

1.8CVSS6AI score0.00095EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

WordPress plugin Classified Listing – AI-Powered Classified ads & Business Directory Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.9AI score0.00265EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

vorbis-tools 安全漏洞

Vorbis-tools is an open-source command-line tool developed by the Xiph.Org Foundation for creating and playing Ogg Vorbis files. Version 1.4.3 of vorbis-tools contains a security vulnerability. This vulnerability stems from the remotethread function in the ogg123 tool, which experiences a stack...

8.2CVSS6.1AI score0.00515EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

oinone-pamirs 代码问题漏洞

Oinone-Pamirs is an AI-driven low-code development framework developed by Oinone. Version 7.0.0 of Oinone-Pamirs contains code vulnerabilities. These vulnerabilities stem from the XML parsing logic based on XStream. When attacker-controlled XML is passed to the framework’s parsing points, such as...

6.5CVSS5.9AI score0.00365EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.20 views

Turborepo 跨站请求伪造漏洞

Turborepo is a high-performance JavaScript and TypeScript build system open source by Vercel. Versions of Turborepo prior to 2.9.14 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of validation of the CSRF status value on the localhost callback in t...

6.5CVSS5.7AI score0.00124EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

BlueNoteMKVI PHP Timeclock SQL注入漏洞

BlueNoteMKVI PHP Timeclock is an employee attendance and working hours recording system developed by BlueNoteMKVI company, based on PHP and MySQL. Version 1.04 of BlueNoteMKVI PHP Timeclock contains a SQL injection vulnerability. This vulnerability stems from the loginuserid parameter in the...

8.8CVSS5.9AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.41 views

WordPress plugin Form Notify 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.8CVSS5.8AI score0.0073EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.36 views

OpenMRS 代码注入漏洞

OpenMRS is an open-source electronic health record system developed by OpenMRS Inc. Versions of OpenMRS from 2.7.0 to 2.7.9 and before 2.8.6 have a code injection vulnerability. This vulnerability arises from the ConceptReferenceRangeUtility.evaluateCriteria method, which evaluates condition...

9.1CVSS5.9AI score0.00317EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

WordPress plugin Smartcat Translator for WPML 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

WordPress plugin NEX-Forms – Ultimate Forms Plugin SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.9CVSS5.9AI score0.00355EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

AMD Chipset 缓冲区错误漏洞

The AMD Chipset is a series of chips developed by American semiconductor company AMD. The AMD Chipset contains a buffer error vulnerability, which stems from improper input validation. This vulnerability may allow local attackers to write beyond the bounds of the system, leading to an increase in...

8.5CVSS6AI score0.00099EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

AMD Radeon PRO V710 安全漏洞

The AMD Radeon PRO V710 is a high-performance graphics card produced by AMD, a US-based semiconductor company. The AMD Radeon PRO V710 contains a security vulnerability, which stems from improper isolation. This vulnerability may allow privileged attackers in malicious guest virtual machines to...

6.8CVSS5.8AI score0.00105EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

AMD Radeon 输入验证错误漏洞

AMD Radeon is a set of device driver and utility software developed by American semiconductor company AMD, used for Advanced Micro Devices graphics cards and GPUs. AMD Radeon has a vulnerability related to input validation. This vulnerability arises from improper validation, which may allow...

6.8CVSS5.8AI score0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Vim 操作系统命令注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim. Prior to Vim 9.2.0479, there was a vulnerability related to operating system command injection. This vulnerability stemmed from the use of the shellescape tartail for constructing commands when the tarVimuntar function decompress...

7CVSS5.9AI score0.00552EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.3 contained security vulnerabilities. These vulnerabilities stemmed from the POST /api/v1/notes/id/pin endpoint performing write operations but only checking read...

3.5CVSS5.8AI score0.00218EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

AMD多款产品 缓冲区错误漏洞

The AMD Ryzen is a central processing unit CPU developed by American semiconductor company AMD. Several AMD products have a buffer error vulnerability, which stems from improper input validation. This vulnerability may allow local attackers to read data beyond its scope, resulting in information...

6.9CVSS6AI score0.00099EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

DHTMLX Gantt 路径遍历漏洞

DHTMLX Gantt is a JavaScript Gantt chart component developed by DHTMLX Corporation. It supports project planning, task scheduling, and timeline visualization. Versions of DHTMLX Gantt prior to 0.7.6 contained a path traversal vulnerability. This vulnerability stemmed from a lack of HTML cleaning,...

9.2CVSS5.8AI score0.00497EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

AMD Processors 资源管理错误漏洞

AMD Processors are a series of processors developed by American semiconductor company AMD. There is a resource management vulnerability in AMD Processors, which stems from improper input validation. This vulnerability may allow local attackers to trigger a reuse of freed resources, resulting in...

6.9CVSS5.8AI score0.00101EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

AMD Graphics Driver 安全漏洞

AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. There is a security vulnerability in AMD Graphics Driver, which stems from the unlimited binding of IP addresses. This vulnerability could allow remote attackers to make unauthorized changes to G...

9.2CVSS5.8AI score0.00308EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Turborepo 代码问题漏洞

Turborepo is a high-performance JavaScript and TypeScript build system open source by Vercel. Versions of Turborepo from 1.1.0 to 2.9.14 contained code vulnerabilities. These vulnerabilities stemmed from the package manager executing yarn --version during detection, which could lead to the loadin...

9.8CVSS6.2AI score0.00386EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

AMD RAID Driver 安全漏洞

The AMD RAID Driver is a low-level hardware driver developed by American semiconductor company AMD. The AMD RAID Driver contains a security vulnerability, which stems from improper input validation. This vulnerability may allow attackers to target any memory location, potentially leading to...

8.6CVSS6.1AI score0.00106EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

phpMyFAQ SQL注入漏洞

phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 had an SQL injection vulnerability. This vulnerability stems from the SQL injection in the CurrentUser::setTokenData function, which could allow authenticated attackers to execu...

7.7CVSS6.1AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Gitsign 信任管理问题漏洞

Gitsign is a tool developed by Gitsign’s developers that allows for signing Git commits without the need for a key. Versions of Gitsign prior to 0.16.0 contained a trust management vulnerability. This vulnerability stemmed from the fact that gitsign verify and gitsign verify-tag re-encoded the...

5.3CVSS5.8AI score0.00119EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Fujitsu Musetheque V4 跨站请求伪造漏洞

Fujitsu Musetheque V4 is a digital archive and collection information management system developed by Fujitsu for museums and cultural institutions. Versions of Fujitsu Musetheque V4 prior to rev2203.0 contained a cross-site request forgeing vulnerability. This vulnerability arises from cross-site...

8.5CVSS7.3AI score0.00131EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Microsoft Edge 输入验证错误漏洞

Microsoft Edge is a web browser included with Windows 10 and later versions of the Microsoft operating system. There is a vulnerability in input validation of Microsoft Edge. Attackers can exploit this vulnerability to bypass certain features...

5.4CVSS5.8AI score0.00302EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

WordPress plugin Notify Odoo 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.00135EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

AMD Graphics Driver 安全漏洞

AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. There is a security vulnerability in AMD Graphics Driver, which stems from insufficient parameter cleaning. This vulnerability could allow attackers to send a corrupted...

1.8CVSS5.8AI score0.00101EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Podcast Generator 跨站脚本漏洞

Podcast Generator is an open-source set of free podcast publishing scripts written in PHP language. Version 3.1 of Podcast Generator has a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site scripting issue, which may allow authenticated attackers to inject...

6.4CVSS5.7AI score0.00193EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

WordPress plugin The7 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00281EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

coreMQTT Client Library 缓冲区错误漏洞

The coreMQTT Client Library is a lightweight client communication library developed under the FreeRTOS open source project. Versions of the coreMQTT Client Library prior to 5.0.1 contained a buffer error vulnerability. This vulnerability stems from the lack of boundary validation in the MQTT v5.0...

9.1CVSS6AI score0.00388EPSS
Exploits0References1
Total number of security vulnerabilities195539