Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

mako 路径遍历漏洞

Mako is an open-source template library written in Python by SQLAlchemy. It offers a familiar non-XML syntax, which can be compiled into Python modules for optimal performance. Prior to Mako 1.3.12, there was a path traversal vulnerability. This vulnerability stemmed from a bypass of directory...

8.7CVSS5.8AI score0.00609EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

lemur 注入漏洞

Lemur is an open-source TLS certificate management tool developed by Netflix, Inc. Versions of Lemur prior to 1.9.0 contained a injection vulnerability. This vulnerability stemmed from the LDAP authentication module using uncleaned user input to construct LDAP search filters, which could lead to...

8.1CVSS5.8AI score0.00179EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

vLLM 输入验证错误漏洞

vLLM is an open-source inference and service engine designed for LLM models, featuring high throughput and efficient memory usage. Versions of vLLM prior to 0.6.1 to 0.20.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from token injection issues during...

7.5CVSS5.8AI score0.00414EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

mem0 安全漏洞

mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory deletion API endpoint, which could allow remote...

6.5CVSS5.8AI score0.00386EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Snorkel 安全漏洞

Snorkel is an open-source system developed by Snorkel that uses weak supervision to quickly generate training data. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the BaseLabeler class’s BaseLabeler.load method, which uses the unsafe...

8.8CVSS6.1AI score0.00392EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Pytorch-Lightning 安全漏洞

PyTorch-Lightning is an open-source lightweight PyTorch wrapper developed by Lightning AI in the United States. It is used for high-performance AI research. Versions of PyTorch-Lightning prior to 2.6.0 contain security vulnerabilities. These vulnerabilities stem from the...

8.8CVSS6.2AI score0.00385EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.16 views

Wing FTP Server 代码注入漏洞

Wing FTP Server is an open-source, cross-platform FTP server software developed by Wing FTP Server. Version 8.1.2 of Wing FTP Server has a code injection vulnerability. This vulnerability stems from the session serialization mechanism, where the mydirectory field for domain administrators allows...

8.6CVSS6.1AI score0.02643EPSS
Exploits5References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

NanaZip 缓冲区错误漏洞

NanaZip is a compression software open-source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained a buffer error vulnerability. This vulnerability stemmed from the BitmapSize field in the ZealFS file system image resolver, where an attacker-controlled BitmapSize field led ...

7.1CVSS6.1AI score0.00117EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

ip-address 跨站脚本漏洞

ip-address is a JavaScript library developed by Beau Gunderson, designed for verifying and manipulating IPv4 and IPv6 addresses. Versions prior to 10.1.1 of ip-address had a cross-site scripting vulnerability. This vulnerability stemmed from the Address6.group and Address6.link methods not proper...

6.1CVSS5.6AI score0.00471EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Microsoft Windows Common Log File System Driver 数字错误漏洞

The Microsoft Windows Common Log File System Driver is a high-performance, general-purpose log file system API provided by Microsoft. It allows specialized client applications to utilize this subsystem, enabling multiple clients to share it for optimized log access. The Microsoft Windows Common L...

7.8CVSS5.8AI score0.00273EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

mem0 安全漏洞

mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory reset function. Unauthorized attackers could exploit...

9.1CVSS5.8AI score0.00489EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Microsoft Windows Admin Center 访问控制错误漏洞

Microsoft Windows Admin Center is a browser-based, locally deployed application developed by Microsoft. This tool is primarily used for managing servers and clusters. Microsoft Windows Admin Center has a vulnerability related to access control. Attackers can exploit this vulnerability to gain...

8.8CVSS5.8AI score0.00427EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

LWP::UserAgent 安全漏洞

LWP::UserAgent is a web user agent class open source from libwww-perl, used for sending HTTP requests. Versions of LWP::UserAgent prior to version 6.83 have security vulnerabilities. These vulnerabilities stem from improper handling of the Authorization and Proxy-Authorization headers during...

6.5CVSS5.8AI score0.00266EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in the IFrame Sandbox component, which could allow remote attackers to bypass navigation...

4.3CVSS6AI score0.00182EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained code vulnerabilities. These vulnerabilities stemmed from the use of isSSRFSafeURL, which only verified the initial URL. This could allow attackers to bypass SSRF...

7.7CVSS5.9AI score0.00348EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system designed for iPad tablets. Apple VisionOS is an operating system suitable for AR glasses. Several of Apple’s products have securi...

7.5CVSS5.8AI score0.00325EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Apple多款产品 安全漏洞

Apple iOS and other products are owned by the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

6.5CVSS5.8AI score0.00487EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Dell Automation Platform 安全漏洞

Dell Automation Platform is an automation and resource orchestration platform for enterprise IT environments developed by the American company Dell. Versions of Dell Automation Platform prior to 2.0.0.0 contained security vulnerabilities. These vulnerabilities stemmed from lack of authorization...

8.8CVSS5.8AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Devs Palace ERP Online 跨站脚本漏洞

Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability originated from an unknown portion of the...

4.8CVSS5.6AI score0.00202EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Meari IoT Cloud MQTT Broker EMQX 安全漏洞

Meari IoT Cloud MQTT Broker EMQX is a high-performance IoT messaging proxy service based on the MQTT protocol provided by Meari Corporation. A security vulnerability exists in the Meari IoT Cloud MQTT Broker EMQX 4.x version. This vulnerability stems from the lack of authorization for device-leve...

7.7CVSS5.8AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

docuForm FSM Server 跨站脚本漏洞

The docuForm FSM Server is a server-side system developed by the German company docuForm, designed for enterprise document processing and form workflow management. The version 11.11c of the docuForm FSM Server contains a cross-site scripting vulnerability, which stems from a reflection-type...

6.1CVSS5.7AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There is a security vulnerability in Apple macOS, which stems from additional restrictions that address permission issues. This vulnerability may allow malicious applications to bypass its...

8.8CVSS5.8AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

OWASP BLT 代码注入漏洞

OWASP BLT is an open-source gamified crowdsourcing platform for testing and disclosing vulnerabilities. Versions of OWASP BLT prior to 2.1.2 contained a code injection vulnerability. This vulnerability stemmed from the use of the pullrequesttarget trigger in the pre-commit-fix.yaml workflow, whic...

8.8CVSS6.5AI score0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Grav 路径遍历漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained a path traversal vulnerability. This vulnerabili...

9.3CVSS5.9AI score0.00521EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

docuForm FSM Server 跨站脚本漏洞

The docuForm FSM Server is a server-side system developed by the German company docuForm, designed for enterprise document processing and form workflow management. Version 11.11c of the docuForm FSM Server contains a cross-site scripting vulnerability. This vulnerability originates from the...

6.1CVSS5.9AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.23 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.5CVSS5.8AI score0.00411EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Microsoft Edge 安全漏洞

Microsoft Edge is a web browser included with Windows 10 and later versions from Microsoft. There are security vulnerabilities in Microsoft Edge. Attackers can exploit these vulnerabilities to obtain sensitive information...

7.4CVSS5.8AI score0.00652EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe prior to 26.4 contained a security vulnerability caused by a race condition issue, which could allow applications to access sensitive user data...

4.7CVSS5.8AI score0.00085EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

WWBN AVideo 跨站请求伪造漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF protection and MIME validation in the objects/userSavePhoto.php...

5.4CVSS5.7AI score0.00121EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS prior to Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 contain security vulnerabilities due to logging issues, which may allow malicious applications to bypass the...

8.8CVSS5.8AI score0.00154EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the SMF component called...

6.5CVSS5.8AI score0.00461EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

docuForm FSM Server 授权问题漏洞

The docuForm FSM Server is a server-side system developed by the German company docuForm, designed for enterprise document processing and form workflow management. The version 11.11c of the docuForm FSM Server has an authorization vulnerability, which stems from a session fixation attack present ...

5.4CVSS5.8AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

CosyVoice 安全漏洞

CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. CosyVoice has a security vulnerability, which stems from the gRPC server component using torch.load to load the voice synthesis model without enabling the weights-only=True security parameter. Thi...

7.3CVSS6.2AI score0.00218EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

WSO2 Identity Server 访问控制错误漏洞

WSO2 Identity Server is an identity authentication server developed by the American company WSO2. WSO2 Identity Server has a control access vulnerability that arises from the lack of verification of organizational context during the execution of adaptive authentication processes. This vulnerabili...

7.2CVSS6AI score0.00366EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the smfnsmfhandleupdatedatainvsmf function in the...

6.5CVSS5.8AI score0.00372EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.5CVSS5.8AI score0.00411EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

DNSmasq 安全漏洞

DNSmasq is a DNS configuration tool developed by Simon Kelley. DNSmasq has a security vulnerability, which stems from the extractname function being exploitable, leading to a heap buffer overflow. This allows attackers to inject fake DNS cache entries, potentially redirecting DNS queries to...

7.3CVSS6.1AI score0.00754EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Wikimedia Scribunto 跨站脚本漏洞

Wikimedia Scribunto is a scripting development tool provided by the Wikimedia Foundation. Versions of Wikimedia Scribunto from 1.45.0 to 1.45.2 had a cross-site scripting vulnerability. This vulnerability was caused by a memory leak, resulting in insufficient memory for the runJobs.php script...

2.3CVSS5.6AI score0.00228EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have security vulnerabilities; these...

7.5CVSS5.8AI score0.00378EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple macOS is a specialized operating system developed for Mac computers. Several Apple products have security...

6.2CVSS5.9AI score0.00159EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

CosyVoice 安全漏洞

CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. There was a security vulnerability in the previous version of CosyVoice, which stemmed from the data processing tool makeparquetlist.py using torch.load to load .pt files without enabling the...

7.3CVSS6.2AI score0.0021EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Outline 安全漏洞

Outline is an open-source knowledge base developed by Outline. Versions 0.84.0 to 1.7.0 of Outline contain security vulnerabilities. These vulnerabilities stem from a corrupted authorization pattern in the subscriptions.create API endpoint. When both collectionId and documentId are provided...

7.7CVSS5.8AI score0.00205EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Wagtail 安全漏洞

Wagtail is an open-source content management system CMS developed by Wagtail. Versions of Wagtail prior to 7.0.7, 7.3.2, and 7.4 contained security vulnerabilities. These vulnerabilities stemmed from the lack of permission checks when copying pages; this allowed CMS users to copy pages that they...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

4.7CVSS5.8AI score0.00143EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Dell ECS和Dell ObjectScale 信任管理问题漏洞

Dell ECS and Dell ObjectScale are both products of the American company Dell. Dell ECS is an scalable, manageable, and elastic enterprise-level object storage solution. Dell ObjectScale is an object storage platform. There were security management vulnerabilities in versions 3.8.1.0 to 3.8.1.7 of...

9.8CVSS5.8AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.16 views

ATutor 跨站脚本漏洞

ATutor is a set of open-source web-based Learning Content Management Systems LCMS developed by the Atutor team. This system includes modules for teaching content management, forums, chat rooms, etc. Version 2.2.4 of ATutor has a cross-site scripting vulnerability. This vulnerability stems from th...

5.1CVSS5.9AI score0.00391EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

4.3CVSS5.8AI score0.00296EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have security vulnerabilities. These vulnerabilities arise from the top-level jq program loaded via the -f parameter being truncated at the first NUL byte. This can result in the...

5.5CVSS5.9AI score0.00158EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have security vulnerabilities; these vulnerabilities stem from unbounded recursion in jvobjectmergerecursive. This recursion allows malicious programs to cause program crashes with...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.2rc1 and earlier have security vulnerabilities. These vulnerabilities stem from the fact that the standard module loader does not perform cyclic checks when modules are included within each other,...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References1
Total number of security vulnerabilities195539