Lucene search
+L

195539 matches found

CNNVD
CNNVD
added 2026/05/10 12:0 a.m.19 views

PHP SQL注入漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 have a SQL injection vulnerability. This vulnerability stems from the improper handling of NUL bytes by the PDO Firebird driver when processing SQL queries, which can...

9.8CVSS5.9AI score0.00298EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

WordPress plugin MStore API 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.8CVSS6.3AI score0.00587EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

WordPress plugin Picture Gallery 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

Canias ERP 命令注入漏洞

Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains a command injection vulnerability. This vulnerability stems from the operation of the...

6.5CVSS6.6AI score0.01201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless printing server developed by Wavlink Corporation. The Wavlink NU516U1 240425 version has a command injection vulnerability. This vulnerability stems from the operation of the WifiBasic function in the file/cgi-bin/wireless.cgi regarding the parameters...

8.8CVSS6.7AI score0.04944EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

WordPress plugin GetPaid 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.9AI score0.00169EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

MiniClaw 命令注入漏洞

MiniClaw is an AI memory and evolution tool developed by a personal developer. Versions 0.8.0 and 0.9.0 of MiniClaw contain command injection vulnerabilities. These vulnerabilities stem from the function resolveSkillScriptPath in the System Command Handler component’s src/kernel.ts file, which...

5.5CVSS6.1AI score0.01387EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

WordPress plugin Slider by Soliloquy 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

WordPress plugin Ultimate Product Catalog 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.9AI score0.00282EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.16 views

WordPress plugin Survey & Poll SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS6.1AI score0.00282EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

WordPress plugin cab-fare-calculator 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.9CVSS5.9AI score0.00385EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

WordPress plugin Testimonial Slider and Showcase 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

Devs Palace ERP Online 跨站脚本漏洞

Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from an unknown function in the...

4.8CVSS5.6AI score0.00202EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

Dotouch XproUPF 安全漏洞

Dotouch XproUPF is an intelligent conference tablet device from the Dotouch company, featuring integrated touch display and multimedia interaction capabilities. The Dotouch XproUPF 2.0.0-release-088aa7c4 version contains a security vulnerability. This vulnerability stems from improper access...

4.6CVSS5.7AI score0.00139EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.13 views

WordPress Plugin AccessPress Social Icons 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.00239EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.8 views

memono Notepad 安全漏洞

Memono Notepad is a lightweight note-taking app developed by Memono Corporation, designed for concise recording and text management. Version 4.2 of Memono Notepad contains a security vulnerability. This vulnerability stems from the practice of pasting excessively long characters into note fields,...

8.7CVSS5.8AI score0.00284EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

ProjectSend 跨站脚本漏洞

ProjectSend cFTP is an open-source set of self-hosted applications based on PHP and MySQL by ProjectSend. Version r1295 of ProjectSend contains a cross-site scripting vulnerability. This vulnerability stems from a stored-cross-site scripting vulnerability in the files-edit.php file, which could...

6.4CVSS5.7AI score0.00204EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

WordPress plugin AAWP 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.4CVSS5.7AI score0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.7 views

WordPress plugin Netroics Blog Posts Grid 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

Canias ERP 授权问题漏洞

Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains an authorization vulnerability. This vulnerability stems from the parameter clientVersion in the Login...

6.9CVSS6.1AI score0.00403EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

Rocket LMS 跨站脚本漏洞

Rocket LMS is an educational platform system developed by the American company Rocket, which integrates online course management and learning interaction functions. Version 1.1 of Rocket LMS contains a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleaning of the filter functions for t...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.8 views

WordPress plugin TheCartPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.8CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.13 views

CyberPanel 后置链接漏洞

CyberPanel is a virtual hosting control panel developed by Usman Nasir, which includes DNS and email servers. Version 2.1 of CyberPanel has a post-backlink vulnerability. This vulnerability stems from an issue with the filemanager controller endpoint, where command execution is possible. This cou...

8.8CVSS6.1AI score0.00533EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

Argus Surveillance Dvr 代码问题漏洞

Argus Surveillance DVR is a general-purpose software for the security mixing platform developed by Argus Surveillance in the United States. It can work simultaneously with wireless and wired IP cameras, TV boards, capture cards, power lines, and USB cameras. Version 4.0 of Argus Surveillance DVR...

8.5CVSS5.9AI score0.00109EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

WordPress plugin Videos sync PDF 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00191EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

Devs Palace ERP Online 跨站脚本漏洞

Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from an unknown function in the...

4.8CVSS5.6AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

MotoPress Hotel Booking Lite 跨站脚本漏洞

MotoPress Hotel Booking Lite is a hotel booking software developed by MotoPress. Version 4.2.4 of MotoPress Hotel Booking Lite contains a cross-site scripting vulnerability. This vulnerability stems from a stored-cross-site scripting flaw in the accommodation type field, which may allow...

6.4CVSS5.6AI score0.00191EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

ImpressCMS 代码注入漏洞

ImpressCMS is a modular content management system CMS based on MySQL, developed by ImpressCMS Inc. This system includes modules for news publishing, forums, and photo albums. Version 1.4.2 of ImpressCMS has a code injection vulnerability. This vulnerability stems from a remote code execution flaw...

8.8CVSS6.7AI score0.00569EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

Canias ERP 授权问题漏洞

Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains an authorization vulnerability; this vulnerability stems from the function...

7.5CVSS7.1AI score0.00391EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

WordPress plugin Curtain 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.7AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a denial-of-service attack in the function...

7.5CVSS6.1AI score0.00487EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the function pcfsesssetipv6prefix in the PCF component’s file...

7.5CVSS6.1AI score0.00502EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.16 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the sm-policies Endpoint component, specifically t...

7.5CVSS6.1AI score0.00477EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

Net-CIDR-Lite 安全漏洞

Net-CIDR-Lite is a Perl module for handling CIDR addresses from the individual developers at Stig. A security vulnerability exists in Net-CIDR-Lite versions prior to 0.24 that stems from not properly handling extra zero characters in CIDR mask values, which could lead to IP ACL bypass...

6.5CVSS5.8AI score0.003EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

Catalyst::Plugin::Statsd 安全漏洞

Catalyst::Plugin::Statsd is a plugin module by Robert Rothenberg, an individual developer, for capturing application runtime metrics and sending them to a statistics system. A security vulnerability exists in Catalyst::Plugin::Statsd 0.10.0 and earlier versions, which stems from an unencrypted...

7.5CVSS5.8AI score0.00244EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the updateauthorizedpccruleandqos function in the SMF component...

6.5CVSS5.8AI score0.00461EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.8 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the delete Endpoint component called...

7.5CVSS6.1AI score0.00487EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.25 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the sm-policies Endpoint called...

7.5CVSS6.1AI score0.00477EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

WordPress plugin IP2Location Country Blocker 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.6AI score0.00191EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

Canias ERP 授权问题漏洞

Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains an authorization vulnerability. This vulnerability stems from the operation of the doAction function in...

6.9CVSS6AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

Drupal avatar_uploader 跨站脚本漏洞

Drupal avatarUploader is an extension developed by Drupal Corporation that provides website users with functionality for uploading and managing avatars. The Drupal avatarUploader 7.x-1.0-beta8 version contains a cross-site scripting vulnerability. This vulnerability stems from improper handling o...

6.1CVSS5.6AI score0.00244EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.15 views

Textpattern CMS 代码问题漏洞

TextPattern CMS is a content management system based on PHP developed by the TextPattern team. Version 4.8.7 of TextPattern CMS has a code vulnerability that stems from a remote code execution flaw in the file upload function. This vulnerability could allow authenticated attackers to execute...

8.8CVSS6.6AI score0.00617EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by uBidAuction Company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleanup of the filter functions for the...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleaning of the filter functions for t...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

Evolution CMS 代码注入漏洞

Evolution CMS is an open-source content management system based on PHP, developed by Evolution CMS. Version 3.1.6 of Evolution CMS has a code injection vulnerability. This vulnerability stems from a remote code execution flaw, allowing authenticated users with module creation permissions to execu...

8.8CVSS6.7AI score0.00638EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

OpenCart 安全漏洞

OpenCart is an open-source e-commerce system developed by the OpenCart team in China. This system provides modules for product reviews, product ratings, and product addition. Version 3.0.3.8 of OpenCart has a security vulnerability, which stems from a session fixation vulnerability. This...

9.8CVSS5.9AI score0.00423EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

Canias ERP 安全漏洞

Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains a security vulnerability. This vulnerability stems from observed differences in the response of the...

6.3CVSS5.8AI score0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

Devs Palace ERP Online 跨站脚本漏洞

Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from an unknown function in the...

4.8CVSS5.6AI score0.00202EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

EFM ipTIME A8004T 缓冲区错误漏洞

The EFM ipTIME A8004T is a wireless router produced by the South Korean company EFM. The version 14.18.2 of the EFM ipTIME A8004T contains a buffer error vulnerability. This vulnerability stems from an stack buffer overflow issue in the formWifiBasicSet function within the file/goform/WifiBasicSe...

9CVSS7.6AI score0.00481EPSS
Exploits0References2
Total number of security vulnerabilities195539