Lucene search
+L

195539 matches found

CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

MediaWiki 信息泄露漏洞

MediaWiki is a free and open-source web-based wiki engine developed by the Wikimedia Foundation in the United States. This product can be used to deploy internal knowledge management and content management systems. Versions of MediaWiki prior to 1.43.7, 1.44.4, and 1.45.2 contained a vulnerabilit...

5.3CVSS5.8AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

pgAdmin 安全漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 contained a security vulnerability caused by symbolic link path traversal. This vulnerability could allow authenticated users to create symbolic links within...

8.1CVSS5.9AI score0.00359EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Inbox Zero 信息泄露漏洞

Inbox Zero is an AI email assistant developed by Elie Steinbock. It automatically organizes the inbox, drafts responses, and manages schedules. Versions of Inbox Zero prior to 2.29.3 had a vulnerability related to information leakage. This vulnerability stemmed from the use of shared Redis...

4.3CVSS5.8AI score0.00228EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

WWBN AVideo 跨站请求伪造漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF protection and MIME validation in the objects/userSavePhoto.php...

5.4CVSS5.7AI score0.00121EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

CosyVoice 安全漏洞

CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. There was a security vulnerability in the previous version of CosyVoice, which stemmed from the data processing tool makeparquetlist.py using torch.load to load .pt files without enabling the...

7.3CVSS6.2AI score0.0021EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

D-Link DCS-932L 安全漏洞

The D-Link DCS-932L is a network surveillance camera from D-Link Corporation. It is used for security and monitoring purposes. The D-Link DCS-932L version 2.18.01 has a security vulnerability. This vulnerability stems from improper handling of the parameter LightSensorControl by the function...

7.3CVSS5.8AI score0.01235EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Wikimedia OATHAuth 信息泄露漏洞

Wikimedia OATHAuth is a dual authentication extension developed by the Wikimedia Foundation. Versions of Wikimedia OATHAuth prior to 1.43.7, as well as 1.44.4 and 1.45.2, contained a vulnerability that led to the exposure of sensitive information to unauthorized attackers...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain security vulnerabilities. These vulnerabilities stem from the objects/sendEmail.json.php file, which allows unverified attackers to send arbitrary emails...

5.3CVSS5.9AI score0.00229EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have security vulnerabilities; these vulnerabilities stem from unbounded recursion in jvobjectmergerecursive. This recursion allows malicious programs to cause program crashes with...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

jq 输入验证错误漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have a vulnerability related to input validation errors. This vulnerability arises because jq accepts embedded NUL bytes at the jq language level during import paths. However, during...

4.4CVSS5.8AI score0.00157EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

jq 输入验证错误漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from the use of signed integers for the stack allocation size in the jq bytecode virtual machine. Wh...

7.3CVSS5.8AI score0.00142EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have security vulnerabilities; these vulnerabilities stem from the jvcontains function’s recursive nesting of arrays/objects without depth limits, which may lead to exhaustion of the C...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

MediaWiki 安全漏洞

MediaWiki is a free and open-source wiki engine developed by the Wikimedia Foundation in the United States. This product can be used to deploy internal knowledge management and content management systems. Versions of MediaWiki prior to 1.43.7, 1.44.4, and 1.45.2 contain security vulnerabilities...

6.1CVSS5.8AI score0.00199EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have security vulnerabilities. These vulnerabilities arise from the top-level jq program loaded via the -f parameter being truncated at the first NUL byte. This can result in the...

5.5CVSS5.9AI score0.00158EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

6.5CVSS5.8AI score0.00389EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Vaultwarden 安全漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García. Versions of Vaultwarden prior to 1.35.5 contained security vulnerabilities. These vulnerabilities stemmed from allowing unverified organization owners to delete the entire organization’s vault. T...

8.1CVSS5.8AI score0.00267EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.15 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have security vulnerabilities; these...

7.5CVSS5.8AI score0.00399EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Open edX Platform 代码问题漏洞

The Open edX Platform is an open-source course management system developed by Open edX. This system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. The Open edX Platform has code vulnerabilities that stem from the syncproviderdata endpoint in the...

9.9CVSS6AI score0.00374EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 contained security vulnerabilities. These vulnerabilities stemmed from a flaw related to hook session keys, which could allow attackers to bypass the...

6.3CVSS5.8AI score0.00279EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.4.5 to 2026.4.20 contained a security vulnerability. This vulnerability was caused by environmental variable injection, which could lead to the dotenv workspace overriding...

5CVSS5.8AI score0.00119EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Zen 安全漏洞

Zen is an open-source productivity browser based on Firefox. Versions of Zen prior to 1.19.12b contain security vulnerabilities. These vulnerabilities arise from the address bar incorrectly truncating long hostnames and displaying only the subdomain prefix controlled by the attacker, which may le...

4.7CVSS5.8AI score0.00164EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

SOCFortress CoPilot 授权问题漏洞

SOCFortress CoPilot is an open-source unified security operations platform developed by SOCFortress. Versions of SOCFortress CoPilot prior to 0.1.57 contained authorization-related vulnerabilities. These vulnerabilities stemmed from a hardcoded JWT signing key being used as a backup value, and th...

10CVSS5.8AI score0.0044EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

e107 代码问题漏洞

e107 is a set of open-source, free content management systems CMS developed by the E107 team. It is based on PHP and MySQL. This system supports various plugins and theme options, making it suitable for use as a personal blog, discussion community, or archive repository. Version 2.3.0 of e107 has...

8.8CVSS6.6AI score0.0059EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

WordPress plugin Contact Form Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.1CVSS5.7AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

Dotouch XproUPF 安全漏洞

Dotouch XproUPF is an intelligent conference tablet device from the Dotouch company, featuring integrated touch display and multimedia interaction capabilities. The Dotouch XproUPF 2.0.0-release-088aa7c4 version contains a security vulnerability. This vulnerability stems from a denial-of-service...

5.1CVSS5.8AI score0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.14 views

WordPress plugin International Sms For Contact Form 7 Integration 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.1CVSS5.7AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

Moodle 跨站脚本漏洞

Moodle is an open-source e-learning software platform developed by Moodle, also known as a course management system, learning management system, or virtual learning environment. Version 4.0 of Moodle has a cross-site scripting vulnerability. This vulnerability stems from the search parameters...

6.1CVSS5.6AI score0.00331EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

Plack::Middleware::Statsd 安全漏洞

Plack::Middleware::Statsd is a middleware component for logging web request metrics and sending them to a statistics system by Robert Rothenberg, an individual developer. A security vulnerability exists in Plack::Middleware::Statsd prior to version 0.9.0, which stems from an unencrypted...

5.3CVSS5.8AI score0.00219EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the updateauthorizedpccruleandqos function in the SMF component...

6.5CVSS5.8AI score0.00372EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

Canias ERP 加密问题漏洞

Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains a security vulnerability related to encryption. This vulnerability stems from the use of hardcoded...

6.9CVSS6.1AI score0.00292EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

WordPress plugin Download From Files 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

9.8CVSS5.9AI score0.00396EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

PHP 代码问题漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 contained code vulnerabilities. These vulnerabilities were caused by mismatches in the encoding lists between Oniguruma and mbfl, leading to null pointer dereferencing...

6.5CVSS5.9AI score0.00202EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

WordPress plugin WP Symposium Pro 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

Exponent CMS 跨站脚本漏洞

Exponent CMS is a website content management system provided by the Exponent company, offering capabilities for page management and modular content editing. Version 2.6 of Exponent CMS contains a cross-site scripting vulnerability. This vulnerability stems from storage-based cross-site scripting...

6.4CVSS5.8AI score0.00213EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

OpenCats 访问控制错误漏洞

OpenCats is an open-source recruitment process management system developed by OpenCats. Version 0.9.4 of OpenCats contains a vulnerability related to access control. This vulnerability stems from a remote code execution flaw, allowing unauthenticated attackers to execute arbitrary commands by...

9.8CVSS6.7AI score0.00656EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless printing server developed by Wavlink Corporation. The Wavlink NU516U1 240425 version has a command injection vulnerability. This vulnerability stems from the OS command injection present in the function wzdapMesh located in the file/cgi-bin/adm.cgi, which may lead to...

8.8CVSS6.6AI score0.04944EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

WordPress plugin amministrazione-aperta 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.9CVSS5.9AI score0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

Opencart TMD Vendor System SQL注入漏洞

The Opencart TMD Vendor System is an extension provided by Opencart Inc. for e-commerce platforms, offering multiple merchant integration and management features. Version 3.x of the Opencart TMD Vendor System contains a SQL injection vulnerability. This vulnerability stems from blind SQL injectio...

8.8CVSS5.9AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.15 views

WordPress plugin 3dady real-time web stats 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

6.4CVSS5.6AI score0.00217EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online auctions and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleanup of the filter functions for t...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

Canias ERP 安全漏洞

Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains a security vulnerability. This vulnerability stems from an improper authorization in the function...

6.9CVSS6.1AI score0.00292EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online auctions and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the filter functions for the...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

WordPress Plugin Filterable Portfolio Gallery 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless printing server developed by Wavlink Corporation. The Wavlink NU516U1 240425 version has a command injection vulnerability. This vulnerability stems from the operation of the syslogin1 function in the /cgi-bin/login.cgi file, where the parameter ipaddr is processed...

8.8CVSS6.6AI score0.04944EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

Canias ERP 路径遍历漏洞

Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains a path traversal vulnerability. This vulnerability stems from the operation of the iasRequestFileEvent...

6.9CVSS6.1AI score0.0055EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleanup of the filter functions for th...

6.1CVSS5.7AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

CodeAstro Online Catering Ordering System 注入漏洞

The CodeAstro Online Catering Ordering System is an online catering ordering system developed by CodeAstro Corporation. Version 1.0 of the CodeAstro Online Catering Ordering System has a SQL injection vulnerability. This vulnerability stems from the handling of parameter IDs in the...

6.5CVSS6.7AI score0.00196EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

Ampps Advanced Guestbook 跨站脚本漏洞

Ampps Advanced Guestbook is a web messaging system provided by the Indian company Ampps, which offers features for posting and managing guest messages. Version 2.4.4 of Ampps Advanced Guestbook contains a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site...

6.4CVSS5.7AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

Devs Palace ERP Online 跨站脚本漏洞

Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability originated from an unknown function in the file...

4.8CVSS5.5AI score0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

PHP 资源管理错误漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 contained a resource management vulnerability. This vulnerability occurred when the SoapServer was configured as SOAPPERSISTENTSESSION. In such cases, the processing...

9.8CVSS5.8AI score0.00302EPSS
Exploits0References1
Total number of security vulnerabilities195539