Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the GET /api/v1/memories/ef endpoint, which could trigger embedded generation without...

6.5CVSS5.8AI score0.00341EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

AMD多款产品 缓冲区错误漏洞

AMD Radeon is a set of device driver and utility software packages developed by American semiconductor company AMD for Advanced Micro Devices’ graphics cards and GPUs. Several AMD products have a buffer error vulnerability, which stems from insufficient parameter cleaning. This vulnerability may...

4.6CVSS6AI score0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.0 had a cross-site scripting vulnerability. This vulnerability stemmed from the profileimageurl field in the user profile update form accepting arbitrary data: URI...

5.4CVSS5.8AI score0.00199EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

oinone-pamirs 代码注入漏洞

Oinone-Pamirs is an open-source AI-driven low-code development framework developed by Oinone. Version 7.0.0 of Oinone-Pamirs contains a code injection vulnerability. This vulnerability stems from the ScriptRunner.run method in the ScriptRunner component evaluating scripts controlled by the attack...

6.5CVSS5.9AI score0.00319EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

AMD OverDrive 安全漏洞

AMD OverDrive is a tool provided by American semiconductor company AMD that supports the management and configuration of overclocking settings for CPUs, GPUs, and RAM. There is a security vulnerability in AMD OverDrive, which stems from improper input validation. This vulnerability could allow...

4.6CVSS5.8AI score0.00108EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

AMD Processors 缓冲区错误漏洞

AMD Processors are a series of processors developed by American semiconductor company AMD. AMD Processors have a buffer error vulnerability, which stems from out-of-bounds reading. This vulnerability could allow attackers to access memory locations at will, resulting in loss of availability and...

5.8CVSS6AI score0.00104EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Krajowa Izba Rozliczeniowa SzafirHost 代码问题漏洞

Krajowa Izba Rozliczeniowa SzafirHost is an electronic signature server component developed by the Polish company Krajowa Izba Rozliczeniowa. It provides certificate management and signature processing capabilities. Versions of Krajowa Izba Rozliczeniowa SzafirHost prior to 1.2.1 had code...

8.6CVSS6.2AI score0.00445EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Silicon Simplicity SDK 安全特征问题漏洞

The Silicon Simplicity SDK is an embedded software development platform provided by Silicon Corporation in the United States. It is used to build IoT products based on our 2-series and upcoming 3-series wireless and MCU devices. The Silicon Simplicity SDK has a security feature vulnerability, whi...

4.1CVSS5.8AI score0.00146EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

AMD多款产品 输入验证错误漏洞

The AMD Ryzen is a central processing unit CPU developed by American semiconductor company AMD. Several AMD products have a vulnerability related to input validation. This vulnerability arises due to improper input validation, which may allow attackers to unmapped any memory page, thereby affecti...

8.4CVSS5.8AI score0.00104EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

AMD多款产品 安全漏洞

The AMD Instinct MI210, among others, are GPU acceleration cards produced by American semiconductor company AMD. Several AMD products have security vulnerabilities. These vulnerabilities stem from improper cleanup of shared register resources, which may allow attackers with administrator privileg...

4.6CVSS5.8AI score0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Savsoft Quiz 跨站脚本漏洞

Savsoft Quiz is a management platform for creating online exams and tests, developed by Savsoft’s individual developers using PHP. Version 5.0 of Savsoft Quiz has a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site scripting issue present on the user accoun...

6.4CVSS5.6AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Huawei EMUI和Huawei HarmonyOS 信息泄露漏洞

Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei. Huawei EMUI is a mobile operating system developed based on Android. Huawei HarmonyOS is an operating system that provides a full-scenario distributed operating system based on a microkernel. Both Huawei EMUI and...

5.8CVSS5.8AI score0.0009EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Microsoft Edge 跨站脚本漏洞

Microsoft Edge is a web browser included with Windows 10 and later versions from Microsoft. Microsoft Edge has a cross-site scripting vulnerability. Attackers use this vulnerability to carry out phishing attacks...

6.1CVSS5.7AI score0.00302EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in Huawei HarmonyOS, which stems from a stack overflow issue and may affect its usability...

2.8CVSS5.8AI score0.00083EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Online Recruitment System for Economic Experiments 安全漏洞

Online Recruitment System for Economic Experiments is an open-source online recruitment system for economic experiments developed by ORSEE. Version 3.1.0 of Online Recruitment System for Economic Experiments contains a security vulnerability. This vulnerability stems from the fact that values...

6.3CVSS6.1AI score0.00343EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

AMD Processors 安全漏洞

AMD Processors are a series of processors developed by American semiconductor company AMD. There are security vulnerabilities in AMD Processors, which stem from unsafe default configuration states of DDR5 memory modules. These vulnerabilities could allow attackers with local user privileges to...

6.9CVSS5.8AI score0.00091EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

AMD Chipset 缓冲区错误漏洞

The AMD Chipset is a series of chips developed by American semiconductor company AMD. The AMD Chipset contains a buffer error vulnerability, which stems from improper input validation. This vulnerability may allow local attackers to read or write data beyond their intended scope, resulting in an...

8.5CVSS6AI score0.00099EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

Fujitsu Musetheque V4 跨站脚本漏洞

Fujitsu Musetheque V4 is a digital archive and collection information management system developed by Fujitsu for museums and cultural institutions. Fujitsu Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier versions contained a cross-site scripting vulnerability. This...

5.4CVSS6.3AI score0.00134EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

anote 跨站脚本漏洞

Anote is an open-source note-taking application that supports Markdown format. Version 1.0 of Anote contains a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site scripting issue, which could allow attackers to execute arbitrary code by injecting malicious...

7.2CVSS6AI score0.00469EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.15 views

DHTMLX Diagram 路径遍历漏洞

DHTMLX Diagram is a JavaScript chart component developed by DHTMLX Corporation that supports interactive organizational charts, flowcharts, mind maps, and other chart types. Versions of DHTMLX Diagram prior to 1.1.1 had a path traversal vulnerability. This vulnerability stemmed from path traversa...

9.2CVSS5.8AI score0.00397EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

AMD多款产品 安全漏洞

The AMD Ryzen is a central processing unit CPU developed by American semiconductor company AMD. Several AMD products have security vulnerabilities; these vulnerabilities stem from the lack of checking return values, which may allow attackers to write arbitrary memory addresses, resulting in...

7.1CVSS6.1AI score0.00114EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

WordPress plugin Frontend Admin by DynamiApps 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Crypt::DSA 安全漏洞

Crypt::DSA is a Perl cryptography module developed by TIMLEGGE’s individual developers, which supports the generation and verification of DSA digital signatures. Versions of Crypt::DSA prior to 1.19 contained security vulnerabilities; these vulnerabilities stemmed from the use of the 2-args open...

6.5CVSS5.8AI score0.00318EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

Crypt::DSA 安全特征问题漏洞

Crypt::DSA is a Perl cryptography module developed by TIMLEGGE’s individual developers, which supports the generation and verification of DSA digital signatures. Versions of Crypt::DSA prior to version 1.20 had security vulnerabilities. These vulnerabilities stemmed from the use of the Perl...

7.3CVSS5.8AI score0.00355EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.8 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.6.31 contained security vulnerabilities, which were caused by cross-site scripting vulnerabilities in the SVG renderer implementation...

5.4CVSS5.7AI score0.00165EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Radare2 资源管理错误漏洞

Radare2 is an open-source reverse framework for Unix-based geeks, developed by Radare. Version 6.1.5 of Radare2 contains a resource management vulnerability. This vulnerability stems from the use of the gdbrpidslist function in the GDB client core, which allows for double memory deallocation afte...

9.8CVSS6AI score0.00603EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier, as well as 10.11.13 and earlier, have security vulnerabilities. These vulnerabilities stem from the lack of enforcement of the PostEditTimeLimit for...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained security vulnerabilities. These vulnerabilities stemmed from a lack of permission filtering in the getIdFromSolutionId method. This allowed unauthorized attacker...

8.7CVSS5.8AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

Vvveb 跨站脚本漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 had a cross-site scripting vulnerability. This vulnerability stemmed from the lack of HTML escaping for the...

5.3CVSS5.6AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained security vulnerabilities, which stemmed from insufficient authorization in the management API routing. This vulnerability could allow authenticated ordinary user...

5.3CVSS5.8AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s developers, used for building websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation of the quantity parameter in the...

7.5CVSS5.8AI score0.00213EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.8 views

Mathesar 安全漏洞

Mathesar is an open-source PostgreSQL data collaboration and editing tool developed by the Mathesar Foundation. Versions of Mathesar from 0.2.0 to 0.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification that the requesting user was indeed a database...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

bitcoinj 数据伪造问题漏洞

Bitcoinj is an open-source Java implementation of a Bitcoin protocol library, supporting wallet management and transaction sending/ receiving. Versions of Bitcoinj prior to 0.17.1 had a data manipulation vulnerability. This vulnerability stems from defects in the fast path validation mechanism in...

7.5CVSS5.8AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.17 views

magento-lts 安全漏洞

Magento LTS is an open-source alternative to OpenMage, and it’s a reliable substitute for the official Magento CE version. Versions of Magento LTS prior to 20.18.0 had security vulnerabilities; these vulnerabilities stemmed from reflection-type cross-site scripting vulnerabilities in the data...

5.3CVSS5.7AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.47 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel. These vulnerabilities stem from the fact that ksmbd does not verify the SID length of inherited ACEs in the...

8.8CVSS6AI score0.00408EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

magento-lts 输入验证错误漏洞

Magento LTS is an open-source alternative to Magento CE, designed to be a reliable replacement for the official Magento version. Versions of Magento LTS prior to 20.18.0 contained a vulnerability related to input validation. This vulnerability stemmed from the...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Apache Flink 代码注入漏洞

Apache Flink is an open-source distributed stream processing engine developed by the Apache Foundation in the United States. The product is primarily written in Java and Scala languages. Versions of Apache Flink from 1.15.0 to 1.20.x, as well as from 2.0.0 to 2.x, contain a code injection...

8.1CVSS6.3AI score0.00381EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Imager 缓冲区错误漏洞

Imager is an image processing program developed by Tony Cook personally. Versions of Imager 1.030 and earlier contained a buffer error vulnerability. This vulnerability stemmed from the ireadgifmultilow function in Imager::File::GIF, which allocates a single buffer for each line of data. The size...

6.5CVSS6.1AI score0.00321EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 contained security vulnerabilities. These vulnerabilities stemmed from a lack of workspace.tools permission checks at the tool update endpoint, which could allow...

7.2CVSS5.8AI score0.00437EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

Mattermost 代码问题漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier, 10.11.13 and earlier, as well as 11.4.3 and earlier, have code vulnerabilities. These vulnerabilities stem from unvalidated proxy image response...

6.5CVSS5.9AI score0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the checkout endpoint accepted...

7.6CVSS5.8AI score0.002EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.19 views

phpMyFAQ SQL注入漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained an SQL injection vulnerability. This vulnerability stemmed from the BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods, which inserted...

9.8CVSS5.9AI score0.01709EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the endpoints for creating and updating FAQs bypassed cleanup mechanisms...

5.4CVSS5.8AI score0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained security vulnerabilities. These vulnerabilities stemmed from the AbstractAdministrationController::userHasPermission function, which did not terminate execution...

7.1CVSS5.9AI score0.00303EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the raw filter for rendering in result.question and result.answerPreview within...

8.2CVSS5.9AI score0.00249EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Vvveb SQL注入漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s developers, used for building websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 had an SQL injection vulnerability. This vulnerability stemmed from an SQL injection issue on the front-end user order history page...

8.7CVSS6AI score0.00265EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.20 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of limits on the number of authentication attempts at the /admin/check endpoint, allowing...

9.3CVSS5.8AI score0.00339EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual FAQ system developed by Thorsten Rinne. It is entirely database-driven. Versions of phpMyFAQ prior to 4.1.2 contained security vulnerabilities. These vulnerabilities stemmed from path traversal in the Client::deleteClientFolder function, which could allow administrators...

7CVSS5.8AI score0.00266EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained a security vulnerability. This vulnerability stemmed from the lack of permission checks in the ConfigurationTabController.php file, which could allow any authenticated...

5.3CVSS5.8AI score0.00221EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

Vvveb 跨站脚本漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s developers, used for building websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 had a cross-site scripting vulnerability, which stemmed from allowing permission upgrades through the post editor...

5.1CVSS5.6AI score0.00234EPSS
Exploits0References1
Total number of security vulnerabilities195539