Lucene search
+L

195539 matches found

CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

JeecgBoot 注入漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier have a vulnerability related to injection attacks. This vulnerability stems from the parameter condition handled by the JSON object processor in the...

6.5CVSS6.7AI score0.00196EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

Code-Projects Feedback System 注入漏洞

Code-Projects Feedback System is an open-source feedback system developed by Code-Projects. Version 1.0 of the Code-Projects Feedback System has a injection vulnerability; this vulnerability stems from the handling of the parameter 'email' in the file 'admin/checklogin.php', which may lead to SQL...

7.5CVSS7.1AI score0.00254EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Microsoft Azure AI Foundry M365 published agents 访问控制错误漏洞

Microsoft Azure AI Foundry M365 Published Agents are a series of enterprise-level intelligent agents provided by the American company Microsoft. There is an access control vulnerability in Microsoft Azure AI Foundry M365 Published Agents. This vulnerability stems from improper access control, whi...

10CVSS5.8AI score0.01164EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.15 views

MAXHUB Pivot client application 加密问题漏洞

The MAXHUB Pivot client application is a client component of the MAXHUB company’s device management platform. Versions of the MAXHUB Pivot client application prior to 1.36.2 contained an encryption vulnerability. This vulnerability stemmed from the hardcoded AES key within the application. It cou...

7.3CVSS5.8AI score0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Argo CD 信息泄露漏洞

Argo CD is an open-source tool developed by Argo for Kubernetes, designed for declarative GitOps continuous delivery. Versions of Argo CD prior to 3.2.11 and 3.3.0–3.3.9 contained a vulnerability related to information leakage. This vulnerability stemmed from a lack of authorization and data...

9.6CVSS5.8AI score0.00505EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

GitPython 操作系统命令注入漏洞

GitPython is a Python library developed by gitpython-developers, used for interacting with Git repositories. Versions of GitPython from 3.1.30 to 3.1.47 contained an operating system command injection vulnerability. This vulnerability stemmed from allowing dangerous Git options without proper...

8.8CVSS6.1AI score0.00719EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

GitPython 代码注入漏洞

GitPython is a Python library developed by gitpython-developers, designed for interacting with Git repositories. Versions of GitPython prior to 3.1.49 contained a code injection vulnerability. This vulnerability stemmed from the use of GitConfigParser.setvalue, which did not validate line endings...

7.8CVSS6AI score0.00237EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17.1 contained a security vulnerability, which was caused by the Markdown renderer used in user comments and other user-generated content not properly cleaning certain...

4.3CVSS5.8AI score0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Weblate 输入验证错误漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17.1 had a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation of the repository URL in the component JSON during...

8.1CVSS5.8AI score0.00371EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

Decimal 资源管理错误漏洞

Decimal is a arbitrary-precision decimal arithmetic library developed by Eric Meadows-Jönsson. In versions 0.1.0 to 3.0.0 of Decimal, there was a resource management vulnerability. This vulnerability stemmed from the lack of restrictions on the parsed exponents, which could lead to unauthorized...

6.9CVSS5.8AI score0.00321EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

Incus 安全漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of restrictions on the size of YAML files after decompression. This could allow authenticated users to cause...

5.3CVSS5.8AI score0.00269EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

Budibase 安全漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.35.10 contained a security vulnerability. This vulnerability stemmed from the budibase:auth...

8.1CVSS5.8AI score0.00283EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Nocobase SQL注入漏洞

Nocobase is an open-source low-code platform developed by NocoBase. Versions of NocoBase prior to 2.0.39 contained a SQL injection vulnerability. This vulnerability stemmed from the use of string concatenation rather than parameterized queries in the queryParentSQL function, which allowed for the...

8.8CVSS5.8AI score0.01875EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Incus 安全漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of disk space exhaustion due to the upload of large amounts of data, which could affect the host system...

4.3CVSS5.8AI score0.00333EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

WordPress plugin Forminator Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00425EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

WordPress plugin Royal Elementor Addons 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.00176EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

VMware Spring Cloud Config 安全漏洞

VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product primarily provides server and client support for external configurations in distributed systems. There is a security vulnerability in VMware Spring Cloud Config, which...

7.5CVSS5.8AI score0.00435EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

Hitachi Virtual Storage Platform One Block 操作系统命令注入漏洞

Hitachi Virtual Storage Platform One Block is a high-performance block storage system device developed by Hitachi, Ltd. Versions 23, 24, 26, and 28 of Hitachi Virtual Storage Platform One Block contain vulnerabilities related to operating system command injection. These vulnerabilities stem from ...

9.8CVSS6.1AI score0.009EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

WordPress plugin Bus Ticket Booking with Seat Reservation 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

5.3CVSS5.8AI score0.00171EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

Optoma CinemaX P2 安全漏洞

The Optoma CinemaX P2 is a super-short focal-length 4K laser home projector from Optoma. The Optoma CinemaX P2 has a security vulnerability, which stems from exposing the HTTP API on TCP port 2345 and allowing unauthorized remote control. This vulnerability could allow any device on the same...

9.8CVSS5.9AI score0.00326EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

Microsoft Azure Entra ID 信息泄露漏洞

Microsoft Azure Entra ID is a cloud-based identity and access management service provided by Microsoft Corporation in the United States. There is an information leakage vulnerability in Microsoft Azure Entra ID, which stems from a mixed identity synchronization flaw...

9.3CVSS6AI score0.0091EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Ivanti EPMM 访问控制错误漏洞

Ivanti EPMM is a product developed by the American company Ivanti, designed to help IT departments create policies for mobile devices, applications, and content. Versions of Ivanti EPMM prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1 contained an access control vulnerability. This vulnerability stemmed...

9.8CVSS6AI score0.00819EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

GoBGP 输入验证错误漏洞

GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Versions prior to GoBGP 4.3.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper handling of internal slice index shifts when processing a 4-byte AS...

7.5CVSS5.8AI score0.00503EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

i18next-http-backend 路径遍历漏洞

i18next-http-backend is an open-source cross-platform backend resource loading tool developed by i18next. Versions of i18next-http-backend prior to version 3.0.5 contained a path traversal vulnerability. This vulnerability occurred due to the direct insertion of lng and ns values into URL templat...

9.1CVSS5.8AI score0.00251EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Snipe-IT 访问控制错误漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT 8.4.0 and earlier contained a access control vulnerability. This vulnerability stemmed from improper permission settings in the app/Http/Controllers/Api/UploadedFilesController.php...

9.8CVSS6.1AI score0.00475EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.18 views

Siemens Mendix Studio Pro 安全漏洞

Siemens Mendix Studio Pro is a visualization model-driven IDE developed by the German company Siemens. Versions of Siemens Mendix Studio Pro 11.8.0 Beta and earlier contained security vulnerabilities. These vulnerabilities were caused by incorrect authorization configurations, which could allow...

9.3CVSS5.8AI score0.00273EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Admidio 代码问题漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio prior to 5.0.9 had code vulnerabilities. These vulnerabilities stemmed fr...

5.2CVSS5.9AI score0.00285EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

GDAL 缓冲区错误漏洞

GDAL is an open-source geospatial data abstraction library developed by GDAL. Versions of GDAL 3.13.0dev-4 and earlier contain a buffer error vulnerability. This vulnerability stems from a function in the file frmts/hdf4/hdf-eos/GDapi.c called GDfieldinfo, which may lead to out-of-bounds read...

5.5CVSS6AI score0.00246EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

OSGeo gdal 缓冲区错误漏洞

OSGeo GDAL is an open-source geospatial raster and vector data processing library developed by OSGeo. OSGeo GDAL versions 3.13.0dev-4 and earlier contain a buffer error vulnerability. This vulnerability stems from the operation of the parameter DimensionName in the function SWnentries within the...

7.8CVSS6.4AI score0.00237EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.7 views

Mozilla Firefox ESR 安全漏洞

Mozilla Firefox ESR is an extended support version of Firefox a web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox ESR prior to 140.10.2 contained security vulnerabilities, which were caused by issues with the WebRTC component...

9.8CVSS5.8AI score0.00446EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Mozilla多款产品 安全漏洞

Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...

9.8CVSS5.8AI score0.00439EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

WordPress plugin YITH WooCommerce Wishlist 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00315EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

RELATE 安全特征问题漏洞

RELATE is a web-based course package developed by Andreas Klöckner as an individual project. Previous versions of RELATE, such as 2f68e16, had security-related vulnerabilities. These vulnerabilities stemmed from the makesigninkey function in auth.py and the genticketcode function in exam.py, whic...

8.7CVSS5.8AI score0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

Incus 代码问题漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained code vulnerabilities. These vulnerabilities stemmed from the backup.GetInfo function’s trust inlining backup configurations, which allowed valid, inline configurations along with...

6.5CVSS5.8AI score0.00408EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.16 views

daptin SQL注入漏洞

Daptin is an open-source content management system developed by Daptin developers. Versions of Daptin prior to 0.11.5 had a SQL injection vulnerability. This vulnerability stemmed from the processFuzzySearch function, which splits the column parameters provided by the user using commas and insert...

7.1CVSS5.9AI score0.00305EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Hitachi Virtual Storage Platform和Hitachi Virtual Storage Platform One Block 安全漏洞

Hitachi Virtual Storage Platform and Hitachi Virtual Storage Platform One Block are products of Hitachi, a Japanese company. Hitachi Virtual Storage Platform is a series of computer data storage systems used in data centers. Hitachi Virtual Storage Platform One Block is a high-performance block...

5.3CVSS5.8AI score0.003EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

Microsoft Azure Machine Learning 跨站脚本漏洞

Microsoft Azure Machine Learning is a machine learning service provided by Microsoft Corporation in the United States. Microsoft Azure Machine Learning has a cross-site scripting vulnerability, which stems from improper input during the web page generation process. This vulnerability could allow...

8.8CVSS5.6AI score0.00579EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

GnuTLS 信任管理问题漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS. GnuTLS has a trust management vulnerability. This vulnerability arises when the previous certificate issuer only had exclusion from name constraints, and the allowed name constraints were incorrectly ignored. This...

7.4CVSS5.8AI score0.00475EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. There is a security vulnerability in gnutls, which stems from the incorrect matching of usernames containing the NUL character with truncated username...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

Istio 代码问题漏洞

Istio is an open-source platform that connects, manages, and protects microservices. Versions of Istio prior to 1.28.6 and 1.29.2 have code vulnerabilities. These vulnerabilities arise when creating a RequestAuthentication resource that points to an internal service’s jwksUri, and Istio does not...

7.7CVSS5.9AI score0.00329EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

XMLDOM 安全漏洞

XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.9.10, 0.8.13, and xmldom 0.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of escaping or validation when serializing DocumentType node...

8.7CVSS5.9AI score0.00457EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

FreeScout 跨站脚本漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.217 contained a cross-site scripting vulnerability. This vulnerability occurred because users with the "updateAutoReply"...

7.6CVSS5.7AI score0.00171EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Ivanti EPMM 输入验证错误漏洞

Ivanti EPMM is a product developed by the American company Ivanti, designed to help IT departments create policies for mobile devices, applications, and content. Versions of Ivanti EPMM prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1 contained a vulnerability related to input validation errors. This...

7.2CVSS6.2AI score0.34454EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Tor 代码问题漏洞

Tor is a virtual tunnel network operated by the Tor Project organization. It allows individuals and groups to enhance their privacy and security on the Internet. Versions of Tor prior to 0.4.9.7 contained a code vulnerability caused by a null pointer dereferencing when the CERT unit received data...

7.5CVSS5.9AI score0.0033EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

FreeScout 代码问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.217 contained code vulnerabilities. These vulnerabilities stemmed from the Helper::sanitizeRemoteUrl function, which...

7.7CVSS5.9AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Microsoft 365 Copilot BizChat 注入漏洞

Microsoft 365 Copilot BizChat is an AI chat software developed by Microsoft Corporation. There is a vulnerability in Microsoft 365 Copilot BizChat, which stems from improper neutralization of special elements in the output of downstream components. This vulnerability could allow unauthorized...

7.5CVSS5.8AI score0.00799EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

WordPress plugin WP-Optimize 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS6.2AI score0.0095EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

Microsoft 365 Copilot Business Chat 安全漏洞

Microsoft 365 Copilot Business Chat is an AI chat software developed by Microsoft Corporation in the United States. There is a security vulnerability in Microsoft 365 Copilot Business Chat, which stems from improper neutralization of special elements. This vulnerability could allow unauthorized...

7.5CVSS5.8AI score0.01135EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

open-notebook 安全漏洞

Open-Notebook is a privacy-oriented multi-model AI note-taking tool developed by Luis Novo. Version 1.8.3 of Open-Notebook contains a security vulnerability. This vulnerability stems from a lack of input validation, which may allow users to execute Python code and operating system commands on...

10CVSS6AI score0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.14 views

GitHub Enterprise Server 跨站脚本漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Versions 3.19.1 to 3.19.5 and 3.20.0 to 3.20.1 of GitHub Enterprise Server contai...

6.1CVSS5.7AI score0.00164EPSS
Exploits0References1
Total number of security vulnerabilities195539