Lucene search
+L

195539 matches found

cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

math-codegen 代码注入漏洞

Math-CodeGen is an interpreter developed by Mauricio Poppe that generates JavaScript code from mathematical expressions. Versions of Math-CodeGen prior to 0.4.3 contained a code injection vulnerability. This vulnerability stemmed from the cg.parse function not properly cleaning string literal...

9.8CVSS6AI score0.00393EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a dereferencing of cpudata before verifying the policy in the updatecpuqosrequest function. This...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the USB core driver’s ability to allow unlimited timeout periods, resulting in tasks being...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the x2apic mode not being disabled as expected during recovery, potentially leading to system...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a timing error during DMA error cleanup in e1000/e1000e, potentially leading to DMA mapping leaks...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the perf subsystem’s failure to check whether current-mm is still alive when retrieving the call...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.14 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the possibility of a null pointer derefrence error occurring when the ftrace module is killed and...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

FastGPT 代码问题漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT 4.14.11 and earlier have code vulnerabilities. These vulnerabilities stem from the use of a hardcoded list in the isInternalAddress function for checking...

7.7CVSS5.9AI score0.00213EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.8 views

Absinthe.Plug 跨站脚本漏洞

Absinthe.Plug is an open-source GraphQL toolkit plugin for Elixir. Version 1.2.0 of Absinthe.Plug contains a cross-site scripting vulnerability. This vulnerability stems from the jsescape function in the GraphiQL interface not escaping backslashes, which may lead to reflective cross-site scriptin...

6.1CVSS5.6AI score0.00282EPSS
Exploits0References6
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

Heimdall 安全漏洞

Heimdall is an open-source application panel and launcher developed by LinuxServer.io. Versions of Heimdall prior to 0.17.14 contained security vulnerabilities. These vulnerabilities stemmed from the handling of URL-encoded slashes in a case-sensitive manner. URL-encoded slashes are defined as...

7.8CVSS5.8AI score0.00396EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a reference leak during PM runtime on an incorrect path. This could lead to the reference count...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

Termix 操作系统命令注入漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.1.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the Docker container management endpoint not properly cleaning or verifyin...

9.9CVSS6.1AI score0.00652EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the absence of an RCU unlocking mechanism in the wrong path. This could lead to improper release ...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from incomplete live register markings in bpf, where the rX register is not marked as being used...

7.8CVSS5.8AI score0.00121EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

SourceCodester SUP Online Shopping 注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping contains a vulnerability due to improper handling of parameters in the file admin/replymsg.php, which may lead to SQL injection attacks...

7.5CVSS7.2AI score0.00318EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.7 views

Cilium 信息泄露漏洞

Cilium is an open-source software developed by Cilium contributors. It is used to provide and transparently protect network connections and load balancing between application workloads, such as application containers or processes. Versions of Cilium prior to 1.17.15, 1.18.9, and 1.19.3 have a...

7.9CVSS5.8AI score0.00077EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

dash-uploader 路径遍历漏洞

dash-uploader is a file upload component developed by Niko Föhr for Dash applications. Versions 0.1.0 to 0.7.0a2 of dash-uploader contain a path traversal vulnerability. This vulnerability stems from directory traversal in the dashUploader/httpRequestHandler.py, BaseHttpRequestHandler.getTempRoot...

9.8CVSS6.1AI score0.05982EPSS
Exploits4References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

Electerm 命令注入漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm prior to 3.3.8 contained a command injection vulnerability. This vulnerability stemmed from the runLinux function, which directly concatenated the remote version string controlled by the...

9.8CVSS5.8AI score0.01302EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the f2fssanitychecknodefooter function in the f2fs file system. This function accesses...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the USB Renesas USBH driver. When a device is removed, the interrupt handler remains registered,...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

kargo 输入验证错误漏洞

Kargo is an open-source continuous delivery tool developed by Akuity. Versions of Kargo prior to 1.7.10, 1.8.13, 1.9.8, and 1.10.2 contained a vulnerability related to input validation errors. This vulnerability stemmed from the open redirection present in the UI OIDC login process via the...

5.1CVSS5.8AI score0.00239EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a logical error in the sched/mmcid module when processing vfork/CLONEVM. This error causes tasks ...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.14 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the wave5 driver failing to cancel the hrtimer before destroying the kthread worker in polling...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from scheduling atomic issues in the storvsc driver when PREEMPTRT is enabled. This issue may lead to...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

n8n-MCP 日志信息泄露漏洞

n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. Versions of n8n-MCP prior to 2.47.13 contained a vulnerability related to log information leakage. This vulnerability occurred because the complete parameters of MCP tool calls and JSON-RPC...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

draw.io 信息泄露漏洞

Draw.IO is an open-source configurable chart drawing and whiteboard application. Versions of Draw.IO prior to 29.7.9 had a vulnerability related to information leakage. This vulnerability occurred due to the URL parameter “gitlab” overriding the GitLab server URL used during OAuth login. As a...

3.4CVSS5.8AI score0.00192EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.13 views

Universal Robots PolyScope 操作系统命令注入漏洞

Universal Robots PolyScope is a graphical control software interface developed by Universal Robots in the United States, used for programming and operating industrial collaborative robots. Versions of Universal Robots PolyScope prior to 5.21.1 contained an operating system command injection...

9.8CVSS6AI score0.01829EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

CodeAstro Leave Management System 注入漏洞

The CodeAstro Leave Management System is a leave management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Leave Management System has a vulnerability related to SQL injection, which arises from improper handling of the parameter txtusername in the file/login.php...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.8 views

emlog SQL注入漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog prior to 2.6.11 had a SQL injection vulnerability. This vulnerability stemmed from direct SQL injections in the article creation and updating functions, which could allow attackers to execute arbitrary S...

10CVSS6.1AI score0.00249EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.13 views

SourceCodester SUP Online Shopping 注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping has a vulnerability related to SQL injection, which arises from improper handling of the parameter seenid in the file admin/message.php...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which may lead to a zero-division error when the sampling frequency is not specified...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.13 views

NAVER MYBOX Explorer for Windows 安全漏洞

NAVER MYBOX Explorer for Windows is a software developed by South Korea's NAVER MYBOX company, used for managing cloud storage. Versions of NAVER MYBOX Explorer for Windows prior to version 3.0.11.160 contained security vulnerabilities. These vulnerabilities were due to improper permission checks...

7.8CVSS5.8AI score0.00094EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

dash-uploader 资源管理错误漏洞

dash-uploader is a file upload component developed by Niko Föhr for Dash applications. Versions 0.1.0 to 0.7.0a2 of dash-uploader contain resource management vulnerabilities. These vulnerabilities originate from the Upload function in dashuploader/httprequesthandler.py, the maxfilesize parameter ...

7.5CVSS6.1AI score0.02643EPSS
Exploits5References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.13 views

SourceCodester Comment System 注入漏洞

The SourceCodester Comment System is an open-source comment system developed by SourceCodester. Version 1.0 of the SourceCodester Comment System has a vulnerability caused by SQL injection due to the parameter manipulation in the file postcomment.php. This vulnerability could be exploited through...

7.5CVSS7.1AI score0.00254EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

RayVentory Scan Engine 安全漏洞

RayVentory Scan Engine is a network scanning engine developed by the German company RayVentory, designed for automatically discovering and collecting IT asset information. Versions of RayVentory Scan Engine 12.6 Update 8 and earlier contain security vulnerabilities. These vulnerabilities allow...

9.8CVSS5.8AI score0.00389EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Acer PredatorSense 路径遍历漏洞

Acer PredatorSense is a system management software developed by Acer, a company based in Taiwan, China. Versions 3.00.3136 to 3.00.3196 of Acer PredatorSense contain a path traversal vulnerability. This vulnerability stems from an exposed Windows named pipe configuration error in the program. It...

8.5CVSS6.3AI score0.00118EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from lax permission checks for the nstree function. This vulnerability could allow privileged services...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.8 views

Scanner 代码注入漏洞

Scanner is an AI model security assessment tool developed by 0DIN.ai. Versions 1.0.0 to 1.4.1 of Scanner contained a code injection vulnerability. This vulnerability originated from JavaScript injection in BrowserAutomation::PlaywrightService, which could lead to remote code execution...

9.9CVSS6.2AI score0.00587EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Absinthe 安全漏洞

Absinthe is an open-source GraphQL implementation framework based on Elixir. Versions of Absinthe from 1.5.0 to 1.10.2 had security vulnerabilities. These vulnerabilities stemmed from unlimited resource allocation or throttling, which could allow unauthenticated attackers to consume atomic tables...

8.2CVSS5.8AI score0.00613EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

RedwoodSDK 跨站请求伪造漏洞

RedwoodSDK is an open-source React-based server-first web application framework developed by RedwoodJS. Versions of RedwoodSDK from 1.0.0-beta.50 to 1.2.3 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the use of HTTP methods on the server without source...

5.3CVSS5.7AI score0.00111EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

Remote Spark SparkView 安全漏洞

Remote Spark SparkView is a browser-based client software developed by Remote Spark, enabling remote desktop access and terminal connections. Versions of Remote Spark SparkView prior to build 1122 contained security vulnerabilities. These vulnerabilities stemmed from bypassing local connection...

10CVSS6.2AI score0.00326EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

LiteLLM SQL注入漏洞

LiteLLM is an open-source application developed by Berri AI. It allows for the use of OpenAI format calls for all LLM APIs. In versions 1.81.16 to 1.83.7 of LiteLLM, there was a SQL injection vulnerability. This vulnerability stemmed from the use of database queries during the check of the proxy...

9.8CVSS6.1AI score0.86607EPSS
Exploits7References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.16 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the nouveau driver allowing aux transfers during device sleep, potentially causing GSP code to...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

Nuclei 代码注入漏洞

Nuclei is a fast-customizable vulnerability scanner based on simple YAML, open-sourced by ProjectDiscovery. Versions of Nuclei from 3.0.0 to 3.8.0 contained a code injection vulnerability. This vulnerability stemmed from the expression evaluation engine, which could allow malicious target servers...

5.3CVSS5.9AI score0.00344EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the nfs3proccreate function in the NFS component. When dalias is a directory, this function does...

5.5CVSS5.8AI score0.00116EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.14 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the hisisas driver’s improper handling of single-channel scenarios during the userscan...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

DrayTek Vigor 2960 操作系统命令注入漏洞

The DrayTek Vigor 2960 is a router product developed by DrayTek Corporation. Versions prior to 1.5.1.4 of the DrayTek Vigor 2960 contained an operating system command injection vulnerability. This vulnerability stemmed from issues with OS command injection in the CGI login processing mechanism. I...

9.2CVSS6.4AI score0.01432EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

solidtime 安全漏洞

Solidtime is an open-source time tracking application developed by Solidtime developers. Version 0.12.0 of Solidtime contains a security vulnerability. This vulnerability stems from the fact that the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts routing bindings for...

5.8CVSS5.8AI score0.00266EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from lax permission checks for the nsiterateioctl function. This vulnerability could lead to informati...

8.8CVSS5.8AI score0.00129EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.8 views

SOPlanning SQL注入漏洞

SOPlanning is a set of online project management software developed by SOPlanning Company. Version 1.52.00 of SOPlanning contains an SQL injection vulnerability. This vulnerability stems from the SQL injection in the projects.php file, and it could be exploited by authenticated users...

6.3CVSS5.8AI score0.00241EPSS
Exploits1References1
Total number of security vulnerabilities195539