Lucene search
+L

195539 matches found

cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the reuse of freed percpu statistics information during the removenhgrpentry function. This could...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper clearing of the queue during the process of sending ring reset commands. This...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of checking NULL version pointers during device cleanup, potentially leading to null pointer...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel, stemming from multiple defects in the RINGCTRLABORT processing in MIPI I3C HCI DMA. These defects include...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.13 views

zebra 安全漏洞

Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. Versions of Zebra prior to 4.3.1 contained a security vulnerability. This vulnerability occurred when the rk field in Orchard transactions was set to an identity value, causing the Orchard crate to crash and...

9.2CVSS5.8AI score0.00268EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

zebra 安全漏洞

Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. Versions of Zebra prior to 4.3.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of sighash hash types for V5 transactions and the standard hash type used for V4 transactions, whi...

9.3CVSS5.8AI score0.00278EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.14 views

Gitroom Postiz 代码问题漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz from 2.16.6 to 2.21.7 contained code vulnerabilities. These vulnerabilities were caused by a TOCTOU vulnerability in the SSRF protection mechanism, which could allow attackers to redirec...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

FastGPT 资源管理错误漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT 4.14.13 and earlier contain a resource management vulnerability. This vulnerability stems from insufficient resource isolation in the code-sandbox component,...

6.3CVSS5.8AI score0.00268EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

FastGPT 安全漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT 4.14.11 and earlier contain security vulnerabilities. These vulnerabilities stem from a DNS rebinding vulnerability in the isInternalAddress function, which...

6.3CVSS5.8AI score0.00148EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

FastGPT 访问控制错误漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models, developed by Labring. In versions 4.14.10 to 4.14.13 of FastGPT, there was an access control vulnerability. This vulnerability stemmed from the agent-sandbox component’s startup script using the...

9.8CVSS5.8AI score0.00718EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

SysReptor 安全漏洞

SysReptor is an open-source penetration testing report platform developed by Syslifters. Versions of SysReptor from 2026.4 to 2026.27 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization at the endpoints when reading and creating personal note-sharing link...

6.8CVSS5.8AI score0.00188EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

Icinga PHP Library 跨站脚本漏洞

The Icinga PHP Library is an open-source monitoring and metrics solution system’s web component developed by Icinga. Versions of the Icinga PHP Library prior to 0.13.1 contained a cross-site scripting vulnerability. This vulnerability allowed attackers to inject malicious JavaScript into the...

7.6CVSS5.7AI score0.00259EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.8 views

New API 数据伪造问题漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.12.10 had a data manipulation vulnerability. This vulnerability stems from defects in the Stripe webhook handler, which could allow unauthorized attackers to forge webhook events and arbitrarily...

8.2CVSS5.7AI score0.00259EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

FlashMQ 数字错误漏洞

FlashMQ is a fast and lightweight MQTT proxy server developed by Wiebe Cazemier. Versions of FlashMQ prior to 1.26.1 contained a numerical error vulnerability. This vulnerability could cause the FlashMQ proxy to crash and lead to a denial-of-service attack when the setretainedmessagedefertimeout...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.14 views

Flarum 路径遍历漏洞

Flarum is an open-source forum software developed by Flarum for building communities. Versions of Flarum prior to 1.8.16 and 2.0.0-rc.1 contained a path traversal vulnerability. This vulnerability stemmed from the lack of restrictions on the values of LESS configuration variables, which could lea...

4.9CVSS5.9AI score0.00404EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Absinthe 安全漏洞

Absinthe is an open-source GraphQL implementation framework based on Elixir. Versions of Absinthe from 1.2.0 to 1.10.2 contained security vulnerabilities. These vulnerabilities were due to a quadratic algorithm complexity issue in the uniqueness validation of fragment names, which could lead to...

8.7CVSS5.8AI score0.00624EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.14 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that flagsvalid was not initialized before calling vfsfileattrget, potentially leading t...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the emactxmemmap function in the net spacemit component. When mapping errors occur, the DMA mappi...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition between task migration and iteration within cgroups, potentially leading to...

4.7CVSS5.8AI score0.00089EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a redundant cssput call in the schedext module’s scxcgroupinit function. This vulnerability may...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ALSA USB audio driver’s Scarlett2 mixer interface not checking the number of endpoints...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an issue with TOCTOU function calls in the rustbinder module. This vulnerability could allow the...

7.8CVSS5.8AI score0.00099EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the usb image mdc800 driver failing to terminate downloadurb when it is in a hyper-threaded state...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Russh 安全漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. Versions of Russh prior to 0.60.1 contained security vulnerabilities. These vulnerabilities stemmed from a pre-authentication denial-of-service vulnerability in the server’s keyboard interaction authenticatio...

7.5CVSS5.8AI score0.00481EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the xesyncentryparse function failing to clean up some initialized synchronization states when...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the threaded busypoll mechanism, causing rcu tasks to become stalled and potentially leading to system...

7.5CVSS5.8AI score0.00344EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the ublkctrlsetsize function does not check whether ub-ubdisk is NULL, potentially leadin...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

zebra 安全漏洞

Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. There were security vulnerabilities in versions 2.2.0 to 4.3.1 of Zebra. These vulnerabilities stemmed from the JSON-RPC HTTP middleware disconnecting connections when the request body was not fully received,...

6.9CVSS5.8AI score0.00257EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

PHPUnit 参数注入漏洞

PHPUnit is a PHP unit testing framework developed by Sebastian Bergmann. Versions 12.5.21 and 13.1.5 of PHPUnit contain parameter injection vulnerabilities. These vulnerabilities arise from failing to neutralize INI meta-characters when forwarding PHP INI settings to child processes, which may le...

7.8CVSS6.2AI score0.00191EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

Password Pusher 安全漏洞

Password Pusher is an open-source application developed by Peter Giacomo Lombardo, used for transmitting sensitive information over the internet. Versions of Password Pusher prior to 1.69.3 and 2.4.2 contained security vulnerabilities. These vulnerabilities stemmed from the ability to create...

6.5CVSS5.8AI score0.00289EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

Apache NiFi 安全漏洞

Apache NiFi is a data processing and distribution system developed by the Apache Foundation in the United States. This system is primarily used for data routing, transformation, and intermediate logic within the system. Vulnerabilities exist in versions 2.8.0 of Apache NiFi, as the optional...

8.8CVSS5.9AI score0.0076EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from manually defining optee nodes in zynqmp.dtsi, thereby disrupting the logic of OP-TEE’s automatic...

5.5CVSS5.8AI score0.00138EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.14 views

Onyx 安全漏洞

Onyx is an open-source AI large model platform developed by Onyx. Vulnerabilities exist in versions prior to Onyx 3.0.9, 3.1.6, and 3.2.6. These vulnerabilities stem from the GET /chat/file/fileid endpoint, which validates the caller’s identity but does not check file ownership. This could allow...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

OpenLearnX 操作系统命令注入漏洞

OpenLearnX is a decentralized adaptive learning and evaluation platform developed by th30d4y. Versions of OpenLearnX prior to 2.0.3 contained a vulnerability related to operating system command injection. This vulnerability stemmed from a sandbox escape in the code execution environment, which...

10CVSS6.5AI score0.0091EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the ogssbidiscoveryoptionaddsnssais function in the NSSF...

6.5CVSS5.8AI score0.00372EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the function ogssbiparseplmnlist in the component NSSF’s...

6.5CVSS5.8AI score0.00382EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.18 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the component NSSF, specifically the function...

6.5CVSS5.8AI score0.00372EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incomplete conversion of the SM8450 platform’s interconnect dynamic ID. This leads to the...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that when the dm-raid module is used to stop an RAID array, the metadata devices become...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a mismatch in the type of the bpf encryption kfunc destructor function. This vulnerability may...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper acquisition and release of the reservation locks for GEM objects before and after vm...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which arises from the possibility of triggering duplicate clock disabling when the pmruntimedisable function is...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of upper-bound checks on user input in the amdgpuuserqsignalioctl function. This...

5.5CVSS5.8AI score0.00126EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Yeti Platform 信任管理问题漏洞

Yeti Platform is an open-source daily threat intelligence platform developed by Yeti Platform. Versions of Yeti Platform prior to 2.1.12 had a trust management vulnerability. This vulnerability occurred because allowing attackers to generate valid JWT tokens occurred without changing the...

7.5CVSS5.8AI score0.00429EPSS
Exploits3References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

UltraDAG 访问控制错误漏洞

UltraDAG is a lightweight IoT blockchain developed by the UltraDAGcom team. Prior versions of UltraDAG had an access control vulnerability caused by a logical flaw in the policy execution pipeline implemented in SmartTransferTx. This flaw allowed the system to check expenditure policies without...

8.8CVSS5.9AI score0.00375EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

FilePress 注入漏洞

FilePress is a file-driven website building system developed by zyx0814. It supports cloud storage management and multi-mode file display. Versions of FilePress 2.2.0 and earlier had an injection vulnerability. This vulnerability stemmed from improper handling of the order parameter in the Shares...

7.5CVSS7.2AI score0.00272EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

Electerm 信息泄露漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm 3.8.15 and earlier contained an information leakage vulnerability. This vulnerability stemmed from the getConstants IPC processor, which serialized the entire process.env object and sent it to...

5.5CVSS5.8AI score0.00103EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.13 views

Electerm 路径遍历漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm prior to 3.7.16 contained a path traversal vulnerability. This vulnerability stemmed from the runWidget function, which directly concatenated user-provided widget identifiers without proper...

8.4CVSS6.2AI score0.00167EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

kimai 安全漏洞

Kimai is a web-based, multi-user time tracking application developed by Kimai’s individual developers. Versions of Kimai from 2.27.0 to 2.54.0 contained security vulnerabilities. These vulnerabilities stemmed from the possibility for any ROLEUSER to create tags with formula strings as names using...

6.8CVSS5.8AI score0.0022EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

Electerm 命令注入漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm prior to 3.3.8 contained a command injection vulnerability. This vulnerability stemmed from the runMac function, which directly appends the attacker-controlled releaseInfo.name to the exec...

9.8CVSS5.8AI score0.01572EPSS
Exploits0References1
Total number of security vulnerabilities195539