Lucene search
+L

195539 matches found

CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the spirockchip-sfc component calling spiunregistercontroller in the remove callback, resulting in doub...

7.8CVSS5.8AI score0.00119EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.15 views

Gitroom Postiz 代码问题漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz from 2.16.6 to 2.21.7 contained code vulnerabilities. These vulnerabilities were caused by a TOCTOU vulnerability in the SSRF protection mechanism, which could allow attackers to redirec...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

kimai 安全漏洞

Kimai is a web-based, multi-user time tracking application developed by Kimai’s individual developers. Versions of Kimai prior to 2.54.0 contained security vulnerabilities. These vulnerabilities were caused by incorrect annotations used for the Team API endpoints, which led to TeamVoter abstentio...

3.3CVSS5.8AI score0.00247EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

Absinthe 安全漏洞

Absinthe is an open-source GraphQL implementation framework based on Elixir. Versions of Absinthe from 1.2.0 to 1.10.2 contained security vulnerabilities. These vulnerabilities were due to a quadratic algorithm complexity issue in the uniqueness validation of fragment names, which could lead to...

8.7CVSS5.8AI score0.00624EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the function ogssbiparseplmnlist in the component NSSF’s...

6.5CVSS5.8AI score0.00382EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

ELADMIN 安全漏洞

ELADMIN is a backend management system developed by elunez himself. Versions of ELADMIN 2.7 and earlier had security vulnerabilities. These vulnerabilities stemmed from an improper access control caused by the checkLevel operation in the Users API Endpoint component’s /file/rest/UserController.ja...

6.5CVSS6.6AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

WordPress plugin OttoKit: All-in-One Automation Platform SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.6CVSS6AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

Apache CloudStack 安全漏洞

Apache CloudStack is an IaaS cloud computing platform developed by the Apache Foundation in the United States. This platform is primarily used for deploying and managing large-scale virtual machine networks. Versions 4.21.0.0 and 4.22.0.0 of Apache CloudStack contain security vulnerabilities. The...

6.5CVSS5.8AI score0.0053EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

ZTE Cloud PC client uSmartView 格式化字符串错误漏洞

The ZTE Cloud PC client uSmartView is a cloud desktop remote access client software developed by ZTE Corporation. The ZTE Cloud PC client uSmartView has a vulnerability related to formatted strings. This vulnerability may lead to memory corruption and remote denial of service attacks...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Hitachi Virtual Storage Platform和Hitachi Virtual Storage Platform One Block 代码注入漏洞

Hitachi Virtual Storage Platform and Hitachi Virtual Storage Platform One Block are products of Hitachi, a Japanese company. Hitachi Virtual Storage Platform is a series of computer data storage systems used in data centers. Hitachi Virtual Storage Platform One Block is a high-performance block...

9.8CVSS6.7AI score0.00547EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Hyperledger Fabric 代码问题漏洞

Hyperledger Fabric is an enterprise-level, open-source distributed ledger framework developed by the Hyperledger project. It is used for developing solutions and applications. Versions of Hyperledger Fabric from 1.0.0 to 2.2.26 contained code vulnerabilities that could lead to remote code...

9.3CVSS6.2AI score0.0041EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.14 views

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.8.1 contained code vulnerabilities. These vulnerabilities stemmed from the SSRF protection mechanism not preventing the CGNAT address range, which could allow authenticated users to...

4.3CVSS5.9AI score0.00204EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a SQL injection vulnerability, which stems from the parameter ID handli...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

VMware Spring Cloud Config 安全漏洞

VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product provides server and client support for external configurations in distributed systems. There is a security vulnerability in VMware Spring Cloud Config, which stems from...

8.1CVSS5.8AI score0.0022EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

MiniClaw 命令注入漏洞

MiniClaw is an AI memory and evolution tool developed by a 8421bit individual developer. MiniClaw has a command injection vulnerability, which originates from the executeCognitivePulse function in the src/kernel.ts file. This vulnerability may lead to OS command injection attacks...

8.8CVSS6.6AI score0.02941EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

OpenEXR 输入验证错误漏洞

OpenEXR is an open standard for high dynamic range image HDR file formats, open-sourced by the Academy Software Foundation. There were input validation vulnerabilities in versions 3.0.0 to 3.2.9, 3.3.0 to 3.3.11, and 3.4.0 to 3.4.11 of OpenEXR. These vulnerabilities stemmed from the...

9.8CVSS5.8AI score0.00393EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

VMware Spring Cloud Config 路径遍历漏洞

VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product provides server and client support for external configurations in distributed systems. VMware Spring Cloud Config has a path traversal vulnerability, which stems from t...

9.1CVSS5.8AI score0.00727EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

ERCOM Cryptobox 安全漏洞

ERCOM Cryptobox is a file encryption and secure storage tool developed by the French company ERCOM. There is a security vulnerability in ERCOM Cryptobox, which stems from the external sharing feature. This vulnerability allows attackers who know the URL of the shared link to retrieve information...

7.5CVSS5.8AI score0.00232EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Admidio 信息泄露漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a vulnerability involving information leakage. This...

2.7CVSS5.9AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

WordPress plugin BetterDocs Pro SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.9AI score0.00395EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

Vvveb 跨站脚本漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s developers, used for building websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.2 had a cross-site scripting vulnerability. This vulnerability stemmed from an unvalidated reflective cross-site scripting flaw in the...

6.1CVSS5.9AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

Weblate 代码问题漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17.1 had a code-related vulnerability. This vulnerability occurred when users changed their passwords, and the DRF API tokens were not revoked...

5.4CVSS5.8AI score0.00228EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.16 views

PHOENIX CONTACT多款产品 安全漏洞

PHOENIX CONTACT FL MGUARD 2102, among others, are products of the German company PHOENIX CONTACT. PHOENIX CONTACT FL MGUARD 2102 is a router. PHOENIX CONTACT FL MGUARD 2105 is also a router. PHOENIX CONTACT FL MGUARD represents a series of routers. Several products from PHOENIX CONTACT have...

8CVSS5.9AI score0.0034EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

GoBGP 代码问题漏洞

GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Version 4.3.0 of GoBGP contains a code vulnerability that arises from a null pointer dereferencing during the processing of malformed BGP UPDATE messages containing unrecognized Well-known path attributes...

7.5CVSS5.9AI score0.00503EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Mozilla Firefox和Mozilla Firefox ESR 安全漏洞

Mozilla Firefox and Mozilla Firefox ESR are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Both Mozilla Firefox and Mozilla Firefox ESR have security vulnerabilities that ste...

8.1CVSS6.1AI score0.00384EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Microsoft Partner Center 安全漏洞

The Microsoft Partner Center is an online platform operated by Microsoft Corporation in the United States. There is a security vulnerability in the Microsoft Partner Center, which stems from cross-domain resource references controlled by external parties. This vulnerability could allow unauthoriz...

8.2CVSS5.8AI score0.00638EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

YesWiki SQL注入漏洞

YesWiki is a wiki system built with PHP, developed by the French organization YesWiki. It is used for creating and managing websites in a collaborative manner. Versions of YesWiki prior to 4.6.1 had a SQL injection vulnerability. This vulnerability stemmed from the direct concatenation of the...

8.8CVSS5.8AI score0.00342EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

Medtronic MyCareLink Patient Monitor 安全漏洞

Medtronic MyCareLink Patient Monitor is an open-source monitoring system developed by Medtronic in the United States. The Medtronic MyCareLink Patient Monitor has a security vulnerability, which stems from its internal serial interface. This vulnerability could allow attackers with physical acces...

6.8CVSS5.8AI score0.00157EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

next-npm-version 1.0.1 安全漏洞

next-npm-version is a tool developed by Aric, a personal developer, for retrieving npm package versions. The version 1.0.1 of next-npm-version contains a security vulnerability, which stems from command injection...

9.8CVSS5.8AI score0.01523EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

DivvyDrive 安全漏洞

DivvyDrive is a file storage and sharing management platform developed by DivvyDrive Inc. in Turkey. Versions of DivvyDrive from 4.8.2.9 to 4.8.3.2 contained security vulnerabilities. These vulnerabilities were caused by improper use of HTML tags related to scripts in web pages, which could lead ...

8.8CVSS5.6AI score0.00327EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.14 views

ZTE ZX297520V3 缓冲区错误漏洞

ZTE ZX297520V3 is an industrial-grade 4G module from ZTE Corporation. The ZTE ZX297520V3 has a buffer error vulnerability. This vulnerability stems from the lack of target address verification in the USB download mode, which may allow arbitrary memory writes. As a result, it can overwrite the...

6.8CVSS6.3AI score0.00296EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

WordPress plugin WEN Logo Slider 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.9CVSS5.6AI score0.00136EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.26 views

WordPress plugin Slider Revolution 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS6.3AI score0.00815EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

DivvyDrive 跨站请求伪造漏洞

DivvyDrive is a file storage and sharing management platform developed by DivvyDrive Inc. in Turkey. Versions of DivvyDrive from 4.8.2.9 to 4.8.3.2 contained a cross-site request forgeing vulnerability. This vulnerability was caused by cross-site request forgeing, and it could lead to cross-site...

6.5CVSS5.7AI score0.0015EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

CI4MS 代码问题漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS from 0.26.0.0 to 0.31.7.0 had code-related vulnerabilities. These vulnerabilities stemmed from the theme upload feature not filtering PHP files within ZIP files. This could allow authenticated users to execute...

8.6CVSS6.2AI score0.00501EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.7 views

BentoPDF 跨站脚本漏洞

BentoPDF is a privacy-oriented client PDF processing tool developed by Alam. Versions of BentoPDF prior to 2.8.3 contained a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting, allowing attackers to execute arbitrary JavaScript within the Markdown to PDF tool...

7CVSS5.9AI score0.00356EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Node Typescript OCR 安全漏洞

Node Typescript OCR is a command-line PDF and image OCR processing tool developed by Nicolas Pearson. Version 1.0.15 of Node Typescript OCR contains a security vulnerability, which stems from the invokeImageOcr function in src/index.js, where OS command injection occurs...

8.8CVSS5.8AI score0.01185EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Microsoft Azure Managed Instance for Apache Cassandra 访问控制错误漏洞

Microsoft Azure Managed Instance for Apache Cassandra is a service provided by Microsoft for Apache Cassandra on Azure. There is an access control vulnerability in Microsoft Azure Managed Instance for Apache Cassandra; this vulnerability stems from improper access control mechanisms, which may...

9.9CVSS6.2AI score0.00711EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

Medtronic MyCareLink Patient Monitor 安全漏洞

Medtronic MyCareLink Patient Monitor is an open-source monitoring system developed by Medtronic in the United States. The Medtronic MyCareLink Patient Monitor has a security vulnerability, which stems from the use of product credentials stored in a recoverable format. This vulnerability could all...

6.8CVSS5.8AI score0.00131EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

CodeAstro Membership Management System 代码问题漏洞

The CodeAstro Membership Management System is a member management system developed by CodeAstro Inc. Version 1.0 of the CODEASTRO Membership Management System has code-related vulnerabilities. These vulnerabilities stem from the file upload functionality in the /addmembers.php file. Improper...

6.5CVSS6.1AI score0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was a security...

9.8CVSS5.8AI score0.00377EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

DivvyDrive 安全漏洞

DivvyDrive is a file storage and sharing management platform developed by DivvyDrive Inc. in Turkey. Versions of DivvyDrive prior to 4.8.3.2 contained security vulnerabilities. These vulnerabilities stemmed from improper control over modifications to object properties and unlimited resource...

8.3CVSS5.8AI score0.00221EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

DivvyDrive 输入验证错误漏洞

DivvyDrive is a file storage and sharing management platform developed by DivvyDrive Inc. in Turkey. Versions of DivvyDrive from 4.8.2.9 to 4.8.3.2 contained a vulnerability related to input validation errors. This vulnerability resulted from URL redirection to untrusted sites, which could lead t...

9.6CVSS5.8AI score0.00233EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

get.gov 安全漏洞

get.gov is an open-source domain registration management tool provided by the Cybersecurity and Infrastructure Security Agency of the United States of America. There is a security vulnerability in get.gov; this vulnerability stems from the ability for organizational administrators to assign domai...

7.6CVSS5.8AI score0.00398EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

XMLDOM 安全漏洞

XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.9.10, 0.8.13, and xmldom 0.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation or neutralization when serializing comment...

8.7CVSS5.9AI score0.00365EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.217 contained security vulnerabilities. These vulnerabilities stemmed from users with the PERMEDITUSERS privilege being able t...

5.4CVSS5.8AI score0.00262EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

Microsoft Copilot Chat 命令注入漏洞

Microsoft Copilot Chat is an intelligent dialogue assistant feature integrated into the browser by Microsoft Corporation. Microsoft Copilot Chat has a command injection vulnerability, which stems from improper neutralization of special elements within commands. This vulnerability could allow...

7.5CVSS5.8AI score0.01135EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

Admidio 输入验证错误漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a vulnerability related to input validation errors. This...

8.2CVSS5.8AI score0.0028EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

Ivanti EPMM 信任管理问题漏洞

Ivanti EPMM is a product developed by the American company Ivanti, designed to help IT departments establish policies for mobile devices, applications, and content. Versions of Ivanti EPMM prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1 contained vulnerabilities related to trust management. These...

9.1CVSS5.8AI score0.00686EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

Microsoft Teams 授权问题漏洞

Microsoft Teams is a software product developed by the American company Microsoft, used for online meetings, chatting, and cloud storage functions. There is an authorization issue vulnerability in Microsoft Teams. This vulnerability stems from improper authorization procedures, which may allow...

9.6CVSS6AI score0.00719EPSS
Exploits0References2
Total number of security vulnerabilities195539