Lucene search
+L

195539 matches found

cnnvd
cnnvd
added 2026/05/10 12:0 a.m.12 views

Aero CMS 代码注入漏洞

Aero CMS is a content management system developed by the American company Aero CMS. Version 0.0.1 of Aero CMS has a code injection vulnerability. This vulnerability stems from PHP code injection in the image parameter, which may allow authenticated attackers to execute arbitrary PHP code by...

8.8CVSS6.1AI score0.00347EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.12 views

Sentry 代码注入漏洞

Sentry is an open-source error tracking and performance monitoring platform for developers. Version Sentry 8.2.0 contains a code injection vulnerability. This vulnerability stems from a remote code execution flaw, allowing authenticated superusers to execute arbitrary commands by injecting...

8.8CVSS6.7AI score0.00927EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.10 views

Balbooa Joomla Forms Builder SQL注入漏洞

Balbooa Joomla Forms Builder is a website form building plugin provided by Balbooa Corporation, which offers visual form design and data collection features. Version 2.0.6 of Balbooa Joomla Forms Builder contains an SQL injection vulnerability. This vulnerability stems from an unauthenticated SQL...

8.8CVSS6.1AI score0.00309EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.10 views

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless printing server developed by Wavlink Corporation. The Wavlink NU516U1 240425 version has a command injection vulnerability. This vulnerability stems from the OS command injection present in the function advance within the file/cgi-bin/wireless.cgi, when dealing with...

8.8CVSS6.6AI score0.04807EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.10 views

OpenCart 跨站请求伪造漏洞

OpenCart is an open-source e-commerce system developed by the OpenCart team in China. This system provides modules for product reviews, product ratings, and product addition. Version 3.0.3.7 of OpenCart has a cross-site request forgeing vulnerability. This vulnerability stems from the...

5.3CVSS5.7AI score0.00126EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.11 views

OpenCart 跨站请求伪造漏洞

OpenCart is an open-source e-commerce system developed by the OpenCart team in China. This system provides modules for product reviews, product ratings, and product addition. Version 3.0.36 of OpenCart has a cross-site request forgeing vulnerability. This vulnerability stems from the /account/edi...

6.9CVSS5.7AI score0.00151EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.10 views

WordPress Plugin Contact Form to Email 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00187EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.12 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the filter functions for the...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.9 views

Net-CIDR-Lite 安全漏洞

Net-CIDR-Lite is a Perl module for working with CIDR addresses from Stig Personal Developers. A security vulnerability exists in Net-CIDR-Lite versions prior to 0.24 that stems from not properly validating IP address and CIDR mask input, which could lead to IP ACL bypass...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.9 views

CMDBuild 跨站脚本漏洞

CMDBuild is an open-source web-based enterprise environment for configuring custom applications for asset management. Version 3.3.2 of CMDBuild contains a cross-site scripting vulnerability. This vulnerability stems from multiple stored-cross-site scripting vulnerabilities, allowing authenticated...

6.4CVSS5.8AI score0.00239EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.11 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online auctions and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleaning of the filter functions for...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.13 views

PHP 缓冲区错误漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 contained a buffer error vulnerability. This vulnerability stemmed from certain functions passing signed chars to the ctype function. On systems with default signed cha...

7.5CVSS6AI score0.00337EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.12 views

PHP 资源管理错误漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 contained a resource management vulnerability. This vulnerability stemmed from the object deduplication mechanism in the SOAP extension, which stored pointers to PHP...

9.8CVSS6.1AI score0.00739EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.12 views

WordPress plugin Jetpack 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.1CVSS5.7AI score0.00204EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.9 views

PHP 缓冲区错误漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.4.21 and 8.5.6 contained a buffer error vulnerability. This vulnerability arises when a code name containing a NUL byte is passed to the mbconvertencoding or related mbstring functions. The code...

9.1CVSS6AI score0.00469EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.9 views

PHP 代码问题漏洞

PHP is an open-source scripting language executed on the server side. There were code vulnerabilities in versions prior to PHP 8.2.31, 8.3.31, 8.4.21, and 8.5.6. These vulnerabilities stemmed from a flaw where, when the SOAP server was configured with type mapping, incorrect variables were checke...

7.5CVSS5.9AI score0.0078EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.13 views

PHP 安全漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.4.21 and 8.5.6 contained security vulnerabilities. These vulnerabilities stemmed from the DOMNode::C14N method, which might improperly handle XML data, causing a circular linked list to be formed in t...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.12 views

PHP 缓冲区错误漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 contained a buffer error vulnerability. This vulnerability stemmed from the use of the metaphone function, which used signed integer variables to track the current...

7.5CVSS6AI score0.00455EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.9 views

libexpat 安全漏洞

libexpat is a streaming XML parser written in C language by the libexpat team. Versions of libexpat prior to 2.8.1 had security vulnerabilities, which stemmed from the computational complexity of attribute name conflict checks. These vulnerabilities could potentially lead to denial-of-service...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.10 views

PHP 跨站脚本漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 had a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of user data, allowing attackers to construct URLs that allowed arbitrary...

8.8CVSS5.9AI score0.0021EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.10 views

XML::LibXML 缓冲区错误漏洞

XML::LibXML is an open-source Perl interface tool developed by CPAN authors for parsing and manipulating XML files. Versions of XML::LibXML 2.0210 and earlier contained a buffer error vulnerability. This vulnerability stemmed from the parsing of XML node names that contained truncated UTF-8 byte...

7.5CVSS6AI score0.00531EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.9 views

memono Notepad 安全漏洞

Memono Notepad is a lightweight note-taking app developed by Memono Corporation, designed for concise recording and text management. Version 4.2 of Memono Notepad contains a security vulnerability. This vulnerability stems from the practice of pasting excessively long characters into note fields,...

8.7CVSS5.8AI score0.00284EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.10 views

Canias ERP 授权问题漏洞

Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains an authorization vulnerability. This vulnerability stems from the parameter clientVersion in the Login...

6.9CVSS6.1AI score0.00403EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.12 views

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless printing server developed by Wavlink Corporation. The Wavlink NU516U1 M16U1V240425 version has a command injection vulnerability. This vulnerability arises from the operation of the wzdrepeater function in the file/cgi-bin/adm.cgi, which handles parameters such as...

8.8CVSS6.6AI score0.04807EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.13 views

JeecgBoot 跨站脚本漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contained a cross-site scripting vulnerability. This vulnerability originated from an unknown function in the SVG File Handler component, specifical...

5.3CVSS5.6AI score0.00269EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.9 views

HCL BigFix WebUI 安全漏洞

HCL BigFix WebUI is a web-based administration page from HCL India. A security vulnerability exists in the HCL BigFix WebUI that stems from improper authorization and could allow authenticated users without Master Operator privileges to access internal data and bypass privilege requirements throu...

6.5CVSS5.8AI score0.00225EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.10 views

Hikvision HikCentral Professional 安全漏洞

Hikvision HikCentral Professional is a professional edition of the AI Cloud-based application management platform designed for edge domains by Hikvision, a Chinese company. Hikvision HikCentral Professional has security vulnerabilities, particularly an access control issue that may allow...

6.8CVSS5.8AI score0.00282EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.9 views

Net::IMAP 安全漏洞

Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. Versions of Net::IMAP prior to 0.3.10, 0.4.24, 0.5.14, and 0.6.4 contained security vulnerabilities. These vulnerabilities stemmed from the possibility for man-in-the-middle attackers to cause...

7.6CVSS5.8AI score0.00324EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.9 views

Pillow 安全漏洞

Pillow is an open-source image processing library developed by Pillow. Versions of Pillow from 11.2.1 to 12.2.0 contained security vulnerabilities. These vulnerabilities were caused by the possibility of a heap buffer overflow when nested lists were passed as coordinates to the API...

5.5CVSS7.3AI score0.00133EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.12 views

Pillow 输入验证错误漏洞

Pillow is an open-source image processing library developed by Pillow. Versions of Pillow prior to 12.2.0 contained a vulnerability related to input validation errors. This vulnerability could lead to integer overflow when the advancement of each character in the font was too large...

5.5CVSS7.2AI score0.00114EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.10 views

PgBouncer 输入验证错误漏洞

PgBouncer is an open-source, lightweight connection pool for PostgreSQL developed by the PgBouncer community. Prior to PgBouncer 1.25.2, there was a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows in the network packet parsing code, which allowe...

7.5CVSS5.8AI score0.00698EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.11 views

Pelican Command Line 安全漏洞

Pelican Command Line is an open-source federal data client and source service tool developed by the Pelican Platform. Security vulnerabilities exist in versions of Pelican Command Line between 7.21.0 and 7.21.5, 7.22.0 and 7.22.3, 7.23.0 and 7.23.3, and 7.24.0 and 7.24.2. These vulnerabilities st...

9CVSS5.8AI score0.0032EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.14 views

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 have security vulnerabilities. These vulnerabilities stem from the system’s API endpoints leaking license data and installed versions to authenticated users...

5.3CVSS5.8AI score0.00193EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.11 views

EZVIZ APP 安全漏洞

EZVIZ APP is a mobile application developed by EZVIZ, a Chinese company, for remote monitoring and management of smart security devices. The EZVIZ APP has a security vulnerability, which stems from the use of outdated cloud function modules and legacy API interfaces. This vulnerability may allow...

5.3CVSS5.8AI score0.00088EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.10 views

GrapheneOS 安全漏洞

GrapheneOS is a mobile operating system developed by GrapheneOS Inc. Prior versions of GrapheneOS, including 2026050400, contained security vulnerabilities. These vulnerabilities stemmed from the optimization of the registerQuicConnectionClosePayload function, which could allow attackers to...

2.2CVSS5.8AI score0.00094EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.13 views

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 had security vulnerabilities. These vulnerabilities stemmed from the ability to create, replace, and delete user avatars without restricting user update permissions...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.10 views

JeecgBoot 授权问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Version 3.9.1 of JeecgBoot contains an authorization vulnerability. This vulnerability stems from an unknown function in the mLogin Endpoint’s file...

6.3CVSS5.7AI score0.00463EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.13 views

Pillow 输入验证错误漏洞

Pillow is an open-source image processing library developed by Pillow. In versions 10.3.0 to 12.2.0, Pillow had a vulnerability related to input validation errors. This vulnerability could lead to memory corruption when processing malicious PSD files, potentially causing crashes or arbitrary code...

8.6CVSS7.4AI score0.0015EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.16 views

Net::IMAP 安全漏洞

Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. Versions of Net::IMAP prior to 0.4.24, 0.5.14, and 0.6.4 contained security vulnerabilities. These vulnerabilities stemmed from the use of ResponseReader, which had a quadratic time complexity when...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.11 views

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless print server developed by Wavlink Corporation. The Wavlink NU516U1 M16U1V240425 version has a command injection vulnerability. This vulnerability arises from the handling of parameters wlchannel/wlPass/EncrypType in the changewifipassword function located in the...

8.8CVSS6.7AI score0.05454EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.12 views

Akaunting 代码问题漏洞

Akaunting is an application software developed by Akaunting Company that provides all the tools needed for online fund management. Version 3.1.21 of Akaunting has a code vulnerability; this vulnerability stems from an unknown processing in the Invoice PDF Rendering component’s config/dompdf.php...

6.5CVSS6.6AI score0.00206EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.13 views

Linkwarden 代码问题漏洞

Linkwarden is a self-hosted collaborative bookmark manager developed by Linkwarden OpenSource. Versions of Linkwarden prior to 2.13.0 had code vulnerabilities. These vulnerabilities stemmed from insufficient URL validation in the fetchTitleAndHeaders function, which only checked the http:// or...

9.1CVSS6AI score0.00285EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.13 views

Fess 注入漏洞

Fess is a powerful and easy-to-deploy enterprise search server developed by the CodeLibs Project. Versions of Fess 15.5.1 and earlier contained a vulnerability due to an injection flaw in the JSP File Handler component. This flaw stemmed from the update function in the...

5.8CVSS5.9AI score0.00244EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.11 views

Hikvision多款产品 安全漏洞

Hikvision DS-3E1310P-SI, DS-3E1318P-SI, and DS-3E1326P-SI are all intelligent switch devices from Hikvision, a Chinese company. Several Hikvision products have security vulnerabilities. These vulnerabilities stem from insufficient input validation, allowing authenticated attackers to execute...

7.2CVSS6.1AI score0.00842EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.10 views

liquidjs 安全漏洞

liquidjs is a simple, expressive, secure and Shopify-compatible pure JavaScript template engine by Jun Yang, a personal developer. A security vulnerability exists in liquidjs versions prior to 10.25.7, which stems from a circular block reference that leads to an infinite recursive loop, consuming...

7.5CVSS5.8AI score0.00382EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.13 views

osTicket 跨站请求伪造漏洞

osTicket is a widely used and trusted open-source support ticket system by the osTicket company. Versions of osTicket prior to 1.18.3 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the handling of the method parameter in the Dispatcher component’s file...

5.3CVSS5.7AI score0.00162EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.10 views

Open5GS 资源管理错误漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain a resource management vulnerability. This vulnerability stems from operations performed by the gtpv1urecvcb function in th...

7.5CVSS6AI score0.00635EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.10 views

Gibbon 安全漏洞

Gibbon is a school platform developed by the Gibbon team that addresses practical problems encountered by educators every day. Versions of Gibbon prior to v30.0.01 contained security vulnerabilities. These vulnerabilities were caused by path traversal attacks. When attempting to extract PHP files...

6.9CVSS5.8AI score0.00293EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.9 views

Gibbon 安全漏洞

Gibbon is a school platform developed by the Gibbon team, designed to address practical problems that educators face every day. Versions of Gibbon prior to v30.0.01 contained security vulnerabilities. These vulnerabilities stemmed from local file inclusions. By changing the report archive directo...

8.9CVSS6.5AI score0.0032EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.10 views

Bubblewrap 安全漏洞

Bubblewrap is a set of open-source, non-privileged sandbox tools developed by Containers. Versions of Bubblewrap from 0.11.0 to 0.11.2 contained security vulnerabilities. These vulnerabilities stemmed from the ability for users to attach to Bubblewrap using setuid mode and control the...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References1
Total number of security vulnerabilities195539