Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Tenda AC6 命令注入漏洞

Tenda AC6 is a wireless router produced by the Chinese company Tenda. The version 15.03.06.23 of Tenda AC6 has a command injection vulnerability. This vulnerability stems from the function formWifiApScan in the httpd component’s file/goform/WifiApScan, which processes parameters...

8.8CVSS6.6AI score0.02891EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

DeepChat 输入验证错误漏洞

DeepChat is an intelligent assistant developed by ThinkInAIXYZ as open source. Versions of DeepChat prior to v1.0.4-beta.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from incomplete mitigation measures for CVE-2025-55733. Although the patch correctly...

9.6CVSS5.8AI score0.0033EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

docuForm FSM Server 跨站脚本漏洞

The docuForm FSM Server is a server-side system developed by the German company docuForm, designed for enterprise document processing and form workflow management. The version 11.11c of the docuForm FSM Server contains a cross-site scripting vulnerability. This vulnerability originates from the...

6.1CVSS5.9AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

JetBrains TeamCity 访问控制错误漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1 an...

8.2CVSS5.9AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the plugin/CloneSite/cloneClient.json.php file displaying the local CloneSite shared key in unvalidate...

7.5CVSS5.9AI score0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Link Preview JS 代码问题漏洞

Link Preview JS is an open-source tool developed by op-engineering for extracting information about web links. Versions of Link Preview JS prior to 4.0.1 contained code vulnerabilities. These vulnerabilities stemmed from the library’s failure to detect IPv6 loop attacks, and DNS attacks that coul...

8.7CVSS5.9AI score0.00432EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Wikimedia MediaWiki 信息泄露漏洞

Wikimedia MediaWiki is a web application developed by the Wikimedia Foundation for building Wiki websites. Versions of MediaWiki prior to 1.43.7, 1.44.4, and 1.45.2 contained an information leakage vulnerability. This vulnerability resulted from sensitive information in the includes/Skin/Skin.Php...

7.5CVSS5.8AI score0.00237EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

MediaWiki 信息泄露漏洞

MediaWiki is a free and open-source wiki engine developed by the Wikimedia Foundation in the United States. This product can be used to deploy internal knowledge management and content management systems. Versions of MediaWiki prior to 1.43.7, 1.44.4, and 1.45.2 contained a vulnerability that led...

7.5CVSS5.8AI score0.0029EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.5CVSS5.8AI score0.0045EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Outline 安全漏洞

Outline is an open-source knowledge base developed by Outline. Versions 0.84.0 to 1.6.1 of Outline contain security vulnerabilities. These vulnerabilities stem from a logical error in the use of Array.some for verifying the OAuth scopes. As a result, if any single scope is valid, the entire scope...

8.2CVSS5.8AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Cowlib 注入漏洞

Cowlib is a web protocol message parsing and building library developed by Nine Nines. Version 2.6.0 of cowlib contains an injection vulnerability. This vulnerability arises from the program’s failure to properly filter CRLF sequences when processing events sent by the server, resulting in SSE...

6.3CVSS5.8AI score0.00266EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Audiobookshelf 路径遍历漏洞

Audiobookshelf is an open-source, self-hosted server for audio books and podcasts. Versions of Audiobookshelf prior to 2.32.2 contained a path traversal vulnerability. This vulnerability stemmed from the podcast creation endpoint accepting user-controlled file paths without adequate boundary...

6.9CVSS5.8AI score0.00331EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Barebox 缓冲区错误漏洞

Barebox is a versatile and flexible bootloader developed by Barebox Open Source. Versions of Barebox prior to 2026.04.0 contained a buffer error vulnerability. This vulnerability stemmed from the dhcpmessagetype function in DHCP option parsing, which did not verify whether the option pointers wer...

7.1CVSS6AI score0.00222EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.22 contained security vulnerabilities. These vulnerabilities stemmed from allowing dotenv files in the workspace to override endpoints for Matrix, Mattermost, IRC, and Synology...

5CVSS5.8AI score0.00105EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

EDIMAX BR-6428nS 安全漏洞

The EDIMAX BR-6428nS is a wireless router produced by EDIMAX Corporation. The EDIMAX BR-6428nS V3 1.15 version has a security vulnerability. This vulnerability stems from insufficient input validation in the WLAN configuration function. It allows authenticated attackers to submit malicious inputs...

8.8CVSS6.1AI score0.01258EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

DNSmasq 安全漏洞

DNSmasq is a DNS configuration tool developed by Simon Kelley. DNSmasq has a security vulnerability that stems from information leakage. This vulnerability allows remote attackers to bypass source checks using specially crafted DNS packets containing information about RFC 7871 client subnets...

5.3CVSS5.8AI score0.02681EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

DNSmasq 安全漏洞

DNSmasq is a DNS configuration tool developed by Simon Kelley. DNSmasq has a security vulnerability, which stems from an issue with DNSSEC verification. This vulnerability allows remote attackers to cause denial-of-service attacks through specially crafted DNS packets...

7.5CVSS5.8AI score0.07237EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

@workos/authkit-session 输入验证错误漏洞

@workos/authkit-session is an open-source session authentication and token management tool developed by WorkOS. Versions of @workos/authkit-session prior to 0.5.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation of the...

4.3CVSS5.7AI score0.00196EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe prior to 26.4 contained a security vulnerability caused by an authorization issue, which could allow applications to access sensitive user data...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

GROWI 路径遍历漏洞

GROWI is an enterprise-level open-source knowledge base/Wiki system built using Node.js and React by GROWI Inc. GROWI versions 7.5.0 and earlier have a path traversal vulnerability. This vulnerability allows attackers to execute arbitrary EJS templates on the server...

8.6CVSS7.3AI score0.00495EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.15 views

Apache Airflow 日志信息泄露漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 6.5.3, there was a vulnerability...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Wireshark MCP 路径遍历漏洞

Wireshark MCP is a network packet intelligence analysis tool developed by Bpple’s individual developer. Versions of Wireshark MCP 1.1.5 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the wiresharkexportobjects MCP tool accepting a destdir parameter controlle...

6.8CVSS5.8AI score0.00281EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

MLflow 路径遍历漏洞

MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of MLFlow prior to 3.9.0 contained a path traversal vulnerability. This vulnerability...

7.5CVSS7.3AI score0.00712EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained security vulnerabilities. These vulnerabilities stemmed from the WebUI returning complete Python trace details when exceptions were not handled properly. This could allow...

5.3CVSS5.8AI score0.00336EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.16 views

Docling 安全漏洞

Docling is a multi-format document parsing and AI integration tool open-sourced by the Docling Project. Versions of Docling 2.61.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of etree.fromstring to parse XML files without disabling entity parsing,...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

pgAdmin 4 安全漏洞

pgAdmin 4 is an open-source management and development platform for PostgreSQL, developed by the pgAdmin Project. Versions of pgAdmin 4 prior to 9.15 contained security vulnerabilities. These vulnerabilities were caused by local file inclusion and server-side request forgeing, which could allow...

7.1CVSS5.9AI score0.00217EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Docling 安全漏洞

Docling is an open-source multi-format document parsing and AI integration tool developed by the Docling Project. Versions of Docling 2.61.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of etree.parse to parse XML files without disabling entity parsin...

7.5CVSS5.8AI score0.00351EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

agents 资源管理错误漏洞

Agents is an open-source intelligent agent symbol learning and training framework developed by AIWaves. There is a resource management vulnerability in aiwaves-cn agents, which stems from the recallrelevantmemoriestoworkingmemory function in the core/cat/lookingglass/straycat.py file within the...

6.9CVSS6AI score0.0038EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

microdot 注入漏洞

Microdot is a minimalistic Python web framework developed by Miguel Grinberg. Versions of Microdot prior to 2.6.1 contained an injection vulnerability. This vulnerability stemmed from the Response.setcookie method not properly cleaning the string parameters, which could lead to header injection...

3.7CVSS5.8AI score0.00215EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

FlashAttention 安全漏洞

FlashAttention is an efficient and memory-efficient attention mechanism implementation tool open-sourced by Dao AI Lab. There is a security vulnerability in FlashAttention, which stems from the checkpoint loading mechanism using torch.load to load checkpoint files without enabling the...

7.3CVSS6.2AI score0.00218EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

pgAdmin 安全漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 contained a security vulnerability. This vulnerability stemmed from improper restrictions on authentication attempts, which could allow attackers to bypass...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

pgAdmin 代码问题漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had code vulnerabilities related to deserializing unreliable data. These vulnerabilities could allow authenticated users to execute remote code by placing...

7.8CVSS6.2AI score0.00131EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

pgAdmin SQL注入漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had a SQL injection vulnerability. This vulnerability could allow authenticated users to inject arbitrary commands in the psql copy command, enabling executio...

8.8CVSS6.1AI score0.01444EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.15 views

pgAdmin SQL注入漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had a SQL injection vulnerability. This vulnerability allows authenticated users to inject arbitrary SQL statements in VACUUM/ANALYZE/REINDEX commands,...

8.8CVSS6.1AI score0.00456EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

pgAdmin 跨站脚本漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had a cross-site scripting vulnerability. This vulnerability stemmed from stored cross-site scripts, which could allow user-controlled PostgreSQL object names...

4.8CVSS5.8AI score0.00163EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

GPT PILOT 安全漏洞

GPT PILOT is an open-source AI-driven full-featured application development tool developed by Pythagoras-io. There is a security vulnerability in GPT PILOT, which stems from the Executor.run method accepting free-text input without proper validation. This vulnerability could allow attackers to...

6.5CVSS6.3AI score0.00704EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

cramfs-tools 路径遍历漏洞

cramfs-tools is a compression read-only file system tool developed by Nicolas Pitre. Versions of cramfs-tools 2.1 and earlier contained a path traversal vulnerability, which originated from a function in the Directory Handler component called dodirectory in the cramfsck.c file, which allowed for...

5.3CVSS6AI score0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Zephyr 安全漏洞

Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, which stems from the use of sockets created with IPPROTOTLS13. When both TLS versions are enabled, TLS 1.2 can still be negotiated, as the protocol selection at the...

5.3CVSS5.8AI score0.00243EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.19 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.5CVSS5.8AI score0.00411EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Apple多款产品 安全漏洞

Apple iOS and other products are owned by the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.5CVSS5.8AI score0.00387EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

Flowise 代码问题漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.0 contained code vulnerabilities. These vulnerabilities stemmed from the direct import and invocation of the original HTTP client by multiple tools, without using...

9.8CVSS5.9AI score0.00396EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

HireFlow 安全漏洞

HireFlow is an online interview management platform developed by StratonWebDesigners as a personal developer project. Version 1.2 of HireFlow contains a security vulnerability. This vulnerability stems from the fact that all POST endpoints for state changes do not implement CSRF token verificatio...

8.1CVSS5.9AI score0.00168EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

Cowlib 注入漏洞

Cowlib is a web protocol message parsing and building library developed by Nine Nines. Version 2.9.0 of cowlib contains an injection vulnerability. This vulnerability stems from the cowcookie:cookie/1 function in cowlib, which constructs client Cookie request headers based on a list of name-value...

3.2CVSS5.8AI score0.00145EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.15 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

8.8CVSS7.1AI score0.00597EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

Grav 信息泄露漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-rc.2 contained an information leakage vulnerability. This...

7.7CVSS5.7AI score0.00276EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Amazon::Credentials 安全特征问题漏洞

Amazon::Credentials is a credential management library developed by BIGFOOT developers, used for managing access keys and authentication information for cloud services. Versions of Amazon::Credentials prior to 1.2.0 had security vulnerabilities. These vulnerabilities stemmed from the use of the...

5.3CVSS5.8AI score0.00174EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have security vulnerabilities; these...

6.5CVSS5.8AI score0.00323EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

WWBN AVideo 访问控制错误漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained an access control vulnerability. This vulnerability stemmed from the objects/users.json.php file exposing unvalidated paths, which could allow attackers to...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References1
Total number of security vulnerabilities195539