Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE 16.0 to 18.9.7, 18.10...

8.1CVSS5.9AI score0.00311EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE from 9.0 to 18.9.7, a...

7.5CVSS5.9AI score0.00355EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.16 views

Yordam Library Automation System 安全漏洞

Yordam Library Automation System is an application developed by Yordam Corporation. Versions of the Yordam Library Automation System from v.21.6 to v.22.1 had security vulnerabilities. These vulnerabilities were caused by user-controlled keys that allowed unauthorized access to authorization...

8.8CVSS5.8AI score0.00298EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. There were security vulnerabilities in versions of GitLab EE from 11.10...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

HRConvert2 操作系统命令注入漏洞

HRConvert2 is a self-hosted, drag-and-drop file conversion and sharing tool developed by Justin Grimes. Versions of HRConvert2 prior to 3.3.8 had an operating system command injection vulnerability. This vulnerability stemmed from the sanitizeString function not filtering escaped quotes and tabs,...

9.3CVSS5.9AI score0.00297EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.16 views

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 contained security vulnerabilities. These vulnerabilities stemmed from an unlimited file upload feature in the plugin...

8.6CVSS6AI score0.00403EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

Cisco Catalyst SD-WAN Manager和Cisco Catalyst SD-WAN Controller 授权问题漏洞

Cisco Catalyst SD-WAN Manager Cisco SD-WAN vManage and Cisco Catalyst SD-WAN Controller are both products of the American company Cisco. Cisco Catalyst SD-WAN Manager is a highly customizable dashboard that can simplify and automate the deployment, configuration, management, and operation of Cisc...

10CVSS6.1AI score0.88496EPSS
Exploits4References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

soundcloud-rpc 输入验证错误漏洞

soundcloud-rpc is a music client developed by Richard Habitzreuter, which supports Discord state synchronization and ad blocking. Versions of soundcloud-rpc prior to 0.1.8 had a vulnerability related to input validation errors. This vulnerability stemmed from the execution of song titles containi...

9.6CVSS6AI score0.00336EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions of GitLab CE/EE from 15.1 ...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

WordPress plugin Meta Field Block 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00156EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Foscam VD1 Video Doorbell 安全漏洞

The Foscam VD1 Video Doorbell is a smart video doorbell from the American company Foscam, capable of supporting high-definition video surveillance and two-way voice communication. Versions of the Foscam VD1 Video Doorbell prior to V5.3.131072 contained security vulnerabilities. These...

5.3CVSS5.8AI score0.00131EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Vulnerabilities existed in versions prior to PostgreSQL 18.4,...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Gotenberg 代码问题漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.32.0 contained code vulnerabilities. These vulnerabilities stemmed from the Chromium URL-to-PDF endpoint, which lacked defaul...

8.6CVSS5.9AI score0.00313EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

OneDev 路径遍历漏洞

OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. Versions of OneDev prior to 15.0.2 had a...

7.1CVSS5.9AI score0.00319EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Katalyst Koi 代码问题漏洞

Katalyst Koi is an open-source framework developed by Katalyst Interactive for building and managing backend features. Versions of Katalyst Koi prior to 4.20.0 and 5.6.0 contained code vulnerabilities. These vulnerabilities stemmed from the fact that the administrator session cookie did not expir...

7.4CVSS5.9AI score0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

AMD Processors 安全漏洞

AMD Processors are a series of processors developed by American semiconductor company AMD. There are security vulnerabilities in AMD Processors, which stem from improper permission management. These vulnerabilities could allow attackers to exchange tokens and download sensitive keys, enabling...

6CVSS5.8AI score0.0017EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Universal Tool Calling Protocol 操作系统命令注入漏洞

Universal Tool Calling Protocol is an official Python implementation of the UTCP open-source protocol. Versions prior to 1.1.3 of Universal Tool Calling Protocol contained a vulnerability related to operating system command injection. This vulnerability stemmed from the substituteutcpargs method...

8.3CVSS5.8AI score0.00272EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

PyTorch Lightning 安全漏洞

PyTorch Lightning is an open-source deep learning model pre-training and fine-tuning framework developed by Lightning AI. Version 2.6.2 and 2.6.2 of PyTorch Lightning contain security vulnerabilities, which stem from the introduction of features similar to those used in credential collection...

9.8CVSS5.8AI score0.00392EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Tuist 安全漏洞

Tuist is an open-source platform for team collaboration and performance optimization in Swift application development. Tuist versions 1.180.8 and earlier have security vulnerabilities. These vulnerabilities stem from the DELETE endpoint not verifying whether the preview belongs to an item within...

7.1CVSS5.8AI score0.00226EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

ex_webrtc 信任管理问题漏洞

exwebrtc is an open-source WebRTC library based on Elixir language, developed by Elixir WebRTC. Versions of exwebrtc prior to 0.15.1 and 0.16.1 contained a trust management vulnerability. This vulnerability stemmed from the lack of peer certificate fingerprint verification in the DTLS client role...

8.7CVSS5.8AI score0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

ZITADEL 注入漏洞

ZITADEL is an open-source identity and access management platform developed by ZITADEL in Switzerland. Versions of ZITADEL from 2.71.11 up to 3.4.10, as well as version 4.15.0, had a vulnerability related to injection attacks. This vulnerability stemmed from improper escaping of user-provided...

7.5CVSS5.7AI score0.00479EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Tuist 安全漏洞

Tuist is an open-source platform for team collaboration and performance optimization in Swift application development. Versions of Tuist prior to 1.180.10 contained security vulnerabilities. These vulnerabilities stemmed from the lack of server-side rate limiting in the forgot password process,...

6.9CVSS5.8AI score0.00288EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

MCP Registry 安全漏洞

MCP Registry is an open-source MCP server application store developed by Model Context Protocol. Versions of MCP Registry prior to 1.7.9 contained security vulnerabilities. These vulnerabilities stemmed from OCI ownership verification skipping tag matching checks during HTTP 429 requests, which...

3.5CVSS5.8AI score0.00206EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Guardian 访问控制错误漏洞

Guardian is a policy-based digital asset management and verification platform developed by Hedera. Versions of Guardian 3.5.1 and earlier contained an access control vulnerability. This vulnerability stemmed from a authentication bypass in the GET /api/v1/demo/registered-users endpoint, which cou...

6.9CVSS5.8AI score0.00356EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

MCP Registry 代码问题漏洞

MCP Registry is an open-source MCP server application store developed by Model Context Protocol. Versions of MCP Registry prior to 1.7.7 contained code vulnerabilities. These vulnerabilities stemmed from HTTP-based namespace verification, which used safeDialContext to dial private/internal...

6.3CVSS6AI score0.00285EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Crabbox 代码注入漏洞

Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.12.0 contained a code injection vulnerability. This vulnerability stemmed from a lax list of allowed environment variables, allowing attackers who access...

9.3CVSS6.4AI score0.00742EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

MCP Registry 代码问题漏洞

MCP Registry is an open-source MCP server application store developed by Model Context Protocol. Versions of MCP Registry prior to 1.7.6 contained code-related vulnerabilities. These vulnerabilities stemmed from the OIDC process on both the client and server sides being tied only to a global...

4.7CVSS5.9AI score0.00219EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

OpenImageIO 缓冲区错误漏洞

OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and supports a wide range of image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a buffer error vulnerability. This vulnerability stemmed from...

5.5CVSS6AI score0.00177EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

OpenImageIO 安全漏洞

OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and a large number of supported image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained security vulnerabilities. These vulnerabilities were caused by...

8.5CVSS6AI score0.00188EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

OpenImageIO 输入验证错误漏洞

OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and supports a wide range of image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a input validation vulnerability. This vulnerability stemmed from the...

7.8CVSS6.1AI score0.00173EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

OpenImageIO 缓冲区错误漏洞

OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and supports a wide range of image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a buffer error vulnerability. This vulnerability stemmed from the RLE...

8.4CVSS6.1AI score0.00173EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

OpenImageIO 缓冲区错误漏洞

OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and a large number of supported image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a buffer error vulnerability. This vulnerability stemmed from the...

8.4CVSS6.2AI score0.00126EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Silicon Labs RS9116 SDK 安全漏洞

Silicon Labs RS9116 SDK is an embedded development toolkit developed by Silicon Labs Corporation for wireless connectivity modules. The Silicon Labs RS9116 SDK has a security vulnerability, which stems from the time limit of HRNG when power saving mode is enabled, resulting in predictable values...

7.4CVSS5.8AI score0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Fleet 操作系统命令注入漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.81.0 contained a...

9.8CVSS6.1AI score0.00773EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Fleet 输入验证错误漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Prior to Fleet 4.81.0, there was a vulnerability relate...

8.7CVSS5.8AI score0.00372EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.8 views

SiYuan 跨站脚本漏洞

SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.7.0 contained a cross-site scripting vulnerability. This vulnerability occurred because the Bazaar marketplace rendered field names and version fields without proper HTML escaping, whi...

9CVSS5.7AI score0.00361EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

SiYuan 授权问题漏洞

SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.7.0 had an authorization issue vulnerability. This vulnerability stemmed from the lack of administrator and read-only permission checks for the POST /api/tag/getTag endpoint, which cou...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Live Helper Chat 安全漏洞

Live Helper Chat is an open-source plugin developed by Live Helper Chat developers, designed to provide chat functionality for web platforms. Version 4.84 of Live Helper Chat contains a security vulnerability. This vulnerability stems from the REST API chat update endpoint, which allows users to...

8.1CVSS5.8AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Gradient 访问控制错误漏洞

Gradient is a modern Nix continuous integration system developed by Wavelens. Version 1.1.0 of Gradient contains an access control vulnerability caused by unvalidated registration credentials. This vulnerability allows attackers to register as working nodes and access arbitrary storage paths...

9.4CVSS5.9AI score0.00157EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

nuxt-og-image 代码问题漏洞

nuxt-og-image is a tool developed by Nuxt Modules for generating social media previews for Nuxt applications. Versions of nuxt-og-image from 6.2.5 to 6.4.9 had code issues and vulnerabilities. These vulnerabilities stemmed from an incomplete blocklist for the isBlockedUrl function, which could le...

3.7CVSS5.9AI score0.00171EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

SiYuan 跨站脚本漏洞

SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the tooltip handler not properly escaping the aria-label attribute, which could lead to cross-site...

9.4CVSS5.9AI score0.00509EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

Note Mark 输入验证错误漏洞

Note Mark is a web-based Markdown note-taking application developed by Leo Spratt. Versions of Note Mark from 0.13.0 to 0.19.4 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of cleaning and validation of asset file names, which could lead to...

8.6CVSS5.9AI score0.00495EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

Strapi 路径遍历漏洞

Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi from 4.0.0 to 5.37.0 had a path traversal vulnerability. This vulnerability stemmed from insufficient cleanup of query parameters when filtering content using relationship fields...

9.2CVSS5.8AI score0.00612EPSS
Exploits5References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Strapi 代码问题漏洞

Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 5.33.3 had code vulnerabilities. These vulnerabilities stemmed from a flaw in the Content API endpoint of the Upload plugin, which did not enforce the MIME type...

5.4CVSS5.9AI score0.00195EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Strapi SQL注入漏洞

Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 4.26.1 and 5.33.2 contained a SQL injection vulnerability. This vulnerability stemmed from the Content-Type Builder API’s database query injection mechanism. This allowe...

9.3CVSS6.6AI score0.01178EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

hatchet 安全漏洞

Hatchet is an open-source backend task and AI workflow orchestration engine developed by Hatchet. Versions of Hatchet prior to 0.83.39 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization instructions for the GET /api/v1/stable/dags/tasks endpoint,...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

Mongoose 注入漏洞

Mongoose is an open-source MongoDB object modeling framework developed by Automattic. It is designed to work in asynchronous environments. Prior to versions 6.13.9, 7.8.9, 8.22.1, and 9.1.6, Mongoose had an injection vulnerability. This vulnerability stemmed from bypassing the sanitizeFilter quer...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

Distribution 安全漏洞

Distribution is an open-source toolset developed by Distribution, used for packaging, transporting, storing, and delivering content. Versions of Distribution prior to 3.1.1 contained security vulnerabilities. These vulnerabilities stemmed from bypassing the storage.delete.enabled: false...

6.5CVSS5.8AI score0.00294EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Valtimo 日志信息泄露漏洞

Valtimo is an open-source low-code platform for business process automation developed by Valtimo in the Netherlands. Versions 12.4.0 to 12.33.0 and 13.26.0 of Valtimo have a vulnerability related to log information leakage. This vulnerability stems from the LoggingRestClientCustomizer automatical...

7.6CVSS5.8AI score0.002EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Nextcloud News app 代码问题漏洞

The Nextcloud News app is an RSS/Atom news aggregator developed by Nextcloud as open source. Versions of the Nextcloud News app prior to 28.3.0-beta.1 contained code vulnerabilities. These vulnerabilities stemmed from the lack of verification of the feed URL provided by users, which could lead to...

2.3CVSS5.9AI score0.00185EPSS
Exploits0References1
Total number of security vulnerabilities195539