Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Vvveb 跨站脚本漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.1 had a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the author field in comment...

6.1CVSS5.6AI score0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Gitsign 输入验证错误漏洞

Gitsign is a tool developed by Gitsign’s developers that allows for signing Git commits without the need for a key. Versions of Gitsign from 0.4.0 to 0.15.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from the CertVerifier.Verify method, which...

5.4CVSS5.9AI score0.00111EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

magento-lts 安全特征问题漏洞

Magento LTS is an open-source alternative to OpenMage, designed as a reliable substitute for the official Magento CE version. Versions of Magento LTS prior to 20.18.0 had security vulnerabilities. These vulnerabilities stemmed from the XML-RPC/SOAP API session IDs using time-based, outdated...

9.3CVSS5.8AI score0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

smtp-server 资源管理错误漏洞

smtp-server is an open-source Node.js module developed by nodemailer, used to create SMTP and LMTP server instances. Versions of smtp-server prior to 3.18.3 contained a resource management vulnerability. This vulnerability stemmed from issues with the SMTPStream.write and lib/smtp-stream.js...

7.5CVSS5.8AI score0.00572EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Imager::File::GIF 缓冲区错误漏洞

Imager::File::GIF is a Perl image module developed by Tony Cook, which supports the reading, writing, and processing of GIF images. Versions of Imager::File::GIF 1.002 and earlier contained a buffer error vulnerability. This vulnerability stemmed from the ireadgifmultilow function, which allocate...

5.3CVSS6AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Radare2 资源管理错误漏洞

Radare2 is an open-source reverse framework for Unix-based geeks, developed by Radare. Version 6.1.5 of Radare2 contains a resource management vulnerability. This vulnerability stems from the reuse of resources after they are released in the gdbrthreadslist function. It could allow remote attacke...

9.8CVSS6.2AI score0.00626EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

WordPress plugin WPGraphQL 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.7CVSS5.8AI score0.00451EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Google Cloud Application Integration 安全漏洞

Google Cloud Application Integration is a cloud-based integration platform offered by Google Inc., which supports cross-applicational connections, process orchestration, and API integration. Versions of Google Cloud Application Integration prior to version 2026-01-23 contained security...

10CVSS6.1AI score0.00514EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

AMD Secure Processor 安全漏洞

The AMD Secure Processor ASP is an independent ARM Coretex-A5 chip developed by the American semiconductor company AMD. The AMD Secure Processor ASP has a security vulnerability that stems from improper input validation. This vulnerability may allow local attackers to create buffer overflow...

6.9CVSS6AI score0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

AMD Chipset 安全漏洞

The AMD Chipset is a series of chips developed by American semiconductor company AMD. The AMD Chipset contains security vulnerabilities. These vulnerabilities stem from the ability to execute code within non-SMM trustable memory. This could allow high-privilege attackers to trigger the execution ...

5.4CVSS6.1AI score0.00139EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

DHTMLX Gantt 操作系统命令注入漏洞

DHTMLX Gantt is a JavaScript Gantt chart component developed by DHTMLX Corporation. It supports project planning, task scheduling, and timeline visualization. Prior to version 0.7.6, DHTMLX Gantt had an operating system command injection vulnerability. This vulnerability stemmed from a lack of da...

10CVSS5.9AI score0.00648EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

AMD Graphics Driver 安全漏洞

AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. There is a security vulnerability in AMD Graphics Driver. This vulnerability stems from concurrent asynchronous access to the global variable amdgvcmd during the ioctl path, which leads to race...

2CVSS5.9AI score0.00072EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

oinone-pamirs 命令注入漏洞

Oinone-Pamirs is an open-source AI-driven low-code development framework developed by Oinone. Version 7.0.0 of Oinone-Pamirs contains a command injection vulnerability. This vulnerability stems from the CommandHelper.executeCommands method, which initiates shell processes and directly writes the...

7.3CVSS6AI score0.01414EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

AMD Chipset 安全漏洞

The AMD Chipset is a series of chips developed by American semiconductor company AMD. The AMD Chipset contains security vulnerabilities; these vulnerabilities stem from the use of uninitialized resources, which may allow attackers to access uninitialized kernel memory, resulting in losses related...

6.9CVSS5.8AI score0.00104EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

AMD Graphics Driver 缓冲区错误漏洞

AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. The AMD Graphics Driver contains a buffer error vulnerability, which stems from out-of-buffer writes, potentially allowing local users to gain elevated privileges through remote code execution...

8.5CVSS6.3AI score0.00146EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

AMD Ryzen 缓冲区错误漏洞

The AMD Ryzen is a central processing unit CPU developed by American semiconductor company AMD. The AMD Ryzen has a buffer error vulnerability, which stems from out-of-bounds reading. This vulnerability could allow malicious local attackers with low privileges to cause losses related to...

4.8CVSS6AI score0.00099EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Delphix Continuous Data 操作系统命令注入漏洞

Delphix Continuous Data is a platform from the American company Delphix that supports data virtualization, continuous data delivery, and database environment management. Delphix Continuous Data has a vulnerability related to operating system command injection, which stems from improper input...

8.7CVSS6.1AI score0.00234EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Huawei HarmonyOS 授权问题漏洞

Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. Huawei HarmonyOS has vulnerabilities related to authorization control, which may affect the confidentiality of services...

6.2CVSS5.8AI score0.00096EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.8 views

Open WebUI 代码问题漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 had code vulnerabilities. These vulnerabilities stemmed from the processpictureurl function, which extracted arbitrary URLs from OAuth image claims without...

7.7CVSS6AI score0.00381EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.15 views

Cockpit CMS 跨站脚本漏洞

Cockpit CMS is an open-source headless content management system developed by Cockpit. Versions of Cockpit CMS 2.14.0 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the use of the $interpolate function in template strings within the Display template options,...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Huawei EMUI和Huawei HarmonyOS 缓冲区错误漏洞

Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei. Huawei EMUI is a mobile operating system developed based on Android. Huawei HarmonyOS is an operating system that provides a full-scenario distributed operating system based on a microkernel. Both Huawei EMUI and...

6.8CVSS6AI score0.00131EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.15 views

Tabby 安全漏洞

Tabby Terminus is a highly configurable terminal emulator, SSH, and serial client developed by Eugene’s individual developers. Versions of Tabby Terminus prior to version 1.0.233 contain security vulnerabilities. These vulnerabilities stem from the lack of escaping control characters when draggin...

8.4CVSS5.9AI score0.00178EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei. Huawei EMUI is a mobile operating system developed based on Android. Huawei HarmonyOS is an operating system that provides a full-scenario distributed operating system based on a microkernel. Both Huawei EMUI and...

5.9CVSS5.8AI score0.00078EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in Huawei HarmonyOS, which stems from the issue of reusing freed resources after release. This...

5.6CVSS5.8AI score0.00126EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI based on the open-source Open WebUI framework. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the ydoc:document:update Socket.IO event handler, which checke...

5.4CVSS5.8AI score0.0022EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.15 views

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Utils::parseUrl function, which allowed authenticated users to inject JavaScript through...

8.3CVSS5.7AI score0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

GitHub CLI 安全漏洞

GitHub CLI is an open-source command-line interface for GitHub. Versions of GitHub CLI from 1.6.0 to 2.92.0 contained a security vulnerability. This vulnerability stemmed from the lack of cleaning terminal control sequences when processing GitHub Actions workflow logs. It could allow attackers to...

3.5CVSS5.9AI score0.00206EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

libjwt 加密问题漏洞

LibJWT is a C-language library developed by Ben Collins, designed for generating and verifying JSON Web Tokens. Versions 3.0.0 to 3.3.2 of LibJWT contain vulnerabilities related to encryption. These vulnerabilities arise from accepting RSA JWKs without an alg parameter as the verification key for...

9.1CVSS5.8AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

WWW::Mechanize::Cached 代码问题漏洞

WWW::Mechanize::Cached is an open-source module developed by libwww-perl for the Perl language, serving as an extension to WWW::Mechanize. Versions of WWW::Mechanize::Cached prior to version 2.00 contained code vulnerabilities. These vulnerabilities stemmed from the ability to deserialize HTTP...

5.3CVSS6.1AI score0.00127EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.32 views

Traefik 访问控制错误漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.46, 3.6.17, and 3.7.1 contained a access control vulnerability. This vulnerability stemmed from the Kubernetes Gateway API provider, which allowed tenants with permission to create...

9.9CVSS5.8AI score0.00468EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in Huawei HarmonyOS, which stems from issues with permission control, potentially affecting the...

5.5CVSS5.8AI score0.00082EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Tabby 操作系统命令注入漏洞

Tabby Terminus is a highly configurable terminal emulator, SSH, and serial client developed by Eugene’s individual developers. Versions of Tabby before 1.0.233 contained an operating system command injection vulnerability. This vulnerability stemmed from the tabby:// URL scheme handler executing ...

9.4CVSS6.2AI score0.0038EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Apache::Session::Generate::SHA256 安全特征问题漏洞

Apache::Session::Generate::SHA256 is a session management module developed by the Apache Foundation. Versions of Apache::Session::Generate::SHA256 prior to 1.3.19 contained security vulnerabilities. These vulnerabilities stemmed from insecure session ID generation. The use of the built-in rand...

6.5CVSS5.7AI score0.00243EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Microsoft Edge 输入验证错误漏洞

Microsoft Edge is a web browser included with Windows 10 and later versions from Microsoft. There is a vulnerability in input validation of Microsoft Edge. Attackers can exploit this vulnerability to execute code remotely...

9.8CVSS6AI score0.00987EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained a security vulnerability. This vulnerability stemmed from the lack of authorization for the DELETE /admin/api/content/tags/tagId endpoint. As a result, any...

5.4CVSS5.8AI score0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 contained security vulnerabilities. These vulnerabilities stemmed from the backend admin/auth-token endpoint, which...

8.1CVSS5.8AI score0.00218EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

WordPress plugin WP Super Edit 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS5.9AI score0.00576EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system developed by Huawei Technologies Co., Ltd. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in HUAWEI HarmonyOS, which stems from issues with the permission control of the...

5.9CVSS5.8AI score0.00078EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Open WebUI 授权问题漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI based on the Open WebUI open source project. Versions of Open WebUI prior to 0.9.0 had an authorization vulnerability. This vulnerability stemmed from the LDAP authentication endpoint failing to verify that the submitt...

9.1CVSS5.8AI score0.01461EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.15 views

AMD Graphics Driver 访问控制错误漏洞

AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. The AMD Graphics Driver contains a access control error vulnerability, which stems from improper isolation. This vulnerability may allow malicious guest virtual machines or processes to gain...

8.8CVSS5.9AI score0.00096EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.0 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleanup order in the Banner component, leading to storage-based cross-site...

8.1CVSS5.6AI score0.00322EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

Mathesar 安全漏洞

Mathesar is an open-source PostgreSQL data collaboration and editing tool developed by the Mathesar Foundation. Versions of Mathesar from 0.2.0 to 0.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification that the requesting user was indeed a database...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.8 views

Huawei HarmonyOS 竞争条件问题漏洞

Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. Huawei HarmonyOS has a vulnerability related to permission control, which may affect its usability due to issues with permissions...

8.4CVSS5.8AI score0.00075EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system developed by Huawei Technologies Co., Ltd. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in HUAWEI HarmonyOS, which stems from issues with the permission control of the...

5.9CVSS5.8AI score0.0008EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints, which accepted...

5.4CVSS5.8AI score0.00238EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

Tabby 安全漏洞

Tabby Terminus is a highly configurable terminal emulator, SSH, and serial client developed by Eugene’s individual developers. Versions of Tabby prior to 1.0.232 contained security vulnerabilities. These vulnerabilities stemmed from the terminal linker not verifying protocol schemes, which could...

7.1CVSS5.8AI score0.00137EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Turborepo 命令注入漏洞

Turborepo is a high-performance JavaScript and TypeScript build system open source by Vercel. Versions of Turborepo 2.9.14000 and earlier contained a command injection vulnerability. This vulnerability stemmed from the LSP VS Code extension using string-based commands to execute Turborepo’s daemo...

8.4CVSS6.2AI score0.00158EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

AMD Graphics Driver 安全漏洞

AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. There is a security vulnerability in AMD Graphics Driver, which stems from insufficient parameter cleaning. This vulnerability may allow attackers to send a format-errors...

1.8CVSS5.8AI score0.00101EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Tabby 操作系统命令注入漏洞

Tabby Terminus is a highly configurable terminal emulator, SSH, and serial client developed by Eugene’s individual developers. Versions prior to Tabby 1.0.233 contained an operating system command injection vulnerability. This vulnerability stemmed from the automatic detection of the ZMODEM...

7CVSS6AI score0.0013EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under the open source Open WebUI project. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the isuserchannelmember function, which checked whether the...

5.4CVSS5.8AI score0.00178EPSS
Exploits1References1
Total number of security vulnerabilities195539