Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

JunoClaw 命令注入漏洞

JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions prior to JunoClaw 0.x.y-security-1 contained a command injection vulnerability. This vulnerability stemmed from the runcommand function in the plugin-shell, which wrapped the commands provided by the proxy within a...

8.4CVSS5.9AI score0.00151EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Nexent 安全漏洞

Nexent is an open-source zero-code AI smart agent automatic generation platform developed by ModelEngine-Group. Version 1.7.5.2 of Nexent contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the DELETE /indexname/documents...

9.1CVSS5.8AI score0.00413EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

HashiCorp Tooling 后置链接漏洞

HashiCorp Tooling is a series of software tools developed by HashiCorp Inc., aimed at infrastructure automation, cloud resource management, and security operations. Versions of HashiCorp Tooling prior to 0.42.0 contained a postback link vulnerability. This vulnerability stemmed from a sandbox pat...

4.7CVSS5.8AI score0.00109EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Open-WebSearch 代码问题漏洞

Open-WebSearch is a multi-engine web search and content retrieval tool developed by Aasee’s individual developers, without the need for an API key. Versions of Open-WebSearch prior to 2.1.7 had code vulnerabilities. These vulnerabilities stemmed from URL security checks not recognizing IPv6...

8.2CVSS5.9AI score0.00215EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

YAFNET SQL注入漏洞

YAFNET is an ASP.NET open-source forum solution developed by YAFNET’s individual developers. Versions of YAFNET prior to 4.0.5 contained a SQL injection vulnerability. This vulnerability stems from the OnPost handler redirection of responses after executing side effects, which could allow...

8.8CVSS6.1AI score0.00488EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

ChurchCRM 授权问题漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions 7.2.0 to 7.2.2 of ChurchCRM have vulnerabilities related to authorization. These vulnerabilities stem from incomplete fixes to the CVE-2026-4058 vulnerability, which may allow attackers to exploit the PoC Proof of Concept...

9.6CVSS5.8AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Warpgate 跨站请求伪造漏洞

Warpgate is a smart SSH, HTTPS, and MySQL BH developed by the warp-tech project for Linux. Versions of Warpgate prior to 0.23.3 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the SSO process not verifying the state parameter, which could allow attackers to...

6.5CVSS5.7AI score0.00133EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Flowsint 安全漏洞

Flowsint is an open-source intelligence visualization tool developed by reconurge. Versions of Flowsint prior to 1.2.3 contained a security vulnerability. This vulnerability stemmed from the ability of malicious node types to escape existing Cypher queries, potentially allowing remote attackers t...

7.1CVSS6.1AI score0.00285EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Statamic 安全漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. There were security vulnerabilities in versions prior to Statamic 5.73.21 and 6.15.0, where the password form’s respons...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.17 views

Hugo 路径遍历漏洞

Hugo is a framework based on the Go language used by the Gohugoio community for quickly generating static websites. Versions of Hugo from 0.43 to 0.161.0 had a path traversal vulnerability. This vulnerability occurred due to the lack of restrictions on file system access when calling Node tools,...

8.6CVSS5.9AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Snappier 安全漏洞

Snappier is a pure C version of the Google Snappy compression algorithm developed by Brant Burnett. Versions prior to Snappier 1.3.1 contained a security vulnerability; this vulnerability stemmed from the inability to escape an infinite loop that occurred when SnappierStream decompressed Snappy...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

deskflow 资源管理错误漏洞

Deskflow is an open-source tool for sharing keyboards and mice across devices. Versions of Deskflow prior to 1.26.0.167 contained a resource management vulnerability. This vulnerability arises from a fatal error branch that occurs when the TLS handshake fails, causing SecureSocket::secureAccept t...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

EFW Framework 安全漏洞

EFW Framework is an enterprise-level web development framework developed by the efw group, based on Ajax and server-side JavaScript. Versions of the EFW Framework prior to 4.08.010 contained security vulnerabilities. These vulnerabilities stemmed from the previewServlet not performing content...

4.6CVSS5.6AI score0.00141EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

EFW Framework 命令注入漏洞

EFW Framework is an enterprise-level web development framework developed by the efw group, based on Ajax and server-side JavaScript. Versions of the EFW Framework prior to 4.08.010 contained a command injection vulnerability. This vulnerability stemmed from the lack of proper path checking in...

9.3CVSS6AI score0.00319EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

EFW Framework 安全漏洞

EFW Framework is an enterprise-level web development framework developed by the efw group, based on Ajax and server-side JavaScript. Versions of the EFW Framework prior to 4.08.010 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the “readonly” flag only...

8.1CVSS5.9AI score0.00301EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Micronaut Framework 资源管理错误漏洞

The Micronaut Framework is a modern full-stack Java framework based on the JVM, developed by the Micronaut Foundation. Versions of the Micronaut Framework prior to 4.10.22 contained a resource management vulnerability. This vulnerability stemmed from the use of unbounded caching in the bundleCach...

3.7CVSS5.8AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

wger 安全漏洞

WGER is an open-source project developed by the WGER Team, built using Django for hosting self-hosted FLOSS fitness/exercise, nutrition, and weight tracking applications. Versions of WGER prior to 2.6 contained security vulnerabilities. These vulnerabilities stemmed from the use of Python object...

9.9CVSS5.8AI score0.00371EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

arduino-esp32 授权问题漏洞

Arduino-ESP32 is an open-source project by Espressif, designed for use with the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6, and ESP32-H2 boards. Versions of Arduino-ESP32 prior to 3.3.8 contained an authorization vulnerability. This vulnerability stemmed from the WebServer implementation, whic...

7.5CVSS5.8AI score0.00351EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

arduino-esp32 安全漏洞

Arduino-ESP32 is an open-source project by Espressif, designed for use with the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6, and ESP32-H2 boards. Versions of Arduino-ESP32 prior to 3.3.8 contained a security vulnerability. This vulnerability stemmed from the WebServer multi-part form parser’s...

9.8CVSS6.2AI score0.00571EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Modsecurity 数字错误漏洞

Modsecurity is an open-source web traffic security processing library developed by OWASP ModSecurity. Versions of Modsecurity from 3.0.0 to 3.0.15 contained a numerical error vulnerability. This vulnerability stemmed from an unsigned integer underflow, which led to unhandled exceptions and could...

8.2CVSS5.8AI score0.00396EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

mosparo 代码问题漏洞

Mosparo is a modern spam protection software developed under open source. Versions of Mosparo prior to 1.4.13 had code vulnerabilities. These vulnerabilities stemmed from the automatic rule package source URL feature, which allowed project members with editor roles to store URLs controlled by...

5CVSS5.9AI score0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

HashiCorp Nomad 后置链接漏洞

HashiCorp Nomad is a simple and flexible scheduler and orchestrator provided by the American company HashiCorp. It is used for managing containers and non-containerized applications on both local and cloud environments. Versions of HashiCorp Nomad prior to 0.1.2 contained a post-installation...

6CVSS5.9AI score0.00129EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

vLLM 安全漏洞

vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Versions of vLLM prior to 0.20.0 contained a security vulnerability. This vulnerability stemmed from the extracthiddenstates speculative decoding proposal, which returned tensor...

6.5CVSS5.8AI score0.00367EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

NanaZip 缓冲区错误漏洞

NanaZip is a compression software open-source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained a buffer error vulnerability. This vulnerability stemmed from the BitmapSize field in the ZealFS file system image resolver, where an attacker-controlled BitmapSize field led ...

7.1CVSS6.1AI score0.00117EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.16 views

OpenTelemetry .NET Contrib 安全漏洞

OpenTelemetry .NET Contrib is an open-source telemetry data collection and processing library developed by OpenTelemetry - CNCF. Versions 1.8.0 to 1.15.2 of OpenTelemetry .NET Contrib contain security vulnerabilities. These vulnerabilities stem from the OTLP disk retry feature being reverted to a...

7.8CVSS5.8AI score0.00108EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Adobe Commerce 输入验证错误漏洞

Adobe Commerce is a leading digital business solution for businesses and brands from Adobe in the United States. Versions of Adobe Commerce such as 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17, and earlier versions have a vulnerability related to input validation errors. This...

3.4CVSS5.8AI score0.00373EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Adobe Commerce 授权问题漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is an authorization issue vulnerability in Adobe Commerce; this vulnerability stems from improper authorization practices, which may allow security features to be...

4.3CVSS5.8AI score0.00393EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Adobe Commerce 安全漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a security vulnerability in Adobe Commerce, which stems from reliance on vulnerable third-party components, potentially causing application denial-of-service...

5.3CVSS5.8AI score0.0062EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Adobe Commerce 路径遍历漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. Adobe Commerce has a path traversal vulnerability, which stems from improper path name restrictions. This vulnerability may allow arbitrary file system reads and writes...

8.7CVSS5.9AI score0.00606EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.16 views

Adobe Commerce 资源管理错误漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a resource management vulnerability in Adobe Commerce, which stems from uncontrolled resource consumption. This vulnerability could lead to application...

7.5CVSS5.8AI score0.00675EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Adobe Commerce 资源管理错误漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a resource management vulnerability in Adobe Commerce, which stems from uncontrolled resource consumption. This vulnerability could lead to application...

7.5CVSS5.8AI score0.15933EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Adobe Commerce 资源管理错误漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a resource management vulnerability in Adobe Commerce, which stems from uncontrolled resource consumption. This vulnerability could lead to application...

7.5CVSS5.8AI score0.14383EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.17 views

Adobe Commerce 代码问题漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a code vulnerability in Adobe Commerce, which stems from server-side request forgeing. This vulnerability may allow security features to be bypassed, enabling...

7.4CVSS5.9AI score0.00471EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Adobe Commerce 安全漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a security vulnerability in Adobe Commerce, which stems from improper authorization. This vulnerability may allow security features to be bypassed, enabling...

7.5CVSS5.8AI score0.00561EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

shelf.nu 输入验证错误漏洞

shelf.nu is an open-source physical asset tracking and management platform developed by Shelf. Versions of shelf.nu from 1.12 to 1.20.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the SQL injection vulnerability in the sortBy query parameter on th...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Cleanuparr 访问控制错误漏洞

Cleanuparr is an automated tool developed by Cleanuparr OpenSource, designed to clean up invalid files in the download queue. Versions of Cleanuparr prior to 2.9.10 contained a access control vulnerability. This vulnerability stemmed from the global CORS policy, which reflected the Origin of each...

8CVSS5.8AI score0.0012EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Intel Display Virtualization for Windows OS driver 缓冲区错误漏洞

The Intel Display Virtualization for Windows OS driver is a display virtualization driver developed by Intel Corporation. The Intel Display Virtualization for Windows OS driver has a buffer error vulnerability, which stems from improper buffer limits and may lead to a denial-of-service attack...

6.8CVSS6AI score0.00104EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

SAP Strategic Enterprise Management 安全漏洞

SAP Strategic Enterprise Management is a corporate strategic management software developed by the German company SAP. There is a security vulnerability in SAP Strategic Enterprise Management. This vulnerability stems from the lack of authorization checks, which may allow authenticated attackers t...

5.4CVSS5.8AI score0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Siemens Solid Edge 安全漏洞

Siemens Solid Edge is a 3D CAD software developed by the German company Siemens. This software can be used for parts design, assembly design, sheet metal design, welding design, and other industries. Versions of Siemens Solid Edge prior to SE2026 V226.0 Update 5 contained security vulnerabilities...

7.8CVSS7.5AI score0.00106EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Microsoft Rich Text Edit Control 资源管理错误漏洞

Microsoft Rich Text Edit Control is a rich text editor implemented by Microsoft Corporation. There is a resource management vulnerability in Microsoft Rich Text Edit Control. Attackers can exploit this vulnerability to gain elevated privileges. The following products and versions are affected:...

6.7CVSS5.8AI score0.00319EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Microsoft Windows 竞争条件问题漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. Microsoft Windows has vulnerabilities that can lead to competitive conditions. Attackers can exploit these vulnerabilities to execute code remotely. The following products and versions are affecte...

7.5CVSS6AI score0.00297EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Siemens Solid Edge 缓冲区错误漏洞

Siemens Solid Edge is a 3D CAD software developed by the German company Siemens. This software can be used for parts design, assembly design, sheet metal design, welding design, and other industries. Versions of Siemens Solid Edge prior to V226.0 Update 5 contained a buffer error vulnerability...

7.8CVSS7.6AI score0.00105EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Adobe CAI Content Credentials 输入验证错误漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. Adobe CAI Content Credentials has a vulnerability related to input validation errors. This vulnerability...

6.2CVSS5.8AI score0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Microsoft Edge for Android 安全漏洞

Microsoft Edge for Android is a browser in the Android operating system developed by the American company Microsoft. There are security vulnerabilities in Microsoft Edge for Android. Attackers use these vulnerabilities to carry out phishing attacks...

4.3CVSS5.8AI score0.00497EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Intel QAT software drivers for Windows 安全漏洞

Intel QAT software drivers for Windows are a set of encryption and compression hardware acceleration drivers for the Windows platform developed by Intel Corporation. Versions prior to Intel QAT software drivers for Windows 1.13 contain security vulnerabilities. These vulnerabilities stem from the...

4.8CVSS5.8AI score0.00096EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. In versions prior to 148.0.7778.168, there was a resource management vulnerability that stemmed from the reuse of GPU resources after they were released. This vulnerability could allow remote attackers to execute arbitrary code within a...

8.8CVSS6.2AI score0.00262EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Intel Data Center Graphics Driver 安全漏洞

The Intel Data Center Graphics Driver is a set of graphics drivers developed by Intel Corporation for data center GPUs and graphics acceleration devices. Versions of the Intel Data Center Graphics Driver prior to 2.0.2 contained a security vulnerability caused by a buffer overflow in the Ring 1...

9.3CVSS6.1AI score0.00127EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

WordPress plugin WP Google Maps Integration 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

WordPress plugin Eight Day Week Print Workflow SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Microsoft Lightweight Directory Access Protocol(LDAP) 代码问题漏洞

Microsoft Lightweight Directory Access Protocol LDAP is a directory service protocol developed by Microsoft Corporation. It operates at the layer above the TCP/IP stack. There are code-related vulnerabilities in the Microsoft Lightweight Directory Access Protocol LDAP. Attackers can exploit these...

5.5CVSS5.8AI score0.00292EPSS
Exploits0References2
Total number of security vulnerabilities195539