Lucene search
+L

195539 matches found

CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

Optoma CinemaX P2 安全漏洞

The Optoma CinemaX P2 is a super-short-throw 4K laser home projector from Optoma. The Optoma CinemaX P2 has a security vulnerability. This vulnerability stems from exposing the Android debugging bridge on port 5555 without authentication, while RSA key verification is disabled. Additionally, ther...

8.8CVSS5.8AI score0.00216EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was a security...

8.9CVSS5.8AI score0.00388EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

Wallos 安全漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos 4.8.4 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the reuse of administrator-configured local target whitelists in the Webhook notification function. This...

6CVSS5.8AI score0.00176EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.15 views

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio prior to 5.0.9 contained security vulnerabilities. These vulnerabilities...

4.9CVSS5.8AI score0.00322EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

Yarbo 访问控制错误漏洞

Yarbo is a modular intelligent courtyard maintenance robot developed by the American company Yarbo. Version 2.3.9 of Yarbo contains an access control vulnerability. This vulnerability stems from the MQTT proxy configuration, which allows anonymous connections without topic-level read/write ACLs. ...

9.8CVSS5.8AI score0.00544EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17.1 contained a security vulnerability, which was exploited by screenshots, tasks, and component link APIs, allowing enumeration of translations in items that users...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

Microsoft Azure Managed Instance for Apache Cassandra 输入验证错误漏洞

Microsoft Azure Managed Instance for Apache Cassandra is a service provided by Microsoft for Apache Cassandra on Azure. There is an input validation vulnerability in Microsoft Azure Managed Instance for Apache Cassandra; this vulnerability stems from improper input validation and could allow...

9CVSS6.2AI score0.00988EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

open-notebook 安全漏洞

Open-Notebook is a privacy-oriented multi-model AI note-taking tool developed by Luis Novo. Version 1.8.3 of Open-Notebook contains a security vulnerability. This vulnerability stems from a lack of user input validation in the file upload function, which may allow users to access the content of...

8.2CVSS5.8AI score0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

GoBGP 代码问题漏洞

GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Version 4.4.0 of GoBGP contains a code vulnerability. This vulnerability arises from unauthenticated remote BGP peers sending specially crafted BGP UPDATE messages. When servers process messages with...

7.5CVSS5.9AI score0.00418EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.15 views

Microsoft Azure DevOps 信息泄露漏洞

Microsoft Azure DevOps is a team collaboration platform provided by the American company Microsoft. There is an information leakage vulnerability in Microsoft Azure DevOps. This vulnerability stems from the exposure of sensitive information to unauthorized participants, which may allow unauthoriz...

10CVSS6AI score0.0084EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

Ivanti EPMM 信任管理问题漏洞

Ivanti EPMM is a product developed by the American company Ivanti that allows IT departments to establish policies for mobile devices, applications, and content. Versions of Ivanti EPMM prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1 contained vulnerabilities related to trust management. These...

9.1CVSS5.8AI score0.00509EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

WordPress plugin Appointment Booking Calendar 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

6.5CVSS5.8AI score0.00492EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Microsoft Azure Notification Service 代码问题漏洞

Microsoft Azure Notification Service is a notification delivery service provided by Microsoft Corporation in the United States. There is a code vulnerability in Microsoft Azure Notification Service, which stems from server-side request forgery. This vulnerability could allow authorized attackers ...

8.1CVSS5.9AI score0.00827EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

DivvyDrive 跨站脚本漏洞

DivvyDrive is a file storage and sharing management platform developed by DivvyDrive Inc. in Turkey. Versions of DivvyDrive from 4.8.2.9 to 4.8.3.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during web page generation, which could lead to...

8.8CVSS5.6AI score0.00327EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Admidio 路径遍历漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a path traversal vulnerability. This vulnerability stemmed...

4.5CVSS5.9AI score0.00362EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

CI4MS 路径遍历漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.5.0 contained a path traversal vulnerability. This vulnerability stemmed from Theme::upload, which extracted ZIP archives uploaded by users without verifying the entry names. As a result,...

9.4CVSS6AI score0.00484EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.214 contained security vulnerabilities. These vulnerabilities stemmed from the conversationchangecustomer operation, which...

7.1CVSS5.9AI score0.00168EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.15 views

i18nextify 跨站脚本漏洞

i18nextify is an open-source Java library application developed by i18next. Versions prior to i18nextify 4.0.8 contained a cross-site scripting vulnerability. This vulnerability stemmed from the key interpolation token in the src and href attribute values, which did not validate the URL scheme...

4.7CVSS5.7AI score0.00144EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

FreeScout 代码问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.217 contained code vulnerabilities. This vulnerability stemmed from the/user-setup/hash endpoint, which did not expire the...

9.1CVSS5.9AI score0.00246EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Wish 路径遍历漏洞

Wish is a server tool developed by Charm for simplifying SSH application development. Versions of Wish prior to 2.0.0 and 2.0.1 contained a path traversal vulnerability. This vulnerability stemmed from the SCP middleware not properly verifying file names, which could lead to path traversal attack...

9.6CVSS5.8AI score0.00393EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

MISP 跨站脚本漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics, and it includes functions such as analysis of threats to network security and malware analysis. Versions of MISP prior to 2.5.37...

6.8CVSS5.6AI score0.00139EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

CI4MS 代码问题漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. There were code issues and vulnerabilities in versions of CI4MS from 0.26.0 to 0.31.8.0. These vulnerabilities stemmed from the auth filter disabling the check for banning/banned users...

5.3CVSS5.9AI score0.00269EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

Admidio 跨站请求伪造漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a cross-site request forgeing vulnerability. This...

3.5CVSS5.7AI score0.00117EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.19 views

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there were security vulnerabilities. These vulnerabilities stemmed fr...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.15 views

Admidio 路径遍历漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a path traversal vulnerability. This vulnerability stemmed...

6.5CVSS5.8AI score0.00307EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

CI4MS 路径遍历漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.5.0 contained a path traversal vulnerability. This vulnerability stemmed from the fact that the Backup::restore function extracted ZIP archives uploaded by users without verifying the names of th...

9.4CVSS6AI score0.00528EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

VMware Spring Cloud Config 日志信息泄露漏洞

VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product provides server and client support for external configurations in distributed systems. VMware Spring Cloud Config has a vulnerability related to log information leakage...

4.4CVSS5.8AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

Tor 安全漏洞

Tor is a virtual tunnel network operated by the Tor Project organization. It allows individuals and groups to enhance their privacy and security on the Internet. Versions of Tor prior to 0.4.9.7 contained a security vulnerability, which stemmed from the possibility of out-of-bounds reads when the...

9.1CVSS5.8AI score0.0045EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

youtube-regex 资源管理错误漏洞

youtube-regex is a YouTube video ID regular expression matching tool developed by RegexHQ. Versions of youtube-regex 1.0.5 and earlier contained a resource management error vulnerability, which was caused by a denial-of-service attack involving regular expressions...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

daptin SQL注入漏洞

Daptin is an open-source content management system developed by Daptin developers. Versions of Daptin prior to 0.11.4 contained a SQL injection vulnerability. This vulnerability stemmed from the /aggregate/:typename endpoint, which did not validate the column and query parameters. As a result,...

8.3CVSS6AI score0.00345EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Tor 安全漏洞

Tor is a virtual tunnel network created by the Tor Project organization. It allows individuals and groups to enhance their privacy and security on the Internet. Versions of Tor prior to 0.4.9.7 contained a security vulnerability that could lead to client crashes due to the double closure of...

7.5CVSS5.8AI score0.00337EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

XMLDOM 安全漏洞

XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.9.10, 0.8.13, and xmldom 0.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper validation or neutralization of the PI end sequence when...

8.7CVSS5.9AI score0.00408EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

XMLDOM 安全漏洞

XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.9.10, 0.8.13, and xmldom 0.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the unlimited depth of recursive traversal in lib/dom.js, which could...

8.7CVSS5.8AI score0.00643EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there were security vulnerabilities. These vulnerabilities stemmed fr...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

Tor 安全漏洞

Tor is a virtual tunnel network operated by the Tor Project organization. It allows individuals and groups to enhance their privacy and security on the Internet. Versions of Tor prior to 0.4.9.7 contained security vulnerabilities; these vulnerabilities stemmed from the possibility of attempting o...

5.3CVSS5.8AI score0.00287EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

WordPress plugin Team Member SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. Versions of...

7.6CVSS5.9AI score0.0022EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

WordPress plugin PDF Poster 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00182EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

WordPress plugin Happy Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.8AI score0.00336EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 150.0.1 contained a buffer error vulnerability. This vulnerability stemmed from memory security flaws, which could lead to memory corruption and might be...

8.1CVSS6.3AI score0.00323EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Microsoft Dynamics 365 Customer Insights 安全漏洞

Microsoft Dynamics 365 Customer Insights is a customer data platform developed by Microsoft for enterprise customers, focusing on data integration, user profiling analysis, and marketing insights. There is a security vulnerability in Microsoft Dynamics 365 Customer Insights, which stems from...

9.9CVSS5.8AI score0.00659EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

Short Video Maker 路径遍历漏洞

Short Video Maker is an automated short video generation tool developed by David Gyori. Versions of Short Video Maker 1.3.4 and earlier had a path traversal vulnerability. This vulnerability stemmed from the paramics.tmpFile operation in the REST API component, allowing for path traversal and...

6.9CVSS6.1AI score0.00575EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

GitPython 路径遍历漏洞

GitPython is a Python library developed by gitpython-developers, designed for interacting with Git repositories. Versions of GitPython prior to 3.1.48 contained a path traversal vulnerability. This vulnerability stemmed from insufficient validation of reference paths during reference creation,...

8.8CVSS5.8AI score0.00419EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

ParquetSharp 安全漏洞

ParquetSharp is a .NET library developed by G-Research for reading and writing Parquet files across platforms. Versions of ParquetSharp from 18.1.0 to 23.0.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of DecimalConverter.ReadDecimal to perform stackalloc with...

5.3CVSS5.9AI score0.00273EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from a flaw in the verification module’s checksum. Malicious modules can bypass the...

7.5CVSS6AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go; this vulnerability arises from parsing email addresses according to RFC 5322. Pathological inputs may...

7.5CVSS5.8AI score0.00798EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which occurs when processing SETTINGS frames. If the value of SETTINGSMAXFRAMESIZE is set to 0, the...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which can be triggered by carefully crafted inputs, leading to excessive CPU consumption and memory...

7.5CVSS5.8AI score0.00784EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

CodeAstro Online Classroom 注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a injection vulnerability; this vulnerability stems from the operation of the parameter squeryx in the file/askquery.php, which may lead to SQL injection attacks...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

open-notebook 安全漏洞

Open-Notebook is a privacy-oriented multi-model AI note-taking tool developed by Luis Novo. Version 1.8.1 of Open-Notebook contains a security vulnerability. This vulnerability stems from improper input validation and overly permissive default CORS configurations. It could allow remote attackers ...

8.7CVSS5.8AI score0.00144EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

WordPress plugin Royal Elementor Addons 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00239EPSS
Exploits0References1
Total number of security vulnerabilities195539