Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Docling Graph 输入验证错误漏洞

Docling Graph is a structured data processing tool developed by the Docling Project, which converts document content into knowledge graphs. Versions of Docling Graph prior to 1.5.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation...

5.7CVSS5.8AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Silicon Labs RS9116 SDK 安全漏洞

Silicon Labs RS9116 SDK is an embedded development toolkit developed by Silicon Labs Corporation for wireless connectivity modules. The Silicon Labs RS9116 SDK has a security vulnerability, which stems from the time limit of HRNG when power saving mode is enabled, resulting in predictable values...

7.4CVSS5.8AI score0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.16 views

diffusers 代码注入漏洞

Diffusers is an open-source diffusion model library developed by Hugging Face for generating images, audio, and 3D molecular structures. Versions of Diffusers prior to 0.38.0 contained a code injection vulnerability, which was caused by improper handling of the custompipeline parameter, potential...

8.8CVSS6.1AI score0.00562EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Guardian 访问控制错误漏洞

Guardian is a policy-based digital asset management and verification platform developed by Hedera. Versions of Guardian 3.5.1 and earlier contained an access control vulnerability. This vulnerability stemmed from a authentication bypass in the GET /api/v1/demo/registered-users endpoint, which cou...

6.9CVSS5.8AI score0.00356EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.17 views

Fleet 安全漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.80.1 contained security...

7.5CVSS5.8AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

RMCP 访问控制错误漏洞

RMCP is an open-source Rust model context protocol SDK based on Tokio’s asynchronous runtime. Versions prior to RMCP 1.4.0 contained an access control vulnerability. This vulnerability stemmed from the Streamable HTTP server transmitting unvalidated incoming Host headers, allowing malicious publi...

8.8CVSS5.8AI score0.00213EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Fleet 安全漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, and MDM operations. Versions of Fleet prior to 4.82.0 contained security...

8.2CVSS5.8AI score0.00381EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.17 views

Strapi 代码问题漏洞

Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 5.33.3 had code vulnerabilities. These vulnerabilities stemmed from a lack of default functionality to invalidate existing refresh token sessions when a user’s password...

6.5CVSS5.9AI score0.00272EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

WordPress plugin User Registration & Membership 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00445EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Comarch ERP Optima 安全漏洞

Comarch ERP Optima is an ERP and financial management system for small and medium-sized enterprises developed by the Polish company Comarch. Versions of Comarch ERP Optima prior to 2026.4 contained security vulnerabilities. These vulnerabilities stemmed from the use of high-privilege accounts to...

7.5CVSS5.8AI score0.00114EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Security vulnerabilities exist in versions of GitLab EE from 16.10 to...

2.7CVSS5.9AI score0.00219EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

WordPress plugin Envira Gallery Lite 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.0035EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 contained security vulnerabilities. These vulnerabilities stemmed from the exposure of directory list information...

6.9CVSS5.8AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE from 13.7 to 18.9.7, ...

5.8CVSS5.9AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

OpenImageIO 输入验证错误漏洞

OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and supports a wide range of image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a input validation vulnerability. This vulnerability stemmed from a...

8.8CVSS5.9AI score0.00371EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

SiYuan 安全漏洞

SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.7.0 contained security vulnerabilities. These vulnerabilities were caused by ineffective access control for search APIs under certain deployment scenarios, which could lead to the...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.17 views

MCP Registry 跨站脚本漏洞

MCP Registry is an open-source MCP server application store developed by Model Context Protocol. Versions of MCP Registry prior to 1.7.7 contained a cross-site scripting vulnerability. This vulnerability originated from the public directory UI; server-side validation only checked whether the URL...

5.4CVSS5.8AI score0.00167EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

GitLab 代码问题漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were code-related vulnerabilities in versions prior to GitLab EE...

3.5CVSS5.9AI score0.00171EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

PostgreSQL SQL注入漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4 and 17.10 contained an SQL...

7.2CVSS6.1AI score0.00287EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Note Mark 加密问题漏洞

Note Mark is a web-based Markdown note-taking application developed by Leo Spratt. Versions of Note Mark prior to 0.19.4 contained a security vulnerability related to encryption. This vulnerability stemmed from the JWTSECRET configuration value not having a mandatory minimum length or entropy,...

10CVSS5.8AI score0.00124EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were security vulnerabilities in versions prior to GitLab EE...

4.3CVSS5.9AI score0.00146EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

WEBCON BPS 跨站脚本漏洞

WEBCON BPS is a low-code business process management and workflow automation platform developed by the Polish company WEBCON. Versions of WEBCON BPS prior to 2026.1.3.109 and 2025.2.1.293 contained a cross-site scripting vulnerability. This vulnerability stemmed from reflective cross-site scripti...

5.1CVSS5.8AI score0.0043EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

WordPress plugin InfusedWoo Pro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.1CVSS5.8AI score0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Security vulnerabilities existed in versions prior to PostgreSQL...

7.5CVSS5.9AI score0.00471EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 跨站脚本漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.11.3 contained a cross-site...

5.4CVSS6.1AI score0.00192EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Nextcloud News app 代码问题漏洞

The Nextcloud News app is an RSS/Atom news aggregator developed by Nextcloud as open source. Versions of the Nextcloud News app prior to 28.3.0-beta.1 contained code vulnerabilities. These vulnerabilities stemmed from the lack of verification of the feed URL provided by users, which could lead to...

2.3CVSS5.9AI score0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.16 views

FileBrowser Quantum 路径遍历漏洞

FileBrowser Quantum is a file manager developed by Graham Steffaniak. Versions prior to 1.3.1-stable and 1.3.9-beta contained a path traversal vulnerability. This vulnerability stemmed from the concatenation of trusted base paths before path cleaning, which could lead to directory traversal attac...

9.1CVSS5.8AI score0.00523EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

gittuf 安全漏洞

Gittuf is a cross-platform Git repository security protection tool developed by Gittuf. Versions of Gittuf prior to 0.14.0 contained security vulnerabilities. These vulnerabilities were due to a policy rollback issue, which could allow attackers to roll back the current policy to any previous...

4.9CVSS5.8AI score0.00198EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Cisco Catalyst SD-WAN Manager(Cisco SD-WAN vManage) 安全漏洞

Cisco Catalyst SD-WAN Manager Cisco SD-WAN vManage is a highly customizable dashboard provided by the American company Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. There is a security vulnerability present in Cisco Catalyst SD-WAN...

5.4CVSS5.8AI score0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Northern.tech CFEngine 安全漏洞

Northern.tech CFEngine is an IT infrastructure configuration management and automation framework developed by Northern.tech. There are security vulnerabilities in versions of Northern.tech CFEngine Enterprise and Community prior to 3.21.8, 3.24.3, and 3.27.0. These vulnerabilities stem from...

7.3CVSS5.8AI score0.0092EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Northern.tech CFEngine Enterprise 安全漏洞

Northern.tech CFEngine Enterprise is a multi-functional solution developed by Northern.tech, designed for automatically performing daily tasks. Versions prior to 3.21.8, 3.24.3, and 3.27.0 of Northern.tech CFEngine Enterprise contain security vulnerabilities due to incorrect access control...

5.3CVSS5.8AI score0.00208EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

PostgreSQL SQL注入漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4, 17.10, 16.14, 15.18, and...

8.8CVSS6.5AI score0.00378EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Prior to PostgreSQL 18.4, there was a security vulnerability...

4.3CVSS6AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Live Helper Chat 安全漏洞

Live Helper Chat is an open-source plugin developed by Live Helper Chat developers, designed to provide chat functionality for web platforms. Version 4.84 of Live Helper Chat contains a security vulnerability. This vulnerability stems from the REST API chat update endpoint, which allows users to...

8.1CVSS5.8AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

PostgreSQL SQL注入漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4, 17.10, and 16.14 have SQL...

8.8CVSS6.2AI score0.0018EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Note Mark 输入验证错误漏洞

Note Mark is a web-based Markdown note-taking application developed by Leo Spratt. Versions of Note Mark from 0.13.0 to 0.19.4 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of cleaning and validation of asset file names, which could lead to...

8.6CVSS5.9AI score0.00495EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

MCP Registry 代码问题漏洞

MCP Registry is an open-source MCP server application store developed by Model Context Protocol. Versions of MCP Registry prior to 1.7.7 contained code vulnerabilities. These vulnerabilities stemmed from HTTP-based namespace verification, which used safeDialContext to dial private/internal...

6.3CVSS6AI score0.00285EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.30.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability to bypass the blacklist for ExifTool...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

F5 BIG-IP 日志信息泄露漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a vulnerability related to log information leakage, which stems from...

7.1CVSS5.8AI score0.00277EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

AMD多款产品 安全漏洞

AMD EPYC is a high-performance server processor developed by American semiconductor company AMD. Several AMD products have security vulnerabilities. These vulnerabilities could allow local administrator attackers to gain arbitrary system management network access, potentially enabling them to...

8.5CVSS6.2AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Linbit csync2 安全漏洞

Linbit csync2 is a cluster synchronization tool developed by the Austrian company Linbit. It is primarily used to keep files synchronized across multiple hosts within a cluster. Linbit csync2 has a security vulnerability that stems from the use of insecure temporary directories during compilation...

5.1CVSS5.8AI score0.00075EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

WordPress plugin Broadstreet 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

vercel 信息泄露漏洞

Vercel is an open-source cloud platform for application development and deployment. Versions of Vercel from 50.16.0 to 52.0.0 have a vulnerability related to information leakage. This vulnerability arises when commands that cannot be executed autonomously are run in non-interactive mode. If...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP. This vulnerability stems from virtual...

8.7CVSS5.8AI score0.00324EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Corporation in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability that stems from TMOS Shell commands. This...

8.3CVSS6AI score0.00107EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

F5 NGINX Open Source 安全漏洞

F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway provided by the F5 company. There is a security vulnerability in F5 NGINX Open Source, which stems from the use of proxysetbody when configuring HTTP/2 traffic. This vulnerability may lead ...

6.3CVSS5.8AI score0.00339EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Palo Alto Networks PAN-OS 缓冲区错误漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a buffer overflow vulnerability in Palo Alto Networks PAN-OS, which stems from a buffer overflow during IKEv2 processing. This vulnerability could allow unauthenticated network...

9.2CVSS6.5AI score0.0031EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.14 views

protobuf.js 安全漏洞

protobuf.js is an open-source implementation of the Protocol Buffer library, written entirely in JavaScript. It supports protocols for Node.js and browsers using TypeScript. It’s easy to use, extremely fast, and can be used out of the box with.proto files. Versions prior to 7.5.8 and 8.2.0 of...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

vm2 安全漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 have security vulnerabilities; these vulnerabilities arise from the ability to bypass NodeVM’s...

9.9CVSS6.4AI score0.00974EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

Palo Alto Networks PAN-OS 数据伪造问题漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a vulnerability in Palo Alto Networks PAN-OS related to data manipulation, which stems from an authentication bypass mechanism. This vulnerability could allow unauthenticated...

9.2CVSS5.8AI score0.0044EPSS
Exploits3References1
Total number of security vulnerabilities195539