Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

PenguinMod-BackendApi 输入验证错误漏洞

PenguinMod-BackendApi is a backend API service developed under the open source of PenguinMod, supporting storage using MongoDB and MinIO. Prior to version 1.0.0 of PenguinMod-BackendApi, there was a vulnerability related to input validation errors. This vulnerability stemmed from NoSQL injection ...

8.7CVSS5.3AI score0.00251EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

Quest Bot 信息泄露漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.4 contained an information leakage vulnerability. This vulnerability stemmed from improper settings in the ticket recording channel, which could expose private...

5.7CVSS5.3AI score0.00251EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Garlic-Hub 代码问题漏洞

Garlic-Hub is an open-source digital signage network device and content management tool developed by GarlicSignage. Versions of Garlic-Hub prior to 1.1 contained code vulnerabilities. These vulnerabilities stemmed from the uploadFromUrl endpoint, which allowed authenticated users to make arbitrar...

7.7CVSS5.5AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

IBM Security QRadar EDR 安全漏洞

IBM Security QRadar EDR is a terminal detection and response software developed by the American multinational company IBM. There are security vulnerabilities in versions 3.12 to 3.12.24 of IBM Security QRadar EDR. These vulnerabilities stem from the storage of user credentials in plain text, whic...

4.4CVSS5.3AI score0.00094EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.12 views

Guzzle Services 输入验证错误漏洞

Guzzle Services is an open-source client tool built on service descriptions for making HTTP requests. Prior to version 1.5.4 of Guzzle Services, there was a vulnerability related to input validation errors. This vulnerability occurred when the XML request serializer used XMLWriter::writeCData$val...

5.8CVSS5.4AI score0.00219EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

gatus 安全漏洞

Gatus is a service health monitoring and alerting tool developed by TwiN’s individual developers. Version 5.36.0 of Gatus contains a security vulnerability. This vulnerability stems from the setSessionCookie function in the OIDC session cookie handler. Performing certain operations may result in...

6.3CVSS4.9AI score0.00191EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

GitLab 授权问题漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 15.10, 18.10.8, 18.11.5, and 19.0.2...

5.4CVSS5.8AI score0.00187EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26.1 had a security vulnerability due to logging issues, which could allow applications access to sensitive user data...

5.5CVSS6.5AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.12 views

GitLab 跨站脚本漏洞

GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. Versions of GitLab EE from 17.1 to 18.10.8, 18.11 to 18.11.5, and 19.0 to 19.0.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input in the analysis...

8.7CVSS6.1AI score0.00249EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.13 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.25 contained security vulnerabilities. These vulnerabilities stemmed from a policy bypass in the embedded runner strategy, allowing requests using provider aliases to be compare...

4.8CVSS5.3AI score0.00093EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 had a security vulnerability due to insufficient checks. This vulnerability could allow applications to bypass startup restriction protections and execute...

7.8CVSS5.5AI score0.00115EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.13 views

OpenClaw 授权问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.7 contained security vulnerabilities. These vulnerabilities stemmed from a permission escalation issue in the Matrix allowFrom function, which allowed authenticated accounts to...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

Quest Bot 安全漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.3 contained security vulnerabilities. These vulnerabilities stemmed from users who had access to manage servers but did not have management roles or administrator...

7.5CVSS5.6AI score0.00238EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Axios 注入漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios from 1.15.2 to 1.16.0 had a injection vulnerability. This vulnerability stemmed from the lack of hasOwnProperty checks on nested objects created by the utils.merge function. This could lead to prototype pollution and...

5.3CVSS5.2AI score0.00228EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

WordPress plugin UpdraftPlus: WP Backup & Migration Plugin 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. One...

8.1CVSS6.6AI score0.03578EPSS
Exploits3References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

GitLab Enterprise Edition(EE) 安全漏洞

GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. There were security vulnerabilities in versions prior to GitLab EE 13.9, as well as versions prior to 18.10.8, 18.11.5, and 19.0.2. These vulnerabilities stemmed from incorrect authorization...

4.3CVSS5.3AI score0.00182EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability, which was caused by improper implementation of the password function. This vulnerability could allow remote attackers to bypass site...

3.1CVSS5.3AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

Apple macOS Sequoia 信息泄露漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 had a security vulnerability that stemmed from privacy concerns, potentially allowing applications to access sensitive user data...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Quest Bot 安全漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of suppression when creating tickets, allowing attackers to have the bot send...

6.3CVSS5.4AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

WordPress plugin Hippoo Mobile App for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

9.8CVSS5.4AI score0.00514EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

GitLab 授权问题漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 12.0, 18.10.8, 18.11.5, and 19.0.2...

3.1CVSS5.8AI score0.00236EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

VMware Spring Web Flow 安全漏洞

VMware Spring Web Flow is a web application flow management framework developed by the American company VMware. Versions 4.0.0, 3.0.0 to 3.0.1, and 2.5.0 to 2.5.1 of VMware Spring Web Flow contain security vulnerabilities. These vulnerabilities stem from the possibility of malicious Unified EL...

6.4CVSS5.4AI score0.00225EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

boruta-server 安全漏洞

Boruta-Server is an open-source independent authorization server developed by Malach.it. Versions of Boruta-Server prior to 0.9.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of the Secure attribute for session cookies and remember-me cookies. In deployments whe...

8.8CVSS5.3AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to 0.32.0 and 1.16.0 of Axios contain security vulnerabilities. These vulnerabilities stem from two prototype pollution tools that may cause upstream dependencies to pollute Object.prototype, allowing Axios to silently use the...

8.2CVSS5.3AI score0.00287EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Apple macOS 后置链接漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 and earlier contained a backlink vulnerability, which was caused by improper handling of symbolic links. This vulnerability could allow applications to...

5.5CVSS5.3AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

WordPress plugin Open User Map PRO 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.7CVSS5.2AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Apple macOS 访问控制错误漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26.1 and earlier contained an access control error vulnerability. This vulnerability stemmed from an access issue that could allow malicious applications to acces...

5.5CVSS6.5AI score0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.23 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation for untrusted inputs in the Network component. It could allow remote...

5.3CVSS5.4AI score0.00227EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Vim 代码注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Prior to Vim 9.2.0597, there was a code injection vulnerability. This vulnerability stemmed from Python’s omni-completion feature, which used exec to execute function and class definitions reconstructed from the curren...

8CVSS5.8AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Vim 缓冲区错误漏洞

Vim is an open-source, cross-platform text editor developed by Vim. Versions of Vim prior to 9.2.0565 contained a buffer error vulnerability. This vulnerability stemmed from the updatesnapshot function, which performed a copy of the visible terminal screen into the scroll buffer. During this...

8.2CVSS5.6AI score0.00303EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Vim 代码注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Prior to Vim 9.2.0496, there was a code injection vulnerability in the plugin for the cucumber file type. This vulnerability stemmed from the s:stepmatch function in the plugin, which, in Vim builds that support Ruby,...

5.3CVSS5.8AI score0.00135EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google, offering fast and secure web browsing features. Google Chrome has a vulnerability related to input validation, which stems from improper implementations in the DevTools component. Attackers can exploit this vulnerability to achieve sandbox escap...

8.3CVSS5.9AI score0.00229EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.17.0 contain security vulnerabilities. These vulnerabilities stem from resource exhaustion. A remote attacker can exploit these vulnerabilities by bypassing the mandatory size lim...

5.3CVSS5.5AI score0.00329EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.12 views

IBM DevOps Plan 安全漏洞

IBM DevOps Plan is a change management collaboration platform provided by the American multinational company International Business Machines IBM. There were security vulnerabilities in versions 3.0.0 to 3.0.6 of IBM DevOps Plan. These vulnerabilities stemmed from improper input validation of the...

6.5CVSS5.4AI score0.00149EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.12 contained security vulnerabilities. These vulnerabilities stemmed from shell option parsing; combining POSIX shell flags could bypass the exec revalidation check. Attackers c...

8.8CVSS5.3AI score0.00419EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

MIT Kerberos 数字错误漏洞

MIT krb5 is a network authentication protocol developed by the Massachusetts Institute of Technology in the United States. It operates on a client/server architecture, and both the client and server can perform identity authentication i.e., double verification, which helps prevent eavesdropping a...

5CVSS5.9AI score0.00261EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.10 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 12.10, 18.10.8, 18.11.5, and 19.0.2...

7.5CVSS5.3AI score0.0037EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Axios 代码注入漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios from 0.19.0 to 0.31.1, as well as versions before 1.15.2, have a code injection vulnerability. This vulnerability stems from a prototype pollution tool present in request configuration processing, which may lead to the...

7CVSS5.4AI score0.00495EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

WordPress plugin SliceWP 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5AI score0.00142EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

WordPress plugin JoomSport SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.3CVSS5.8AI score0.01323EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

VMware Spring Web Flow 跨站脚本漏洞

VMware Spring Web Flow is a web application flow management framework developed by VMware, Inc. Versions 4.0.0, 3.0.0 to 3.0.1, and 2.5.0 to 2.5.1 of VMware Spring Web Flow have cross-site scripting vulnerabilities. These vulnerabilities stem from the JavaScript RemotingHandler’s ability to rende...

4.8CVSS5.1AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.11 views

GitLab Enterprise Edition(EE) 跨站脚本漏洞

GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. Versions of GitLab EE from 13.1.4 to 18.10.8, as well as versions from 18.11 to 18.11.5 and from 19.0 to 19.0.2, contained a cross-site scripting vulnerability. This vulnerability stemmed from...

8.7CVSS5AI score0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

Google Chrome 输入验证错误漏洞

Google Chrome is a cross-platform web browser developed by Google, primarily used for accessing internet content. Google Chrome has a vulnerability related to input validation. This vulnerability stems from the Accessibility module’s failure to properly validate untrusted inputs. Attackers can...

8.3CVSS5.9AI score0.00246EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Vim 代码注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Prior to Vim 9.2.0561, there was a code injection vulnerability. This vulnerability stemmed from the Python omni-completion script, which executed import and from statements in the current buffer through the Python...

7.8CVSS5.6AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.20 views

Perry 路径遍历漏洞

Perry is a tool developed by Perry OpenSource that compiles TypeScript into native executable files. Versions of Perry prior to 0.5.1159 contained a path traversal vulnerability. This vulnerability allows malicious attackers to write arbitrary content to any writable location within the running...

8.6CVSS5.4AI score0.00379EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

MCP Server Kubernetes 参数注入漏洞

MCP Server Kubernetes is an MCP server for Kubernetes management, developed by Suyog Sonwalkar. Versions of MCP Server Kubernetes prior to 3.7.0 contained a parameter injection vulnerability. This vulnerability stemmed from the kubectl generic tool not performing a whitelist check on the tokens...

6.1CVSS5.4AI score0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation for untrusted inputs, which could allow remote attackers to exploit the...

8.3CVSS5.4AI score0.0018EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.20 views

Google Chrome 资源管理错误漏洞

Google Chrome is a cross-platform web browser developed by Google. It is primarily used for accessing web pages, running web applications, and providing various extended features. There is a resource management vulnerability in Google Chrome, which stems from improper handling of references after...

8.3CVSS5.9AI score0.00229EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 had code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing issues in browser control, allowing authenticated users to bypass private network...

7.7CVSS5.4AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

VMware Spring for GraphQL 代码问题漏洞

VMware Spring for GraphQL is a GraphQL application development framework provided by the American company VMware. Versions of VMware Spring for GraphQL such as 2.0.0, 1.4.0, and 1.3.0 contain code vulnerabilities. These vulnerabilities stem from insecure deserialization during the processing of...

9.8CVSS6AI score0.0043EPSS
Exploits0References1
Total number of security vulnerabilities195539