Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/14 12:0 a.m.17 views

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.32.0 contained security vulnerabilities. These vulnerabilities stemmed from timing issues in the DNS parsing of...

5.3CVSS5.8AI score0.00186EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.8 views

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.30.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability to bypass the blacklist for ExifTool...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Gotenberg 操作系统命令注入漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.31.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from insufficient...

9.8CVSS5.8AI score0.0295EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

DevSpace 信息泄露漏洞

DevSpace is a client developer tool for cloud-native development using Kubernetes, developed by DevSpace Inc. Versions prior to DevSpace 6.3.21 contained an information leakage vulnerability. This vulnerability stemmed from the UI server’s WebSocket feature, which accepts connections from all...

7.8CVSS5.8AI score0.00152EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

MagicMirror 代码问题漏洞

MagicMirror is an open-source modular smart mirror platform developed by MagicMirror. Versions of MagicMirror prior to 2.36.0 had code vulnerabilities. These vulnerabilities stemmed from unauthorized server-side request forgery through the /cors endpoint, which could allow any remote attacker to...

9.2CVSS6AI score0.01623EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Flowsint 跨站脚本漏洞

Flowsint is an open-source intelligence visualization tool developed by reconurge. Versions of Flowsint prior to 1.2.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from node descriptions containing arbitrary HTML, allowing remote attackers to create nodes with...

5.4CVSS5.8AI score0.00192EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.31.0 contained security vulnerabilities. These vulnerabilities stemmed from a flaw where only whether the tag was “FileName”...

8.2CVSS5.8AI score0.00347EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

vCluster Platform 跨站脚本漏洞

vCluster Platform is an open-source virtual cluster manager developed by vCluster. Versions prior to vCluster Platform 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-type cross-site scripting in the name field of the...

9CVSS5.8AI score0.00312EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 contained security vulnerabilities. These vulnerabilities stemmed from the Base::init function being repeatedly called ...

7.1CVSS5.8AI score0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Apache Commons 安全漏洞

Apache Commons is an Apache project focused on reusable Java components, developed by the Apache Foundation in the United States. There were security vulnerabilities in versions of Apache Commons from 2.2 to 2.15.0. These vulnerabilities stemmed from uncontrolled recursion when processing YAML...

5.3CVSS5.9AI score0.00487EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

simdjson 输入验证错误漏洞

Simdjson is an open-source, high-performance JSON parsing library developed by Simdjson. Versions of Simdjson prior to 4.6.4 contained a vulnerability related to input validation errors. This vulnerability stemmed from the stringbuilder::escapeandAppend function, which had an integer overflow whe...

6.9CVSS6AI score0.00279EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

WordPress plugin MW WP Form 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00351EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

WordPress plugin My Calendar – Accessible Event Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00341EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

Spring Cloud AWS 数据伪造问题漏洞

Spring Cloud AWS is an open-source development framework from awspring, designed for integration with AWS cloud services within the Spring ecosystem. Versions 3.0.0 to 4.0.1 of Spring Cloud AWS contain a data manipulation vulnerability. This vulnerability stems from the lack of validation of the...

6.3CVSS5.7AI score0.00179EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.16 views

Vvveb 跨站脚本漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s developers, used for building websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 had a cross-site scripting vulnerability. This vulnerability stemmed from the Signup::addUser controller in the customer registratio...

6.1CVSS5.8AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

Plug 安全漏洞

Plug is an open-source web application middleware and connection specification library developed by elixir-plug, targeting the Elixir ecosystem. Versions of Plug prior to 1.15.4, 1.16.3, 1.17.1, 1.18.2, and 1.19.2 contain security vulnerabilities. These vulnerabilities stem from unlimited buffer...

8.2CVSS6AI score0.0062EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

SOGo SQL注入漏洞

SOGo is a very fast and scalable modern collaboration suite open source by Alinto. It offers calendar management, address book management, a fully functional webmail client, as well as features for resource sharing and permission handling. Versions of SOGo prior to 5.12.7 had an SQL injection...

7.1CVSS5.8AI score0.00239EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

java-webauthn-server 安全漏洞

java-webauthn-server is a Java server-side web authentication library developed by Yubico. There were security vulnerabilities in versions of java-webauthn-server from 2.8.0 to 2.8.2. These vulnerabilities stemmed from incorrect check functions that accessed return values during the second-factor...

7.5CVSS5.8AI score0.00308EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

OpenImageIO 缓冲区错误漏洞

OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and supports a wide range of image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a buffer error vulnerability. This vulnerability stemmed from a signe...

8.8CVSS6AI score0.00371EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions of GitLab CE/EE between 18...

7.5CVSS5.8AI score0.00354EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Akıllı E-Commerce Website 安全漏洞

Akıllı E-Commerce Website is an e-commerce website system developed by the Turkish company Akıllı, aimed at online retail and digital sales scenarios. Versions of Akıllı E-Commerce Website prior to 4.5.001 contained security vulnerabilities. These vulnerabilities were caused by an authorization...

9.8CVSS5.8AI score0.00426EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.39 views

Strapi 安全漏洞

Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 5.45.0 contained security vulnerabilities. These vulnerabilities stemmed from a rate-limiting mechanism in the users-permissions plugin, which derived rate-limiting keys...

6.9CVSS6AI score0.00492EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

WordPress plugin Fluent Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.2CVSS5.8AI score0.00234EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

WordPress plugin Database Backup for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.1CVSS5.8AI score0.00464EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.20 views

WordPress plugin Essential Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.5CVSS5.8AI score0.00238EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

KDDI あんしんフィルター for au 安全漏洞

KDDI AnShin Filter for au is a content filtering and parental control service provided by the KDDI company for mobile devices. KDDI AnShin Filter for au has a security vulnerability. This vulnerability stems from the transmission of sensitive information in plaintext, which may allow intermediate...

6.3CVSS5.8AI score0.00092EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the possibility of sensitive information being included in URL parameters, potentially leading to leaks through browser history, logs, or intermediate syste...

2.6CVSS5.8AI score0.00115EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

OpenImageIO 输入验证错误漏洞

OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and supports a wide range of image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a vulnerability related to input validation errors. This vulnerabilit...

8.3CVSS6.3AI score0.0037EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

Crabbox 授权问题漏洞

Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.12.0 contained an authorization vulnerability. This vulnerability stemmed from an authentication bypass, allowing non-administrator token callers to impersona...

8.8CVSS6.4AI score0.00361EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Nerdbank.MessagePack 安全漏洞

Nerdbank.MessagePack is a .NET platform-specific MessagePack serialization library developed by Andrew Arnott. Versions of Nerdbank.MessagePack prior to 1.1.62 contained security vulnerabilities. These vulnerabilities stemmed from uncontrolled stack allocation during DateTime decoding. Malicious...

7.5CVSS5.8AI score0.00358EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

WordPress plugin Motors 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00256EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

SiYuan 跨站脚本漏洞

SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan from 2.1.12 to 3.7.0 had a cross-site scripting vulnerability. This vulnerability stemmed from unescaped metadata in the Bazaar marketplace rendering packages, which could lead to storage-based...

8.3CVSS5.9AI score0.00307EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

OpenBao 安全漏洞

OpenBao is an open-source sensitive data management software developed by OpenBao. Versions of OpenBao prior to 2.5.3 contained security vulnerabilities. These vulnerabilities arose from failures in deleting the initial namespace; subsequent retries failed to properly delete all data, potentially...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the use of basic authorization tokens for authentication. This vulnerability may lead to credentials being intercepted or abused...

3CVSS5.8AI score0.00137EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

GitLab 代码问题漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were code-related vulnerabilities in versions of GitLab EE betwee...

7.5CVSS5.9AI score0.00331EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

gst-plugins-good 数字错误漏洞

GStreamer-plugins-good is a GStreamer plugin developed under open source. Versions of GStreamer-plugins-good prior to 1.28.2 contained a numerical error vulnerability. This vulnerability stemmed from the qtdemuxaudiocaps function in the isomp4 plugin, which did not properly validate atomic data...

9.1CVSS5.8AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

Verint Verba 跨站脚本漏洞

Verint Verba is an enterprise-level compliance communication recording and interaction archiving platform developed by Verint Corporation in the United States. Verint Verba has a cross-site scripting vulnerability. This vulnerability stems from a lack of input sanitization in the login logging...

6.1CVSS5.7AI score0.00205EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.22 views

Akıllı E-Commerce Website SQL注入漏洞

Akıllı E-Commerce Website is an e-commerce website system developed by the Turkish company Akıllı, aimed at online retail and digital sales scenarios. Versions of Akıllı E-Commerce Website prior to 4.5.001 contained a SQL injection vulnerability. This vulnerability stemmed from improper...

9.8CVSS5.9AI score0.00358EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

WordPress plugin WP Encryption 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 跨站脚本漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.11.3 contained a cross-site...

5.4CVSS6.1AI score0.00192EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

STIGQter 路径遍历漏洞

STIGQter is a compliance checklist generation and reporting tool developed by Jon Hood. Versions of STIGQter from 0.1.2 to 1.2.7 contained a path traversal vulnerability. This vulnerability occurred when processing malicious.stigqter files, allowing attackers to execute local code during the user...

8.4CVSS6AI score0.00151EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

mdserver-web 操作系统命令注入漏洞

mdserver-web is a Linux server management panel developed by Mr. Chen. Versions 0.18.0 to 0.18.4 of mdserver-web contain an operating system command injection vulnerability. This vulnerability stems from the lack of authentication for the /modifycrond and /starttask interfaces, which may allow...

9.8CVSS5.9AI score0.01032EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

Yordam Library Automation System 代码注入漏洞

Yordam Library Automation System is an application developed by Yordam Corporation. Versions of Yordam Library Automation System from v.19.5 to v.22.1 had a code injection vulnerability. This vulnerability stemmed from improper control over code generation, which could allow remote code to be...

8.8CVSS6.1AI score0.00246EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from incorrect configuration of certain security-related HTTP response headers. This issue may reduce the effectiveness of browser-based security controls and...

2.3CVSS5.8AI score0.00106EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

SiYuan 授权问题漏洞

SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.7.0 had an authorization issue vulnerability. This vulnerability stemmed from the lack of administrator and read-only permission checks for 8 API endpoints, which could lead to...

7.2CVSS5.8AI score0.00207EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the lack of adequate brute-force attack protection measures. This vulnerability may lead to repeated authentication attempts, potentially resulting in...

5.4CVSS5.8AI score0.00175EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the possibility of exposing sensitive details related to backend infrastructure. This could lead to the disclosure of internal system architecture or...

5.1CVSS5.8AI score0.00109EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

WordPress plugin CC Child Pages 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00156EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 跨站请求伪造漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE from 11.10 to 18.9.7, from 18.10 to 18.10.6, and...

6.5CVSS5.7AI score0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Comarch ERP Optima 信任管理问题漏洞

Comarch ERP Optima is an ERP and financial management system for small and medium-sized enterprises developed by the Polish company Comarch. Versions of Comarch ERP Optima prior to 2026.4 contained a vulnerability related to trust management. This vulnerability stemmed from the use of hard-coded...

8.7CVSS5.9AI score0.00229EPSS
Exploits0References1
Total number of security vulnerabilities195539