Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Traefik 安全漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Vulnerabilities exist in versions prior to Traefik 2.11.44, 3.6.15, and 3.7.0-rc.3. These vulnerabilities stem from the errors middleware module, which forwards the entire set of request headers including...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in Huawei HarmonyOS, which stems from issues with permission control, potentially affecting the...

5.6CVSS5.8AI score0.00114EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from API keys sent via the x-api-key header, allowing bypass of endpoint restrictions and...

6.5CVSS5.8AI score0.00309EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Open WebUI 授权问题漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under the open source Open WebUI project. Versions of Open WebUI prior to 0.8.11 had an authorization issue vulnerability. This vulnerability stemmed from the internal bypassfilter parameter being exposed through FastA...

5.4CVSS5.8AI score0.00193EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

AMD Graphics Driver 输入验证错误漏洞

The AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. The AMD Graphics Driver has a vulnerability related to input validation errors. This vulnerability arises from the possibility of abnormal calls being made by the driver, which may lead to...

1.8CVSS5.8AI score0.00102EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.12 contained a security vulnerability. This vulnerability stemmed from the lack of enforcement of the ENABLECODEEXECUTION configuration for the...

8.8CVSS6.1AI score0.00406EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the validatecollectionaccess function using an incomplete list of allowed collections. Onl...

4.3CVSS5.8AI score0.00221EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

WordPress plugin WP Super Edit 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS5.9AI score0.00576EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

Open WebUI 访问控制错误漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Prior to Open WebUI 0.9.0, there was an access control vulnerability. This vulnerability stemmed from the /responses endpoint in the OpenAI router, which accepted any authenticated user and directly...

7.1CVSS5.8AI score0.00306EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

Vim 操作系统命令注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim. Prior to Vim 9.2.0479, there was a vulnerability related to operating system command injection. This vulnerability stemmed from the use of the shellescape tartail for constructing commands when the tarVimuntar function decompress...

7CVSS5.9AI score0.00552EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of the getdumpable logic in ptrace, potentially leading to permission-related...

7.1CVSS6.1AI score0.0138EPSS
Exploits6References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

GStreamer 数字错误漏洞

GStreamer is a set of open-source frameworks for processing streaming media. Versions of GStreamer prior to 1.28.2 contained a numerical error vulnerability. This vulnerability stemmed from the qtdemuxparsetrak function in the isomp4 plugin, which did not properly validate atomic data when parsin...

5.5CVSS5.8AI score0.00101EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.9.7, 18.10.6, and 18.11.3...

6.5CVSS5.8AI score0.00295EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

MongoDB PHP Driver 安全漏洞

The MongoDB PHP Driver is an open-source driver developed by MongoDB for PHP applications, enabling connection to MongoDB databases. The MongoDB PHP Driver has a security vulnerability that stems from a stack overflow issue when processing deeply nested BSON documents, which may lead to applicati...

6CVSS5.8AI score0.00311EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

SAP NetWeaver Application Server ABAP 安全漏洞

SAP NetWeaver Application Server ABAP is a platform used by SAP, a German company, for the operation and development of applications written in the ABAP language. There is a security vulnerability in SAP NetWeaver Application Server ABAP, which arises from improper handling of inputs under certai...

3.1CVSS5.8AI score0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

GitLab 跨站脚本漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Versions of GitLab EE prior to 18.7.7, 18.10 prior to 18.10.6, and 18.1...

8.7CVSS6AI score0.00188EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. Vulnerabilities exist in versions of GitLab CE/EE 17.10 to 18.9.7, 18.1...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

STEL Order 跨站脚本漏洞

STEL Order is an ERP, CRM, and online billing management platform developed by the Spanish company STEL for small and medium-sized enterprises. Versions of STEL Order prior to 3.25.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient cleaning of the...

5.1CVSS5.7AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

PostgreSQL SQL注入漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4, 17.10, and 16.14 have SQL...

8.8CVSS6.2AI score0.0018EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Open OnDemand 跨站脚本漏洞

Open OnDemand is an open-source software developed by the Ohio Supercomputer Center, designed for open-ended interactive HPC through web-based interfaces. Versions of Open OnDemand prior to 4.0.11, 4.1.5, and 4.2.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from...

5.3CVSS5.6AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.32.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of protection for URL routing using...

5.9CVSS5.8AI score0.00251EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

etcd 安全漏洞

Etcd is an open-source key-value storage system for distributed systems, written in the Go language. There are security vulnerabilities in versions of etcd prior to 3.4.44, 3.5.30, and 3.6.11. These vulnerabilities stem from transactions that bypass RBAC authorization checks through PrevKv or Put...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE before 18.9.7, 18.10....

4.3CVSS5.9AI score0.00181EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Archon 安全漏洞

Archon is a content management system CMS specifically designed for archival information management. Version 0.1.0 of Archon contains a security vulnerability. This vulnerability stems from a specially crafted HTML page, which may allow victims to execute commands when accessing the system, run...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

WordPress plugin Royal Elementor Addons and Templates 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.7AI score0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

rust-openssl 安全漏洞

rust-openssl is an open-source library designed for interacting with the OpenSSL library. There were security vulnerabilities in the version of rust-openssl from 0.10.0 to 0.10.79. These vulnerabilities stemmed from incorrect calculations of the output buffer size when using AES key wrap padding,...

5.1CVSS5.9AI score0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Universal Tool Calling Protocol 安全漏洞

Universal Tool Calling Protocol is an official Python implementation of the UTCP open-source protocol. Versions prior to 1.1.3 of Universal Tool Calling Protocol contained security vulnerabilities; these vulnerabilities stemmed from the prepareenvironment method passing complete environment...

7.7CVSS5.8AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Universal Tool Calling Protocol 代码问题漏洞

Universal Tool Calling Protocol is an official Python implementation of the UTCP open-source protocol. Versions prior to 1.1.3 of Universal Tool Calling Protocol had code vulnerabilities, which stemmed from inconsistent trust boundaries and could lead to man-in-the-middle server request forgery...

4.7CVSS5.9AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

libyang 输入验证错误漏洞

LibYang is an open-source YANG data modeling language parser and toolkit developed in C language by CESNET. Versions of LibYang prior to 5.2.15 contained a vulnerability related to input validation errors. This vulnerability stemmed from an integer overflow in the lybreadstring function, which...

7.5CVSS6.2AI score0.00428EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

rust-openssl 输入验证错误漏洞

rust-openssl is an open-source library in Rust that allows for interaction with the OpenSSL library. In versions 0.9.7 to 0.10.79 of rust-openssl, there was a vulnerability related to input validation errors. This vulnerability stemmed from X509Ref::ocspresponders returning the OCSP responder URL...

8.7CVSS5.9AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Amazon SageMaker Python SDK 安全漏洞

Amazon SageMaker Python SDK is a development toolkit provided by Amazon, Inc., for building, training, and deploying machine learning models. Versions of the Amazon SageMaker Python SDK prior to v2.257.2 and v3.8.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of...

7.2CVSS6AI score0.0039EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Amazon SageMaker Python SDK 安全漏洞

Amazon SageMaker Python SDK is a development toolkit provided by Amazon, Inc., for building, training, and deploying machine learning models. Versions of the Amazon SageMaker Python SDK prior to v2.257.2 and v3.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Aegra 授权问题漏洞

Aegra is a large-scale model application platform developed by Aegra Corporation, designed for building and orchestrating multi-step intelligent agent processes. Versions of Aegra prior to 0.9.7 contained an authorization vulnerability. This vulnerability stemmed from multiple authenticated users...

8.6CVSS6AI score0.00285EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Kiota Java Libraries 输入验证错误漏洞

Kiota Java Libraries is an open-source collection of Java libraries developed by Microsoft for generating OpenAPI SDKs. Version 1.9.0 of Kiota Java Libraries contains a vulnerability related to input validation errors. This vulnerability arises from the RedirectHandler middleware, which fails to...

7CVSS5.8AI score0.00505EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

wasmtime 安全漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions 30.0.0 to 36.0.8, 43.0.2, and 44.0.1 of Wastime contain security vulnerabilities. These vulnerabilities stem from the allocation logic of WebAssembly tables, which involves arithmetic operations. Overflow...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

PostgreSQL SQL注入漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4, 17.10, 16.14, 15.18, and...

8.8CVSS6.5AI score0.00378EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Security vulnerabilities existed in versions prior to PostgreSQL...

7.5CVSS5.9AI score0.00471EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Security vulnerabilities existed in versions prior to PostgreSQL...

8.8CVSS6AI score0.00464EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

PostgreSQL SQL注入漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4 and 17.10 contained an SQL...

7.2CVSS6.1AI score0.00287EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Security vulnerabilities existed in versions prior to PostgreSQL...

6.5CVSS5.9AI score0.00558EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Vulnerabilities existed in versions prior to PostgreSQL 18.4,...

8.8CVSS5.9AI score0.00324EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

PostgreSQL 输入验证错误漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4, 17.10, 16.14, 15.18, and...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.16 views

OpenStack Ironic 安全漏洞

OpenStack Ironic is an integrated OpenStack application developed under the OpenStack open source framework. It is used to configure bare machines rather than virtual machines. OpenStack Ironic versions 35.x and earlier contained a security vulnerability caused by an infinite loop in the...

4.3CVSS5.8AI score0.00466EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

Im Park DijiDemi 安全漏洞

Im Park DijiDemi is an educational software developed by Im Park Company in Turkey. Versions of Im Park DijiDemi from 4.5.12.1 to 4.5.13.0 had security vulnerabilities. These vulnerabilities were caused by authorization bypasses due to user control keys, which could lead to permission abuse...

6.8CVSS5.8AI score0.00219EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Fleet 信任管理问题漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, and MDM operations. Versions of Fleet prior to 4.81.0 contained a trust...

8.2CVSS5.8AI score0.00214EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

WordPress plugin InfusedWoo Pro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

9.8CVSS5.8AI score0.00439EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

STEL Order 安全漏洞

STEL Order is an ERP, CRM, and online billing management platform developed by the Spanish company STEL for small and medium-sized enterprises. Versions of STEL Order prior to 3.25.1 contained a security vulnerability. This vulnerability stemmed from improper handling of the employeeID parameter,...

7.1CVSS5.8AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.29 views

WordPress plugin LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.8AI score0.00423EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

WordPress plugin Burst Statistics – Privacy-Friendly WordPress Analytics 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

9.8CVSS5.9AI score0.14608EPSS
Exploits10References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

PostgreSQL 格式化字符串错误漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4, 17.10, 16.14, 15.18, and...

4.3CVSS5.9AI score0.00208EPSS
Exploits0References2
Total number of security vulnerabilities195539