Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

s3-proxy 路径遍历漏洞

s3-proxy is a multi-functional S3 bucket proxy tool developed by Havrileck Alexandre. Versions of s3-proxy prior to 5.0.0 contained a path traversal vulnerability. This vulnerability stemmed from inconsistent URL path interpretations between the authentication middleware and the bucket processor,...

9.4CVSS5.8AI score0.00554EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

FireFighter 访问控制错误漏洞

FireFighter is an event management tool developed by ManoMano Tech. Versions of FireFighter prior to 0.0.54 contained an access control vulnerability. This vulnerability stemmed from the POST /api/v2/firefighter/raid/jirabot endpoint, which allowed unauthorized access without authentication...

9.9CVSS5.9AI score0.00272EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.15 views

Apple多款产品 安全漏洞

Apple iOS and other products are owned by the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

8.8CVSS5.8AI score0.00378EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Tenda AC6 命令注入漏洞

Tenda AC6 is a wireless router produced by the Chinese company Tenda. The version Tenda AC6 2.0/15.03.06.23 contains a command injection vulnerability. This vulnerability stems from an unknown function in the httpd component’s file/goform/telnet, which manipulates the parameter lan.ip, potentiall...

7.2CVSS5.8AI score0.04447EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

Cowlib 资源管理错误漏洞

Cowlib is a web protocol message parsing and building library developed by Nine Nines. In versions 0.6.0 to 2.16.1 of Cowlib, there was a resource management error vulnerability. This vulnerability stemmed from the block transfer encoding parser in the cowhttpte module, which allowed unlimited...

8.7CVSS5.8AI score0.00431EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.5CVSS5.8AI score0.0044EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

bitwarden 安全漏洞

Bitwarden is an open-source password management backend service developed by Bitwarden. Versions of Bitwarden prior to 2026.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of a master password re-authentication requirement when retrieving or rotating organizati...

8.6CVSS5.8AI score0.00504EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

5.3CVSS5.8AI score0.00242EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS prior to Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 contain security vulnerabilities due to race condition issues, which may allow applications to access the contact...

7.5CVSS5.8AI score0.00306EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.22 contained security vulnerabilities. These vulnerabilities were caused by bypassing security envelope constraints, which could lead to ACP sub-sessions that failed to inherit...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor, which supports various authentication and authorization protocols. There is a security vulnerability in Casdoor, caused by insufficient path cleaning. This vulnerability could allow authenticated attackers with administrator privileges to...

5.9CVSS5.9AI score0.00513EPSS
Exploits5References3
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Wikimedia AbuseFilter 输入验证错误漏洞

Wikimedia AbuseFilter is an editing filter tool developed by the Wikimedia Foundation, designed to automatically filter and block suspicious edits, account creation, and other disruptive activities based on custom rules. Versions of Wikimedia AbuseFilter prior to 1.43.7, as well as versions 1.44....

2.1CVSS5.8AI score0.00244EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Outline 安全漏洞

Outline is an open-source knowledge base developed by Outline. Versions of Outline prior to 1.7.0 contained security vulnerabilities. These vulnerabilities stemmed from the shares.create API, which accepted both collectionId and documentId. When published=false was set, only read access for each...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have security vulnerabilities; these...

7.5CVSS5.8AI score0.00348EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Meari com.meari.sdk 安全漏洞

Meari com.meari.sdk is a development toolkit for IoT communication and device management software, developed by Meari Corporation in China. There is a security vulnerability in Meari com.meari.sdk, which stems from failed server-side authorization. This vulnerability could allow unauthorized...

7.5CVSS5.9AI score0.00241EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.23 had code vulnerabilities. These vulnerabilities stemmed from the bundled plugin setup parser, which loaded setup-api.js from process.cwd. This allowed attackers to execute...

8.4CVSS6.1AI score0.00144EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

4.3CVSS5.8AI score0.00296EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained security vulnerabilities. These vulnerabilities stemmed from the setconfigvalue API method, which allowed options related to proxies to be included in the list. This could allow any...

8.3CVSS5.8AI score0.00396EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.15 views

Grav 跨站脚本漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained a cross-site scripting vulnerability. This...

8.9CVSS6.3AI score0.003EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Outline 跨站脚本漏洞

Outline is an open-source knowledge base developed by Outline. Versions 0.84.0 to 1.6.1 of Outline contain a cross-site scripting vulnerability. This vulnerability arises from the comment section, where users are allowed to mention others. However, the backend does not validate or clean up the hr...

7.3CVSS5.7AI score0.00245EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

MediaWiki 信息泄露漏洞

MediaWiki is a free and open-source wiki engine developed by the Wikimedia Foundation in the United States. This product can be used to deploy internal knowledge management and content management systems. Versions of MediaWiki prior to 1.43.7, 1.44.4, and 1.45.2 contained a vulnerability that led...

7.5CVSS5.8AI score0.0029EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

WeGIA 信息泄露漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.10 contained a vulnerability related to information leakage. This vulnerability stemmed from the return of overly detailed error messages during file uploads,...

5.8AI score0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

WeGIA 跨站脚本漏洞

WeGIA is a web manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the idprocesso parameter being directly embedded in HTML without proper cleaning, which could lead to...

6.1CVSS5.6AI score0.00178EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Grav 输入验证错误漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Prior to Grav 2.0.0-beta.2, there was a vulnerability related to input validation errors. This...

9.4CVSS5.8AI score0.00939EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Vaultwarden 代码问题漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García. Versions of Vaultwarden prior to 1.35.5 contained code vulnerabilities. These vulnerabilities stemmed from the fact that when a user’s security token was refreshed through certain sensitive...

8.1CVSS5.9AI score0.00216EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

Meari IoT SDK 安全漏洞

Meari IoT SDK is a software development kit provided by Meari Corporation, aimed at intelligent device application development in the field of IoT communication and device management. The Meari IoT SDK contains security vulnerabilities, which stem from the hardcoding and sharing of multiple...

8.6CVSS5.8AI score0.00241EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

Zen 数据伪造问题漏洞

Zen is an open-source productivity browser based on Firefox. Versions of Zen prior to 1.19.9b contained a data manipulation vulnerability. This vulnerability stemmed from the removal of all MAR signature verifications from the Firefox code base, resulting in MAR files containing zero encrypted...

8CVSS5.9AI score0.00199EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Vaultwarden 安全漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García. Versions of Vaultwarden prior to 1.35.4 contained a security vulnerability. This vulnerability stemmed from the fact that enabling email two-factor authentication allowed bypassing login...

9.8CVSS5.8AI score0.00288EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Dell ECS 安全漏洞

Dell ECS is an enterprise-level object storage solution from the American company Dell. Versions 3.8.1.0 to 3.8.1.7 of Dell ECS, as well as versions prior to 4.3.0.0 of Dell ObjectScale, have security vulnerabilities. These vulnerabilities stem from improper management of operating system...

6.7CVSS5.8AI score0.00104EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

WeGIA 跨站脚本漏洞

WeGIA is a network manager for a welfare institution developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-cross-site scripting, which could allow authenticated users to inject malicious JavaScript into...

6.8CVSS5.7AI score0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Apple多款产品 安全漏洞

Apple iOS and other products are owned by the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.5CVSS5.9AI score0.0041EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

6.2CVSS5.8AI score0.00147EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Apple多款产品 安全漏洞

Apple iOS and other products are owned by the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.5CVSS5.8AI score0.00397EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

D-Link DCS-935L 缓冲区错误漏洞

The D-Link DCS-935L is a router produced by D-Link Corporation. Versions of the D-Link DCS-935L prior to 1.10.01 contain a buffer error vulnerability. This vulnerability stems from the operation of the AdminPassword parameter in the SetDeviceSettings function within the HNAP Service component,...

9CVSS7.7AI score0.00997EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 had code vulnerabilities. These vulnerabilities stemmed from skipping the strict SRF policy checks during the creation of browser CDP configuration files. This allowed...

5CVSS5.9AI score0.00246EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26.5 had a security vulnerability due to permission issues, which could allow applications to access protected user data...

7.5CVSS5.8AI score0.00302EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Audiobookshelf 路径遍历漏洞

Audiobookshelf is an open-source, self-hosted server for audio books and podcasts. Versions of Audiobookshelf prior to 2.32.2 had a path traversal vulnerability. This vulnerability stemmed from the use of String StartsWith for path validation, allowing authenticated users to detect the existence ...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of escaping of user input in the plugin/Meet/iframe.php file, which could allo...

6.1CVSS5.9AI score0.00225EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS prior to Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 contain security vulnerabilities due to state management issues, which may allow applications to access private...

6.5CVSS5.8AI score0.00322EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Dell ECS 安全漏洞

Dell ECS is an enterprise-level object storage solution from the American company Dell. Versions 3.8.1.0 to 3.8.1.7 of Dell ECS, as well as versions prior to 4.3.0.0 of Dell ObjectScale, have security vulnerabilities. These vulnerabilities stem from a certification bypass in Geo replication, whic...

5.6CVSS5.9AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.5CVSS5.8AI score0.00407EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 7.1.2-21 and 6.9.13-46 contained security vulnerabilities. These vulnerabilities were due ...

5.5CVSS5.9AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

OWASP BLT 代码注入漏洞

OWASP BLT is an open-source gamified crowdsourcing platform for testing and disclosing vulnerabilities. Versions of OWASP BLT prior to 2.1.2 contained a code injection vulnerability. This vulnerability stemmed from the use of the pullrequesttarget trigger in the pre-commit-fix.yaml workflow, whic...

8.8CVSS6.5AI score0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.2rc1 and earlier have security vulnerabilities. These vulnerabilities stem from the fact that the standard module loader does not perform cyclic checks when modules are included within each other,...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

jq 输入验证错误漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have a vulnerability related to input validation errors. This vulnerability arises when decNumberFromString receives an integer with exactly INTMAX-1 digits. During signed integer...

6.2CVSS6AI score0.00158EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

External Secrets 授权问题漏洞

External Secrets is an open-source Kubernetes-related application developed by External Secrets. Versions of the External Secrets Operator prior to 2.4.1 had an authorization issue vulnerability. This vulnerability stemmed from the ability for users to create ExternalSecret resources, allowing...

4.9CVSS5.8AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Audiobookshelf 安全漏洞

Audiobookshelf is an open-source, self-hosted server for audio books and podcasts. Versions of Audiobookshelf prior to 2.32.2 contained a security vulnerability. This vulnerability stemmed from the backup upload endpoint not restricting the decompression size, allowing administrators to upload...

4.9CVSS5.8AI score0.00257EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Fiber 跨站脚本漏洞

Fiber is an open-source web framework written in Go. Versions of Fiber prior to 2.52.12 and 3.1.0 contain a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting, allowing remote attackers to inject arbitrary HTML/JavaScript into any request by providing Accept:...

6.1CVSS5.8AI score0.00212EPSS
Exploits1References1
Total number of security vulnerabilities195539