Lucene search
+L

195539 matches found

cnnvd
cnnvd
added 2026/05/09 12:0 a.m.10 views

Gibbon SQL注入漏洞

Gibbon is a school platform developed by the Gibbon team that addresses practical issues encountered by educators every day. Versions of Gibbon prior to v30.0.01 contained an SQL injection vulnerability. This vulnerability stemmed from the misuse of the Tracking/graphing feature, allowing...

7CVSS5.9AI score0.00226EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.10 views

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework from VMware that integrates artificial intelligence and big language modeling capabilities in the Spring ecosystem. A security vulnerability exists in VMware Spring AI versions 1.0.0 through 1.0.7 prior and 1.1.0 through 1.1.6 prior, which stems from...

8.6CVSS5.8AI score0.00353EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.12 views

AzuraCast 路径遍历漏洞

AzuraCast is a simple, self-hosted network broadcasting management suite provided by AzuraCast Inc. Versions of AzuraCast prior to 0.23.6 contained a path traversal vulnerability. This vulnerability stemmed from the currentDirectory request parameter in the Flow.js media upload endpoint, which...

8.8CVSS6.2AI score0.00832EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.13 views

ArchiveBox 参数注入漏洞

ArchiveBox is a powerful, open-source, and self-hosted internet archiving solution developed by ArchiveBox. It is designed for collecting, storing, and viewing websites that you want to save offline. ArchiveBox versions 0.8.6rc0 and earlier have a parameter injection vulnerability. This...

9.8CVSS6.3AI score0.00404EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.10 views

phpVMS 8 访问控制错误漏洞

phpVMS 8 is an open-source aviation simulation and flight management application based on Laravel. Prior to version 7.0.6 of phpVMS, there was a access control vulnerability that stemmed from allowing unauthorized access to the legacy import feature...

9.4CVSS5.8AI score0.01173EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.12 views

Open5GS 缓冲区错误漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain a buffer error vulnerability. This vulnerability stems from the Ogssbiclientsendviascporsepp function in the library...

7.5CVSS6.2AI score0.00519EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.18 views

Auth 授权问题漏洞

Auth is a user authentication and management system open sourced by Supabase. There were vulnerabilities related to authorization in versions of Auth from 1.18.0 to 1.25.2, and from 2.0.0 to 2.1.2. This vulnerability stemmed from the Patreon OAuth provider, which mapped all authenticated Patreon...

9.1CVSS5.8AI score0.00417EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.14 views

Argo Workflows 安全漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions 4.0.0 to 4.0.5 of Argo Workflows had a security vulnerability. This vulnerability stemmed from the fact that the workflow executor recorded all workpiece repository credentials in...

8.5CVSS5.8AI score0.00357EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.10 views

Argo Workflows 代码问题漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions 4.0.0 to 4.0.5 of Argo Workflows had code vulnerabilities. These vulnerabilities stemmed from a null pointer dereferencing in the rbcAuthorization function in...

6.5CVSS5.9AI score0.00377EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.9 views

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 have security vulnerabilities. These vulnerabilities stem from insufficient checks for consistency in permissions for functions like Panel and REST API’s pages.access/list and...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.13 views

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 have security vulnerabilities, which stem from the lack of permission control over access to site, user, and role information...

7.1CVSS5.8AI score0.00231EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.13 views

tgpt 注入漏洞

tgpt is a cross-platform command line AI tool by Andrew Personal Developer. An injection vulnerability exists in tgpt 2.11.1 and earlier versions on Linux/macOS, which stems from the function helper.Update in the file helper.go in the component Update Handler, and could lead to command injection...

5.3CVSS6AI score0.00851EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.10 views

WordPress plugin LatePoint 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00719EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.10 views

WordPress plugin Logtivity Activity Logs 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.00449EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.13 views

PgBouncer 安全漏洞

PgBouncer is an open-source, lightweight connection pool for PostgreSQL developed by the PgBouncer community. Prior to version 1.25.2, PgBouncer had a security vulnerability. This vulnerability stemmed from insufficient authorization checks for the KILLCLIENT management command. As long as users...

4.3CVSS5.9AI score0.00287EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.11 views

PgBouncer 代码问题漏洞

PgBouncer is an open-source, lightweight connection pool for PostgreSQL developed by the PgBouncer community. Versions of PgBouncer prior to 1.25.2 had code vulnerabilities due to null pointer references. If the server sends error responses without the SQLSTATE field, it may lead to crashes...

7.5CVSS5.9AI score0.00369EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.12 views

UGREEN CM933 授权问题漏洞

The UGREEN CM933 is a USB hub device from the Chinese company UGREEN, which provides multi-port expansion and data transmission capabilities. Version 1.1.59.4319 of the UGREEN CM933 has an authorization issue vulnerability. This vulnerability stems from unknown functions in the management interfa...

6.3CVSS6.5AI score0.0032EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.10 views

Linkwarden 跨站脚本漏洞

Linkwarden is a self-hosted collaborative bookmark manager developed by Linkwarden OpenSource. Versions of Linkwarden 2.14.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the archive upload endpoint accepting HTML files without cleaning JavaScript...

8.8CVSS5.8AI score0.00458EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.13 views

Signal K Server 安全漏洞

The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.25.0 contained a security vulnerability. This vulnerability stemmed from the lack of rate limiting on the WebSocket login path, allowing attackers to bypass the HTTP rate...

8.7CVSS5.8AI score0.00327EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.10 views

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless print server developed by Wavlink Corporation. The Wavlink NU516U1 M16U1V240425 version has a command injection vulnerability. This vulnerability stems from the direct passing of the parameter EncrypType/wlPass through the wzdap function in the file/cgi-bin/adm.cgi,...

8.8CVSS6.6AI score0.04844EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.10 views

apko 代码问题漏洞

Apko is an open-source OCI image builder based on APK. Versions of Apko prior to 1.2.7 had code vulnerabilities. These vulnerabilities stemmed from DiscoverKeys’ unconditional assertion of JWKS key types as rsa.PublicKey without checking the key type. This could lead to panic and crashes due to...

6.5CVSS5.9AI score0.00252EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.14 views

apko 数据伪造问题漏洞

Apko is an open-source OCI image builder based on APK. Versions of Apko prior to 1.2.7 had a data manipulation vulnerability. This vulnerability stemmed from verifying the APKINDEX.tar.gz signature but failing to compare the downloaded.apk package with the checksum in the signature index. This...

7.5CVSS5.7AI score0.00159EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.11 views

apko 路径遍历漏洞

Apko is an open-source OCI image builder based on APK. In versions 0.14.8 to 1.2.5 of Apko, there was a path traversal vulnerability. This vulnerability occurred because specially crafted APK packages could install entries that pointed to directories other than the build root directory. This...

7.5CVSS5.8AI score0.00352EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.10 views

pyp2spec 输入验证错误漏洞

pyp2spec is a Python tool for generating Fedora RPM specification files from the individual developer Karolina Surma. An input validation error vulnerability exists in pyp2spec versions prior to 0.14.1, which stems from the failure to escape RPM macro commands when generating a spec file, which...

7.8CVSS5.9AI score0.00197EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.15 views

Pillow 安全漏洞

Pillow is an open-source image processing library developed by Pillow. Versions of Pillow from 4.2.0 to 12.2.0 contained security vulnerabilities. These vulnerabilities were due to malicious PDFs, which could cause processes to hang indefinitely, consume 100% of the CPU resources, and render the...

5.5CVSS7.1AI score0.00126EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.14 views

HCL BigFix WebUI 安全漏洞

HCL BigFix WebUI is a web-based administration page from HCL India. A security vulnerability exists in HCL BigFix WebUI, which stems from an authorization gap that could result in an authenticated user without appropriate privileges accessing an unauthorized page to view sensitive environmental...

5.3CVSS5.8AI score0.0018EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.11 views

arcane 安全漏洞

Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from four GET endpoints under/api/templates, which did not have security requirements set up. This could allow any...

8.7CVSS5.8AI score0.00309EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.12 views

Argo Workflows 安全漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions 4.0.0 to 4.0.5 of Argo Workflows had a security vulnerability. This vulnerability stemmed from the ConfigMap-backed provider in the Sync Service not performing authorization checks...

8.5CVSS5.8AI score0.00515EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.15 views

AzuraCast 授权问题漏洞

AzuraCast is a simple, self-hosted network broadcasting management suite provided by AzuraCast Inc. Versions of AzuraCast prior to 0.23.6 contained an authorization vulnerability. This vulnerability stemmed from the ApplyXForwarded middleware, which trusted the X-Forwarded-Host HTTP header provid...

8.8CVSS5.8AI score0.00476EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.13 views

Argo Workflows 安全漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions prior to Argo Workflows 3.7.14 and 4.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the Webhook Interceptor, which loaded the entire request body into...

8.2CVSS5.8AI score0.00607EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.12 views

Hex-Rays IDA Pro 参数注入漏洞

Hex-Rays IDA Pro is a professional reverse-engineering tool developed by the Belgian company Hex-Rays. It is used for disassembly and program analysis. Versions of Hex-Rays IDA Pro from 9.2 to 9.3sp2 contained a parameter injection vulnerability. This vulnerability stemmed from the lack of...

6.5CVSS5.9AI score0.00159EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.13 views

Quarkus OpenAPI Generator 信息泄露漏洞

Quarkus OpenAPI Generator is an open-source code generation tool based on the OpenAPI specification, developed by Quarkiverse Hub. Versions of Quarkus OpenAPI Generator prior to 2.11.1-lts, 2.16.0-lts, and 2.17.0 had a vulnerability related to information leakage. This vulnerability stemmed from...

6.3CVSS5.9AI score0.004EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.16 views

Plainpad 安全漏洞

Plainpad is a self-hosted note-taking application by the individual developer Alex Tselegidis. A security vulnerability exists in Plainpad versions prior to 1.1.1, which stems from allowing a low-privileged user to self-elevate to administrator via the admin parameter in a PUT request, potentiall...

8.3CVSS5.8AI score0.00261EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.12 views

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless print server developed by Wavlink Corporation. The Wavlink NU516U1 M16U1V240425 version has a command injection vulnerability. This vulnerability stems from the direct passing of parameters pppusername/ppppasswd/rwanip/rwanmask/rwangateway through the wan function in...

8.8CVSS6.6AI score0.05344EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.14 views

PgBouncer 安全漏洞

PgBouncer is an open-source, lightweight connection pool for PostgreSQL developed by the PgBouncer community. Versions of PgBouncer prior to 1.25.2 contained security vulnerabilities. These vulnerabilities stemmed from incorrect checks on the return value of strlcat during the construction of SCR...

9.8CVSS5.9AI score0.00372EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.14 views

Argo Workflows 安全漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions prior to Argo Workflows 3.7.14 and 4.0.5 contained security vulnerabilities. These vulnerabilities stemmed from users with permission to create Workflows being able to bypass the...

8.1CVSS5.8AI score0.00424EPSS
Exploits2References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.12 views

Net::IMAP 安全漏洞

Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. There were security vulnerabilities in versions of Net::IMAP between 0.4.0 and 0.4.24, 0.5.0 and 0.5.14, and 0.6.0 and 0.6.4. These vulnerabilities stemmed from the use of SCRAM-SHA1 or SCRAM-SHA25...

6.5CVSS5.8AI score0.00299EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.11 views

OSGeo gdal 缓冲区错误漏洞

OSGeo GDAL is an open-source geospatial raster and vector data processing library developed by OSGeo. Versions of OSGeo GDAL 3.13.0dev-4 and earlier contain a buffer error vulnerability. This vulnerability stems from a function in the Grid File Handler component, specifically the function...

5.5CVSS6.4AI score0.00258EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.15 views

Kdenlive 安全漏洞

Kdenlive is a video editing software from the Kdenlive organization that supports multi-track editing with rich effects processing. A security vulnerability exists in Kdenlive versions prior to 26.04.1 that stems from allowing dangerous proxy parameters when using an attacker-controlled project...

6.5CVSS5.8AI score0.00149EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.12 views

OSGeo gdal 缓冲区错误漏洞

OSGeo GDAL is an open-source geospatial raster and vector data processing library developed by OSGeo. Versions of OSGeo GDAL 3.13.0dev-4 and earlier contain a buffer error vulnerability. This vulnerability stems from the function SWSDFldsrch in the file frmts/hdf4/hdf-eos/SWapi.c, which may lead ...

5.5CVSS6.4AI score0.00205EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.16 views

Net::IMAP 命令注入漏洞

Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. Versions of Net::IMAP prior to 0.4.24, 0.5.14, and 0.6.4 had command injection vulnerabilities. These vulnerabilities stemmed from the symbolic parameters of commands, which were vulnerable to CRLF...

9.8CVSS5.8AI score0.00813EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.13 views

Net::IMAP 命令注入漏洞

Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. Versions of Net::IMAP prior to 0.4.24, 0.5.14, and 0.6.4 contained a command injection vulnerability. This vulnerability stemmed from multiple Net::IMAP commands that accepted unvalidated or escape...

9.8CVSS5.8AI score0.00429EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.13 views

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless print server developed by Wavlink Corporation. The Wavlink NU516U1 M16U1V240425 version has a command injection vulnerability. This vulnerability stems from the operation of the wifiregion function in the file/cgi-bin/adm.cgi, specifically with parameters...

8.8CVSS6.6AI score0.05344EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.13 views

Termix 命令注入漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.1.0 contained a command injection vulnerability. This vulnerability stemmed from the use of double-quoted strings in the extractArchive and compressFiles endpoints, which allowed for...

8.7CVSS5.9AI score0.01207EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.15 views

omnifaces 安全漏洞

OmniFaces is an open-source JSF utility library developed by OmniFaces. There are security vulnerabilities in versions prior to 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3. These vulnerabilities stem from server-side EL injection, which may lead to remote code execution...

8.1CVSS6.1AI score0.00382EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

PromptHub 输入验证错误漏洞

PromptHub is an AI prompt and skill management tool developed by Legeling. In versions 0.4.9 to 0.5.4 of PromptHub, there was a vulnerability related to input validation errors. This vulnerability stemmed from the endpoint POST /api/skills/fetch-remote, which retrieves the URL provided by the use...

7.1CVSS5.8AI score0.00237EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.13 views

SOPlanning 跨站脚本漏洞

SOPlanning is a set of online project management software developed by SOPlanning Company. Version 1.52.00 of SOPlanning contains a cross-site scripting vulnerability, which stems from the groupeid parameter in the process/groupesave.php file, which exposes a cross-site scripting attack...

5.4CVSS5.6AI score0.00551EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.8 views

Apache CloudStack 安全漏洞

Apache CloudStack is an IaaS cloud computing platform developed by the Apache Foundation in the United States. This platform is primarily used for deploying and managing large-scale virtual machine networks. Versions 4.21.0.0 and 4.22.0.0 of Apache CloudStack contain security vulnerabilities. The...

6.5CVSS5.8AI score0.0053EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

ASUS AsusPTPFilter 安全漏洞

ASUS AsusPTPFilter is a system driver component developed by ASUS Corporation in China, designed for filtering touchpad inputs and suppressing accidental palm touches. There is a security vulnerability in ASUS AsusPTPFilter, which stems from insufficient access control for exposed IOCTLs. This...

2CVSS5.8AI score0.00092EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the adisinit function releasing a pointer without checking whether adis-ops is NULL. This could lead to...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References1
Total number of security vulnerabilities195539