Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Schneider Electric Ecostruxure Machine Expert HVAC 安全漏洞

Schneider Electric Ecostruxure Machine Expert HVAC is a software platform developed by Schneider Electric, a French company, dedicated to the control and automation of heating, ventilation, and air conditioning equipment. Schneider Electric Ecostruxure Machine Expert HVAC has a security...

7.5CVSS5.8AI score0.00125EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Prior to PostgreSQL 18.4, there was a security vulnerability...

4.3CVSS6AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

WordPress plugin GLS Shipping for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.1CVSS5.6AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Northern.tech CFEngine Enterprise 跨站脚本漏洞

Northern.tech CFEngine Enterprise is a multi-functional solution provided by Northern.tech, designed for automatically performing daily tasks. Versions prior to 3.21.8, 3.24.3, and 3.27.0 of Northern.tech CFEngine Enterprise contained a cross-site scripting vulnerability. This vulnerability stemm...

6.1CVSS5.7AI score0.00166EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

SOGo SQL注入漏洞

SOGo is a highly fast and scalable modern collaboration suite open source by Alinto. It offers calendar management, address book management, a fully functional webmail client, as well as features for resource sharing and permission handling. Versions of SOGo prior to 5.12.7 had an SQL injection...

7.1CVSS5.8AI score0.00239EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

WordPress plugin Database Backup for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

WordPress plugin LatePoint 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.00105EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

GitLab 跨站脚本漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Versions of GitLab prior to 18.9.7, 18.10.6, and 18.11.3 contained a...

8.7CVSS6AI score0.00256EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

Cisco Catalyst SD-WAN Manager(Cisco SD-WAN vManage) 安全漏洞

Cisco Catalyst SD-WAN Manager is a highly customizable dashboard provided by Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. There is a security vulnerability present in Cisco Catalyst SD-WAN Manager. This vulnerability stems from the...

5.4CVSS5.8AI score0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Backstage 安全漏洞

Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 0.6.11 contained security vulnerabilities. These vulnerabilities stemmed from the lack of enforceable permission checks for entity retrieval...

4.3CVSS5.8AI score0.0017EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

WordPress plugin InfusedWoo Pro 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS6AI score0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability; this vulnerability stems from the possibility of sensitive information being transmitted through insecure HTTP channels during backend services, which could lead to the...

4.3CVSS5.8AI score0.0008EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Microsoft Authenticator 信息泄露漏洞

Microsoft Authenticator is an application for multi-factor authentication developed by Microsoft Corporation in the United States. There is an information leakage vulnerability in Microsoft Authenticator. This vulnerability stems from the exposure of sensitive information to unauthorized...

9.6CVSS5.8AI score0.00559EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

ClipBucket SQL注入漏洞

ClipBucket is an open-source PHP script developed by MacWarrior. It is available for free download and used to host video websites. Versions of ClipBucket prior to 5.5.3 – version 122 – contained a SQL injection vulnerability. This vulnerability occurred due to the lack of parameterization of the...

7.1CVSS5.9AI score0.00203EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

WordPress plugin Bold Page Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.9AI score0.00156EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

AMD Processors 访问控制错误漏洞

AMD Processors are a series of processors developed by American semiconductor company AMD. AMD Processors have a vulnerability related to access control, which stems from the lack of authentication at the key download endpoint. This allows unauthorized attackers to retrieve sensitive keys using a...

6.3CVSS5.8AI score0.00321EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability; this vulnerability arises from certain operations that may trigger interactions with external parties, potentially leading to the accidental disclosure of sensitive...

5.1CVSS5.8AI score0.00109EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

WordPress plugin Media Sync 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.5CVSS5.8AI score0.00526EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

WordPress plugin Career Section 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

9.8CVSS6.2AI score0.00665EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Yordam Library Automation System 安全漏洞

Yordam Library Automation System is an application developed by Yordam Corporation. Versions of the Yordam Library Automation System from v.19.5 to v.22.1 contained security vulnerabilities. These vulnerabilities were caused by incorrect authorization settings, which could lead to exploitation of...

8.8CVSS5.8AI score0.00216EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

WordPress plugin InfusedWoo Pro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.0029EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

GitLab 代码注入漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were code injection vulnerabilities in versions of GitLab CE/EE...

5.4CVSS5.9AI score0.00176EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.7 views

WordPress plugin MapGeo – Interactive Geo Maps 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.1CVSS5.7AI score0.00204EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

WordPress plugin Unlimited Elements for Elementor SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.5CVSS6AI score0.00492EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

WordPress plugin ManageWP Worker 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS5.8AI score0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

MCP Registry 输入验证错误漏洞

MCP Registry is an open-source MCP server store developed by Model Context Protocol. Versions 1.1.0 to 1.7.4 of MCP Registry contain a vulnerability related to input validation. This vulnerability stems from an open redirection attack conducted by TrailingSlashMiddleware. Attackers can construct...

5.8AI score0.00409EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. Vulnerabilities exist in versions of GitLab CE/EE 16.7 to 18.9.7, 18.10...

4.3CVSS5.9AI score0.00199EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Ruby CSS Parser 信任管理问题漏洞

Ruby CSS Parser is an open-source tool developed by premailer, used for loading, parsing, and cascading CSS rule sets. Versions of Ruby CSS Parser prior to 2.1.0 and 1.22.0 had a trust management vulnerability. This vulnerability stemmed from unvalidated HTTPS connections, where connections were...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

WordPress plugin Database Backup for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.8AI score0.00488EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

APPYAP Yaay Social Media App 安全漏洞

APPYAP Yaay Social Media App is a mobile social application developed by the Turkish company APPYAP. It supports sharing short videos and social interactions. There are security vulnerabilities in the version 3.8.0 to 24102025 of the APPYAP Yaay Social Media App. These vulnerabilities stem from...

8.8CVSS5.8AI score0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Gotenberg 代码问题漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.32.0 had code vulnerabilities. These vulnerabilities stemmed from the LibreOffice conversion endpoint not checking the conten...

8.2CVSS5.9AI score0.00245EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

PrestaShop 跨站脚本漏洞

PrestaShop is an open-source e-commerce solution developed by the PrestaShop company in the United States. This solution offers various payment methods, SMS notifications, and features like image scaling for products. Versions of PrestaShop prior to 8.2.6 and 9.1.1 contained a cross-site scriptin...

9.3CVSS5.7AI score0.00331EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

PoDoFo 资源管理错误漏洞

PoDoFo is a free, portable C++ library open sourced by PoDoFo. Versions of PoDoFo from 1.0.0 to 1.0.4 had a resource management bug. This bug stemmed from a double release in the computehashtosign function. When the EVPDigestFinal function failed after the buf had already been released, the error...

2.5CVSS5.8AI score0.00096EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

podinfo 跨站脚本漏洞

Podinfo is a Kubernetes microservice template developed by Stefan Prodan. Versions of Podinfo 6.11.2 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the echoHandler did not set a clear Content-Type or X-Content-Type-Options header on the...

6.1CVSS5.8AI score0.00195EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Cisco Catalyst SD-WAN Manager 输入验证错误漏洞

Cisco Catalyst SD-WAN Manager is a highly customizable dashboard provided by the American company Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. There is an input validation vulnerability in Cisco Catalyst SD-WAN Manager, which stems...

8.6CVSS6AI score0.00696EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE 18.9.1 to 18.9.7, 18....

6.5CVSS5.9AI score0.00291EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

WordPress plugin Taskbuilder SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Nuvoton NPCT7xx 安全漏洞

Nuvoton NPCT7xx is a series of TPM security controllers developed by Nuvoton Corporation in Taiwan, China, aimed at trusted computing and platform security management. Nuvoton NPCT7xx has security vulnerabilities, which stem from side-channel attacks and may lead to the extraction of elliptic cur...

3.8CVSS5.8AI score0.00117EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the lack of mandatory encryption for certain data transmissions or operations. This vulnerability may lead to sensitive information being intercepted under...

5.4CVSS5.8AI score0.00049EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

libsixel 输入验证错误漏洞

Libsixel is a software package developed by Hayaki Saito, which provides encoding/decoding implementations for DEC SIXEL graphics and other conversion programs. Versions of Libsixel 1.8.7-r1 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from ...

7.1CVSS6AI score0.0016EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

libsixel 代码问题漏洞

Libsixel is a software package developed by Hayaki Saito, which provides encoding/decoding implementations for DEC SIXEL graphics and other conversion programs. Versions of Libsixel 1.8.7-r1 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect NULL checks after...

2.5CVSS5.9AI score0.00131EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions of GitLab CE/EE between 18...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the use of autocompletion features for certain input fields. This may lead to sensitive information being stored in the browser, potentially causing...

2.6CVSS5.8AI score0.00115EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

Gotenberg 代码问题漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.31.0 contained code vulnerabilities. These vulnerabilities stemmed from the default rejection list using regular expressions...

9.4CVSS5.9AI score0.00352EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

AMD AIM-T Manageability Service 代码问题漏洞

AMD AIM-T Manageability Service is an industrial-grade remote device management service provided by American semiconductor company AMD. It supports operations and maintenance of edge computing nodes. There are code vulnerabilities in AMD AIM-T Manageability Service. These vulnerabilities stem fro...

7CVSS6AI score0.00109EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

ntopng 输入验证错误漏洞

ntopng is a web-based network traffic monitoring application developed by ntop. ntopng has a vulnerability related to input validation, which stems from URL redirection to untrusted sites...

4.3CVSS5.8AI score0.00166EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Crabbox 安全漏洞

Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.12.0 contained security vulnerabilities. These vulnerabilities were due to insufficient access control checks, allowing users with access through shared...

8.6CVSS6.5AI score0.00338EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.16 views

Fleet 安全漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.80.1 contained security...

6.9CVSS5.8AI score0.0043EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE 17.6 to 18.9.7, 18.10...

4.3CVSS5.9AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE 18.3 to 18.9.7, 18.10...

4.3CVSS5.9AI score0.00228EPSS
Exploits0References1
Total number of security vulnerabilities195539