Lucene search
+L

195539 matches found

cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper acquisition and release of the GEM object’s reserved lock before and after cleanup...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

Electerm 参数注入漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm 3.8.15 and earlier have a parameter injection vulnerability. This vulnerability arises from the fact that the terminal hyperlink processor does not validate URLs with respect to protocols. Thi...

9.6CVSS6.4AI score0.00394EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure of queue updates in the DRM/AMDKFD mechanism. As a result, the reserved buffer is not...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability stems from the smpcmdPairingReq function in the Bluetooth SMP protocol, which constructs a pairing...

8.8CVSS5.8AI score0.00252EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from inconsistencies between the conditions for evaluating and unlocking dmub HW locks. This...

5.5CVSS5.8AI score0.00083EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.13 views

SEPPmail Secure Email Gateway 代码问题漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.4 contained a code vulnerability caused by insecure deserialization of untrusted data. This vulnerability could allow unauthenticate...

9.2CVSS6.4AI score0.00472EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

plunk 数据伪造问题漏洞

Plunk is an open-source email sending and management platform developed by Plunk. Versions of Plunk prior to 0.9.0 contained a data manipulation vulnerability. This vulnerability stems from the /webhooks/sns endpoint accepting Amazon SNS notification payloads without verifying the SNS signature,...

9.1CVSS5.7AI score0.00127EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

PraisonAI SQL注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.9 contained an SQL injection vulnerability. This vulnerability stemmed from multiple backends passing table prefixes directly into f-string SQL statements, which could lead ...

8.1CVSS5.8AI score0.00347EPSS
Exploits2References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of pmruntime errors. This vulnerability may lead to hardware access failures an...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an interrupt synchronization error in the USB dummy-hcd driver, potentially leading to race...

7.8CVSS5.8AI score0.0013EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

zebra 安全漏洞

Zebra is an open-source Zcash implementation built with Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 contained security vulnerabilities; these vulnerabilities stemmed from the block verifier underestimating the number of transparent signature operations, which could lead to...

9.2CVSS5.8AI score0.00283EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

Grid 输入验证错误漏洞

Grid is a two-dimensional data structure library developed by Armin Becher. In versions 0.17.0 to 1.0.1 of Grid, there was an input validation vulnerability. This vulnerability stemmed from integer overflow in Grid::expandrows, which could disrupt the relationship between the logical dimensions o...

6.2CVSS5.9AI score0.00132EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.37 and PraisonAIagents prior to 1.6.37 have security vulnerabilities. These vulnerabilities stem from unresolved tool name resolution issues, which may allow attackers to...

8.6CVSS5.8AI score0.00363EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

PraisonAI 代码问题漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 1.6.32 contained code vulnerabilities. These vulnerabilities stemmed from logical flaws in the URL checking logic, which could allow attackers to bypass the checks and execute...

9.8CVSS6AI score0.00378EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.18 views

LiteLLM 命令注入漏洞

LiteLLM is an open-source application developed by Berri AI. It can utilize all LLM APIs in the OpenAI format. Versions of LiteLLM from 1.74.2 to 1.83.7 contained a command injection vulnerability. This vulnerability stemmed from two endpoints used for previewing the MCP server accepting complete...

8.8CVSS6.1AI score0.80188EPSS
Exploits2References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It allows for the invocation of all LLM APIs in the OpenAI format. Versions of LiteLLM from 1.80.5 to 1.83.7 contained a security vulnerability. This vulnerability stemmed from the POST /prompts/test endpoint accepting user-provided...

8.8CVSS6.3AI score0.00373EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

pygeoapi 代码问题漏洞

pygeoapi is a geospatial data API server developed by geopython. In versions 0.23.0 to 0.23.3 of pygeoapi, there were code-related vulnerabilities. These vulnerabilities stemmed from the OGC API process’s ability to use subscriber objects to access internal HTTP services during requests...

8.6CVSS5.8AI score0.00454EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

PraisonAI 路径遍历漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.37 contained a path traversal vulnerability. This vulnerability stemmed from the safeextractall helper function not verifying the linkname of members and not rejecting...

8.7CVSS5.9AI score0.00433EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

PraisonAI 访问控制错误漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI from 2.5.6 to 4.6.34 contained an access control vulnerability. This vulnerability stemmed from the Flask API server, which disabled authentication by default, allowing callers without a...

7.3CVSS6AI score0.26799EPSS
Exploits3References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.14 views

SOPlanning 跨站脚本漏洞

SOPlanning is a set of online project management software developed by SOPlanning Company. Version 1.52.00 of SOPlanning contains a cross-site scripting vulnerability, which stems from the groupeid parameter in the process/groupesave.php file, which exposes a cross-site scripting attack...

5.4CVSS5.6AI score0.00551EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.14 views

WordPress plugin Sky Addons 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.9AI score0.00244EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.14 views

Brave CMS 跨站脚本漏洞

Brave CMS is a blog and news content management system developed by Razvan Zamfir, based on Laravel. Brave CMS has a cross-site scripting vulnerability, which arises from the CKEditor rich text editor storing and rendering input content without escaping, potentially allowing for arbitrary...

8.7CVSS5.8AI score0.00207EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is an operating system developed by the American company Dell. It provides a horizontally scalable NAS solution. Vulnerabilities exist in versions of Dell PowerScale OneFS ranging from 9.5.0.0 to 9.5.1.6, from 9.6.0.0 to 9.7.1.13, from 9.8.0.0 to 9.10.1.5, and from 9.11.0.0 ...

3.3CVSS5.8AI score0.00092EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the adxl380 interrupt handler’s failure to round down when reading FIFO entries. This could lead to...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.13 views

SourceCodester Pizzafy Ecommerce System 跨站脚本漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System contains a cross-site scripting vulnerability. This vulnerability arises from the parameter 'page' in the file 'admin/index.php', whi...

5.3CVSS5.7AI score0.00269EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

SourceCodester Pharmacy Sales and Inventory System 跨站脚本漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a cross-site scripting vulnerability. This vulnerability arises from...

4.8CVSS5.6AI score0.00202EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

locize 跨站脚本漏洞

Locize is an open-source browser text editing tool developed by Locize. Versions of Locize prior to 4.0.21 contained a cross-site scripting vulnerability. This vulnerability stemmed from the window.addEventListenermessage, … handler not verifying the event.origin, which could lead to cross-site...

7.5CVSS5.6AI score0.00101EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

Alkacon OpenCMS 代码问题漏洞

Alkacon OpenCMS is a content management system developed by Alkacon Corporation. Versions of Alkacon OpenCMS prior to 10.5.1 had code vulnerabilities. These vulnerabilities stemmed from the XXE attack on the Chemistry servlet via cmis-online/query, which could allow unauthorized remote attackers ...

7.3CVSS5.9AI score0.02231EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

zebra 安全漏洞

Zebra is an open-source implementation of Zcash full node written in Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 contained a security vulnerability, which was caused by a combined denial-of-service vulnerability in the block discovery pipeline. This vulnerability could allow...

8.7CVSS5.8AI score0.00351EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Postprocessor IDE for SolidCAM 路径遍历漏洞

Postprocessor IDE for SolidCAM is a GPPL language development support tool developed by Andrey Zorin. Versions of Postprocessor IDE for SolidCAM from 1.0.0 to 1.0.2 had a path traversal vulnerability. This vulnerability stemmed from the fact that the inc directive in the GPPL postprocessor files...

5.1CVSS5.8AI score0.00454EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.15 views

Grimmory 跨站脚本漏洞

Grimmory is an open-source e-book management software developed by Grimmory. Versions of Grimmory prior to 2.3.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the browser EPUB reader, allowing attackers to embed arbitrary JavaScript in specially crafted EPUB file...

6.3CVSS5.8AI score0.00136EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the kasanreleasevmallocnode function not rescheduling when handling large amounts of purgelist,...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

PraisonAI 命令注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.9 had a command injection vulnerability. This vulnerability stemmed from the lack of a command whitelist or parameter validation in the MCP command processing mechanism,...

9.8CVSS6AI score0.00541EPSS
Exploits2References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

nanoMODBUS 安全漏洞

nanoMODBUS is a compact Modbus protocol C language library developed by Valerio De Benedetto. Versions of nanoMODBUS 1.22.0 and earlier contain security vulnerabilities. These vulnerabilities stem from a stack buffer overflow in the recvreadregistersres function in nanomodbus.c, which may allow a...

8.2CVSS6.3AI score0.00639EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.13 views

Lemmy 代码问题漏洞

Lemmy is open-source software developed by Lemmy for building social news aggregators and web forums. Versions of Lemmy prior to 0.19.18 had code vulnerabilities. These vulnerabilities stemmed from the og:image URL being extracted without being restricted by the internal IP range, which could lea...

6.5CVSS5.9AI score0.00209EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.14 views

Nuclei 访问控制错误漏洞

Nuclei is a fast-customizable vulnerability scanner based on simple YAML, open-sourced by ProjectDiscovery. In versions 3.0.0 to 3.8.0 of Nuclei, there was an access control vulnerability. This vulnerability stemmed from the JavaScript protocol’s runtime feature, which allowed reading of local.js...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Laravel Nova 5 Toggle Field 授权问题漏洞

Laravel Nova 5 Toggle Field is a tool developed by Almir Hodzic for quickly toggling boolean values in Laravel Nova 5. Versions of Laravel Nova 5 Toggle Field prior to 1.3.0 had an authorization vulnerability. This vulnerability stemmed from the fact that the endpoint was only protected by web an...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

Heimdall 安全漏洞

Heimdall is an open-source identity recognition proxy and access control decision-making service developed by dadrus for cloud-native applications. Versions of Heimdall prior to 0.17.14 contained security vulnerabilities. These vulnerabilities stemmed from the use of hostname matching in a...

7.8CVSS5.8AI score0.00301EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.14 views

langfuse 访问控制错误漏洞

Langfuse is an open-source large language model engineering platform developed by Langfuse. Versions 3.68.0 to 3.167.0 contained a access control vulnerability. This vulnerability stemmed from a role-based access control flaw in the LLM connection update process. It could allow low-privilege user...

5.4CVSS5.8AI score0.00181EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

emlog 代码问题漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog prior to 2.6.11 had code vulnerabilities, which stemmed from an insecure plugin upload feature. This vulnerability could allow attackers to upload and execute arbitrary PHP code...

6.1AI score0.00276EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from damoswalk failing to clear walkcontrol when it is inactive. This could lead to reuse after...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

WordPress plugin E2Pdf – Export Pdf Tool for WordPress 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.8AI score0.00244EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the batadvvelpgetthroughput function calling rtnllock when the RTNL lock is held, potentially...

5.5CVSS5.8AI score0.00095EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

FastGPT 代码问题漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.17 contained code vulnerabilities. These vulnerabilities stemmed from the fetchData function in the lafModule workflow node, which used axios t...

2.3CVSS5.9AI score0.00228EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.14 views

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.4 contained a security vulnerability. This vulnerability stemmed from the identifier parameter in/api/app/attachment/preview, where...

8.8CVSS6.1AI score0.15653EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the mpi3mr driver’s lack of null pointer checking when resetting request and reply queues,...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

Cradle eCommerce 输入验证错误漏洞

Cradle eCommerce is an e-commerce platform developed by Cradle Corporation, which integrates content management and online shopping features. Cradle eCommerce has a vulnerability related to input validation. This vulnerability stems from improper validation of the returnUrl parameter in the login...

5.3CVSS5.8AI score0.00339EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

cPanel 输入验证错误漏洞

cPanel is a web-based automated hosting platform developed by the cPanel company in the United States. This platform is primarily used for automating the management of websites and servers. cPanel has a vulnerability related to input validation errors. This vulnerability stems from insufficient...

8.6CVSS6.1AI score0.00435EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.20 views

Onyx 安全漏洞

Onyx is an open-source AI large model platform developed by Onyx. Vulnerabilities exist in versions prior to Onyx 3.0.9, 3.1.6, and 3.2.6. These vulnerabilities stem from the POST /chat/stop-chat-session/chatsessionid endpoint checking authentication but failing to verify that the session belongs...

4.3CVSS5.8AI score0.00279EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

SourceCodester SUP Online Shopping 注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping has a vulnerability due to SQL injection caused by the param msg.php file’s msgid operation, which may lead to remote attacks...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References2
Total number of security vulnerabilities195539