Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

OpenClaw 路径遍历漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.15 contained a path traversal vulnerability. This vulnerability stemmed from the webchat audio embedding assistant’s failure to apply a check for the inclusion of the local medi...

6.3CVSS5.8AI score0.00305EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.22 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypass in the Control UI bootstrapping endpoint, allowing unauthenticated attackers to...

6.3CVSS5.8AI score0.00317EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.4.5 to 2026.4.20 contained a security vulnerability. This vulnerability was caused by environmental variable injection, which could lead to the dotenv workspace overriding...

5CVSS5.8AI score0.00119EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.21 contained security vulnerabilities. These vulnerabilities were caused by an authorization bypass in the command-auth.ts file, which allowed unauthorized senders to bypass the...

4.2CVSS5.8AI score0.00237EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Zen 安全漏洞

Zen is an open-source productivity browser based on Firefox. Versions of Zen prior to 1.19.12b contain security vulnerabilities. These vulnerabilities arise from the address bar incorrectly truncating long hostnames and displaying only the subdomain prefix controlled by the attacker, which may le...

4.7CVSS5.8AI score0.00164EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Zen 输入验证错误漏洞

Zen is an open-source productivity browser based on Firefox. Versions of Zen prior to 1.19.12b contained a vulnerability related to input validation errors. This vulnerability stemmed from project links in RSS subscriptions not being restricted by http or https, which could lead to security risks...

2.4CVSS5.8AI score0.00157EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Neat VNC 安全漏洞

Neat VNC is a freely licensed VNC server library developed by Andri Yngvason. Versions of Neat VNC prior to 0.9.6 contained security vulnerabilities. These vulnerabilities stemmed from a buffer overflow in the RSA-AES security processor, which could allow unauthenticated remote attackers to cause...

9.3CVSS6.1AI score0.0055EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Open edX Platform 代码问题漏洞

The Open edX Platform is an open-source course management system developed by Open edX. This system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. The Open edX Platform has code vulnerabilities that stem from the syncproviderdata endpoint in the...

9.9CVSS6AI score0.00374EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Open edX Platform 跨站脚本漏洞

The Open edX Platform is an open-source course management system developed by Open edX. This system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. The Open edX Platform has a cross-site scripting vulnerability. This vulnerability arises from the...

5.4CVSS5.7AI score0.0021EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Network-AI 访问控制错误漏洞

Network-AI is a multi-agent orchestration and governance tool developed by Jovan Marinovic. Versions prior to Network-AI 5.1.3 contained an access control vulnerability. This vulnerability stemmed from the lack of authentication, session, source, or token checks for JSON-RPC tool calls transmitte...

8.7CVSS5.8AI score0.00471EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Taiga 跨站脚本漏洞

Taiga is an open-source project management tool developed by Taiga Open Source. Versions of Taiga prior to 6.9.1 had a cross-site scripting vulnerability, which allowed attackers to inject malicious scripts into front-end input fields...

5.7CVSS5.6AI score0.00284EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Grav 跨站脚本漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Prior to Grav 9.1.0, there was a cross-site scripting vulnerability. This vulnerability stemmed...

5.4CVSS5.8AI score0.0015EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Official Clerk JavaScript SDKs 代码问题漏洞

The Official Clerk JavaScript SDKs are an open-source repository for Clerk authentication purposes. These SDKs have code vulnerabilities that can lead to false positives during authorization checks. This occurs when functions like has and auth.protect, along with related authorization predicates,...

8.1CVSS5.9AI score0.00246EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.16 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the yuarelparse function in the /lib/sbi/conv.c library, which...

6.5CVSS5.8AI score0.00372EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

angular-expressions 安全漏洞

Angular-Expressions is an expression compilation and evaluation tool developed by Peerigon. Versions of Angular-Expressions prior to 1.5.2 contained a security vulnerability. This vulnerability allowed attackers to write malicious expressions using filters to escape the sandbox, potentially...

10CVSS6.1AI score0.00476EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Corteza SQL注入漏洞

Corteza is an open-source low-code platform developed by the Corteza Project, designed for quickly building CRM, business processes, and structured data applications. The Corteza 2024.9.8 version contains a SQL injection vulnerability. This vulnerability arises from the SQL injection vulnerabilit...

6CVSS5.9AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Wagtail 安全漏洞

Wagtail is an open-source content management system CMS developed by Wagtail. Versions prior to Wagtail 7.0.7, 7.3.2, and 7.4 contain security vulnerabilities. These vulnerabilities stem from the ability of CMS users to access revised versions of pages through the revision comparison view, which...

6.5CVSS5.8AI score0.00204EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Grav 跨站脚本漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained a cross-site scripting vulnerability. This...

8.5CVSS5.9AI score0.00238EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities originate from the smfnsmfhandleupdatedatainvsmf function in the...

6.5CVSS5.8AI score0.00372EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities; these vulnerabilities stem from the function OpenAPIlistcreate in the SMF component, which may...

6.5CVSS5.8AI score0.00372EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

SQUIRREL 缓冲区错误漏洞

SQUIRREL is a programming language developed by Alberto Demichelis. It is the stable version of SQUIRREL 3.2. Versions of SQUIRREL 3.2 and earlier had a buffer error vulnerability, which stemmed from a stack buffer overflow in the validateformat function within the sqstdlib/sqstdstring.cpp librar...

5.3CVSS6.3AI score0.00123EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a null pointer dereferencing in the smfnsmfhandlecreatedatainhsm...

6.5CVSS5.8AI score0.00378EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Microsoft Azure Data Explorer Kafka Connect Kusto Sink Connector 安全漏洞

The Microsoft Azure Data Explorer Kafka Connect Kusto Sink Connector is an open-source Kafka data synchronization connector to Azure Big Data Analysis databases. Versions of the Kusto Sink Connector prior to version 5.2.3 have security vulnerabilities. These vulnerabilities stem from uncleaned...

6.5CVSS6.1AI score0.00344EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Grav-Plugin-Admin 跨站脚本漏洞

Grav-Plugin-Admin is an administrative plugin developed by Grav, an open-source project. It is used to configure Grav pages. Versions of Grav-Plugin-Admin prior to 1.10.49.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper validation and cleaning of the...

6.2CVSS5.6AI score0.00256EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Wagtail 安全漏洞

Wagtail is an open-source content management system CMS developed by Wagtail. Versions of Wagtail prior to 7.0.7, 7.3.2, and 7.4 contained security vulnerabilities. These vulnerabilities stemmed from the document and image APIs incorrectly listing items within private collections, potentially...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Grav 安全漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained security vulnerabilities. These vulnerabilities...

8.1CVSS5.8AI score0.00463EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

ATutor 跨站脚本漏洞

ATutor is a set of open-source web-based Learning Content Management Systems LCMS developed by the Atutor team. This system includes modules for teaching content management, forums, chat rooms, etc. Version 2.2.4 of ATutor has a cross-site scripting vulnerability. This vulnerability stems from th...

5.1CVSS5.9AI score0.00391EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

bettercap 数字错误漏洞

Bettercap is an open-source framework for network attacks and security testing developed by Bettercap. Versions of Bettercap 2.41.5 and earlier contained a numerical error vulnerability. This vulnerability stemmed from an integer coercion conversion error in the ippReadChunkedBody function within...

6.3CVSS5.8AI score0.00523EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

bettercap 数字错误漏洞

Bettercap is an open-source framework for network attacks and security testing developed by Bettercap. Versions of Bettercap 2.41.5 and earlier contain a numerical error vulnerability. This vulnerability stems from an unknown function in the modules/mysqlserver/mysqlserver.go file of the MySQL...

6.3CVSS5.6AI score0.00389EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.16 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities; these vulnerabilities stem from the smf component’s ogsnasparseqosrules function, which may lead...

6.5CVSS5.8AI score0.0038EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

SQUIRREL 缓冲区错误漏洞

SQUIRREL is a programming language developed by Alberto Demichelis. It is the stable version of SQUIRREL 3.2. Versions of SQUIRREL 3.2 and earlier had a buffer error vulnerability, which stemmed from a heap buffer overflow in the function SQFunctionProto::Load located in the file...

5.9CVSS6.5AI score0.00154EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.5CVSS5.8AI score0.00395EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Grav CMS 安全漏洞

Grav CMS is an open-source file-based content management system developed by Grav. Versions of Grav CMS prior to 9.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of path stripping during file uploads and the failure to strictly prevent the extension of page...

8.7CVSS5.8AI score0.00622EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There is a security vulnerability in Apple macOS, which stems from a denial-of-service issue and may allow applications to modify protected parts of the file system. The following versions are...

7.5CVSS5.8AI score0.00483EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

DNSmasq 安全漏洞

DNSmasq is a DNS configuration tool developed by Simon Kelley. DNSmasq has a security vulnerability, which stems from a buffer overflow in the extractaddresses function. This vulnerability allows attackers to trigger heap-based out-of-bounds reads by exploiting malformed DNS responses, causing a...

7.3CVSS6AI score0.00933EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the function smfnsmfhandlecreatesmcontext in the SMF component,...

6.5CVSS5.8AI score0.00471EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. There were security vulnerabilities in versions prior to Apple iOS 18.7.9, iPadOS 18.7.9, iOS 26.4, and iPadO...

7.5CVSS5.8AI score0.00308EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Cradle eCommerce 跨站脚本漏洞

Cradle eCommerce is an e-commerce platform developed by Cradle Corporation, which integrates content management and online shopping features. Cradle eCommerce has a cross-site scripting vulnerability. This vulnerability arises from insecurely reflecting user-controlled inputs at endpoints/product...

5.1CVSS5.9AI score0.00318EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple VisionOS is an operating system designed for AR glasses. Several Apple products have security...

8.8CVSS7.1AI score0.00693EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Crabbox 安全漏洞

Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from a certification bypass in the coordinator’s user token verification process. The...

8.8CVSS6.5AI score0.00382EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.7 views

Crabbox 路径遍历漏洞

Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.9.0 contained a path traversal vulnerability. This vulnerability stemmed from path resolution in the Islo provider’s workspace, allowing attackers to provide...

7.1CVSS6.5AI score0.00144EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

DNSmasq 安全漏洞

DNSmasq is a DNS configuration tool developed by Simon Kelley individually. DNSmasq has a security vulnerability, which stems from heap-based out-of-bound writes in the DHCPv6 implementation. This vulnerability allows local attackers to execute arbitrary code with root privileges using specially...

8.4CVSS6.2AI score0.00812EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Audiobookshelf 跨站脚本漏洞

Audiobookshelf is an open-source, self-hosted server for audio books and podcasts. Versions of Audiobookshelf prior to 2.33.0 had a cross-site scripting vulnerability. This vulnerability occurred due to the login page not properly cleaning the authLoginCustomMessage field, allowing for...

4.5CVSS5.7AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

Wagtail 安全漏洞

Wagtail is an open-source content management system CMS developed by Wagtail. Versions of Wagtail prior to 7.0.7, 7.3.2, and 7.4 contained security vulnerabilities. These vulnerabilities stemmed from the ability for CMS users to submit content by constructing forms that allowed them to delete for...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

HireFlow 安全漏洞

HireFlow is an online interview management platform developed by StratonWebDesigners as a personal developer project. Version 1.2 of HireFlow contains a security vulnerability. This vulnerability stems from the lack of object-level authorization for the /candidate/ and /interview/ endpoints. As a...

8.1CVSS5.8AI score0.00231EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Meari Alibaba OSS 安全漏洞

Meari Alibaba OSS is an IoT cloud data storage solution developed by Meari Company, which integrates object storage services. There is a security vulnerability in Meari Alibaba OSS. This vulnerability arises from the lack of authentication, signed URLs, and expiration controls in Meari IoT Cloud...

7.5CVSS5.8AI score0.00293EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

CPython 安全特征问题漏洞

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a security feature vulnerability, which stems from insufficient entropy in Expat hash flood protection mechanisms. This vulnerability may allow specially crafted XML documents to trigger a hash flood...

9.8CVSS5.8AI score0.0079EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Cockpit 操作系统命令注入漏洞

Cockpit is an interactive server management interface developed by Cockpit OpenSource. Cockpit has a vulnerability related to operating system command injection. This vulnerability stems from the lack of cleaning of user-controlled parameters in the system log user interface. This allows remote...

8CVSS7.3AI score0.01016EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

Dell ECS和Dell ObjectScale 安全漏洞

Dell ECS and Dell ObjectScale are both products of the American company Dell. Dell ECS is an extensible, manageable, and elastic enterprise-level object storage solution. Dell ObjectScale is an object storage platform. There were security vulnerabilities in versions 3.8.1.0 to 3.8.1.7 of Dell ECS...

9.8CVSS5.9AI score0.00317EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

MLflow 代码问题漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of MLflow prior to 3.9.0 contained code vulnerabilities. These vulnerabilities stemmed fr...

7.1CVSS7.2AI score0.00288EPSS
Exploits1References1
Total number of security vulnerabilities195539