Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/06/07 12:0 a.m.11 views

GL.iNet GL-MT3000 命令注入漏洞

GL.iNet GL-MT3000 is a portable travel router from the company GL.iNet, which supports Wi-Fi 6 and VPN functions. Versions of GL.iNet GL-MT3000 with a version number of 4.4.5 or earlier have a command injection vulnerability. This vulnerability stems from incorrect operations with the parameter...

5.8CVSS5.1AI score0.01582EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.12 views

BeikeShop 授权问题漏洞

BeikeShop is an open-source PHP e-commerce platform developed by BeikeShop. It supports multiple languages and currencies, as well as quick deployment. Versions of BeikeShop prior to 1.6.0.22 have vulnerabilities related to authorization. These vulnerabilities stem from the function callback in t...

7.5CVSS7.4AI score0.00294EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.12 views

cereal 安全漏洞

Cereal is an open-source C++11 serialization library developed by iLab at USC. It supports binary, XML, and JSON formats. Versions of Cereal 1.3.2 and earlier contain security vulnerabilities. These vulnerabilities stem from unknown functions in the Shared Pointer Handler component, which may lea...

7.5CVSS7.3AI score0.00313EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.10 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent 0.12.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the function resolvesessionbytitle in the resume Endpoint component’s file hermesstate.py...

6.5CVSS6.4AI score0.00225EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.11 views

GL.iNet GL-MT3000 命令注入漏洞

GL.iNet GL-MT3000 is a portable travel router from the company GL.iNet, which supports Wi-Fi 6 and VPN functions. Version 4.4.5 of GL.iNet GL-MT3000 has a command injection vulnerability. This vulnerability stems from a problem with the function “rpcsys” in the LuCI JSON-RPC Interface component...

6.5CVSS6.4AI score0.01102EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.14 views

Chanjet CRM SQL注入漏洞

Chanjet CRM is a customer relationship management system developed by Chanjet Corporation. Version 1.0 of Chanjet CRM has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter gblOrgID in the HTTP GET Request Handler component...

7.5CVSS7.5AI score0.0026EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.12 views

deep-searcher 访问控制错误漏洞

Deep-Searcher is a private data search and intelligent question-answering tool developed by Zilliz, based on large models and VectorDB. Versions of Deep-Searcher 0.0.2 and earlier contain an access control vulnerability. This vulnerability stems from the operation of the CollectionRouter.invoke...

5.5CVSS5.6AI score0.00253EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.13 views

serialization 安全漏洞

Serialization is a data serialization and deserialization tool open source from Boost.org. Versions of serialization 1.91 and earlier have security vulnerabilities. These vulnerabilities stem from improper input validation by unknown functions for specified types, which may lead to remote attacks...

7.5CVSS7.6AI score0.00311EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.12 views

GL.iNet GL-MT3000 命令注入漏洞

GL.iNet GL-MT3000 is a portable travel router from the company GL.iNet, which supports Wi-Fi 6 and VPN functions. Versions of GL.iNet GL-MT3000 with a version number of 4.4.5 or earlier have a command injection vulnerability. This vulnerability stems from the incorrect handling of the parameter...

7.5CVSS7.3AI score0.01681EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.12 views

Tiobon Employee Self-Service System SQL注入漏洞

The Tiobon Employee Self-Service System is an enterprise employee self-service platform developed by Tiobon Corporation. Versions of the Tiobon Employee Self-Service System prior to 7.2 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter...

6.5CVSS6.6AI score0.00193EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.11 views

SecureAge CatchPulse 访问控制错误漏洞

SecureAge CatchPulse is a terminal security protection platform developed by SecureAge in Singapore, based on artificial intelligence and application white-list technology. Versions of SecureAge CatchPulse 10.9.1 and earlier contain an access control vulnerability. This vulnerability stems from...

4.8CVSS4.7AI score0.00106EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.13 views

MetaGPT 命令注入漏洞

MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.2 and earlier contained a command injection vulnerability. This vulnerability stemmed from the erroneous handling of the parameter mermaid.path in the function checkcmdexists found in the file...

5CVSS5.4AI score0.00936EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.14 views

JeeWMS 访问控制错误漏洞

JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. There is an access control vulnerability in JeeWMS, which stems from issues with the handling of files in the /base-boot/actuator directory within the Boot Actuator Endpoint component. This vulnerability...

6.9CVSS5.6AI score0.00292EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.13 views

JeecgBoot 访问控制错误漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.2 and earlier contain an access control vulnerability. This vulnerability stems from the function queryPageList in the User List Endpoint component, which process...

3.1CVSS4.7AI score0.0022EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.13 views

Comodo Internet Security 数字错误漏洞

Comodo Internet Security is a set of computer security software developed by the American company Comodo, primarily aimed at internet security. Comodo Internet Security has a digital error vulnerability; this vulnerability stems from an integer underflow in the IPv6 packet resolver within the...

8.7CVSS5.8AI score0.00542EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.12 views

GL.iNet GL-MT3000 命令注入漏洞

GL.iNet GL-MT3000 is a portable travel router from the company GL.iNet, which supports Wi-Fi 6 and VPN functions. Versions of GL.iNet GL-MT3000 with a version number up to 4.4.5 have a command injection vulnerability. This vulnerability stems from an incorrect operation of the parameter ‘device’ ...

6.5CVSS6.5AI score0.01073EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.9 views

Jinher OA SQL注入漏洞

Jinher OA is a collaborative management software developed by Jinher Company in China. Version 1.0 of Jinher OA contains an SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter httpOID in the file nextselectplan.aspx, which may lead to SQL injection...

7.5CVSS7.5AI score0.00259EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.11 views

Jinher OA C6 SQL注入漏洞

Jinher OA C6 is a digital office platform developed by Jinher Corporation. Jinher OA C6 has a SQL injection vulnerability. This vulnerability arises from improper handling of the parameter ‘queryID’ in the file/C6/JHSoft.Web.ModuleCount/GetFormSn.aspx, an unknown function. An attacker can exploit...

6.5CVSS6.6AI score0.00196EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.10 views

TP-Link Tapo C520WS 安全漏洞

The TP-Link Tapo C520WS is a WiFi camera produced by the TP-Link company. The TP-Link Tapo C520WS v2 has a security vulnerability. This vulnerability stems from logical flaws in the device’s API authorization mechanism. Attackers could exploit this flaw to bypass the whitelist restrictions and ma...

7CVSS5.4AI score0.00151EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.13 views

WordPress plugin WP User Manager – User Profile Builder & Membership 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.6AI score0.02403EPSS
Exploits1References14
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.11 views

go-fastdfs-web 代码问题漏洞

go-fastdfs-web is a web management platform for a distributed file storage system developed by Perfree’s individual developers. Versions of go-fastdfs-web prior to 1.3.7 have code vulnerabilities; these vulnerabilities stem from issues with the checkServer function in the Installation Endpoint...

7.5CVSS7.5AI score0.00409EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.10 views

WordPress plugin Simple SEO Slideshow 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.2AI score0.00192EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.10 views

TP-Link Tapo C520WS 安全漏洞

The TP-Link Tapo C520WS is a WiFi camera produced by TP-Link Corporation. The TP-Link Tapo C520WS v2 version has a security vulnerability. This vulnerability stems from a format string vulnerability in the ONVIF Subscribe service. Improper handling of parameters provided by external sources may...

6.8CVSS5.4AI score0.00174EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.9 views

WordPress plugin WPvivid Backup & Migration 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

3.8CVSS5.4AI score0.00263EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.17 views

WordPress plugin SEO Plugin by Squirrly SEO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.3AI score0.00296EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.13 views

WordPress plugin WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.4AI score0.00202EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.7 views

WordPress plugin Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.3AI score0.00214EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.9 views

Protocol::HTTP2 安全漏洞

Protocol::HTTP2 is a Ruby protocol library developed by CROX’s individual developers, which implements functions for encoding/decoding HTTP/2 protocols, frame handling, and connection management. Versions of Protocol::HTTP2 prior to 1.12 contained security vulnerabilities. These vulnerabilities...

7.5CVSS5.3AI score0.00414EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.13 views

WordPress plugin Click to Chat – WA Widget 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.3AI score0.00288EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.8 views

WordPress plugin Express Payment For Stripe 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.2AI score0.00188EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.11 views

WordPress plugin LatePoint – Calendar Booking Plugin for Appointments and Events 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.5AI score0.00135EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.8 views

iAI Lab PDF AI: Podcast, Notes, Slides 路径遍历漏洞

iAI Lab PDF AI: Podcast, Notes, Slides is an artificial intelligence-based PDF document analysis tool developed by iAI Lab. Version 4.21.0 of iAI Lab PDF AI: Podcast, Notes, Slides contains a path traversal vulnerability. This vulnerability arises from improper handling of the displayname paramet...

4.8CVSS4.9AI score0.00171EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.11 views

WordPress plugin MDJM Event Management 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.2CVSS5.9AI score0.00659EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.8 views

WordPress plugin Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be integrated...

7.2CVSS5.4AI score0.00314EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.10 views

OneDev 授权问题漏洞

OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. Versions of OneDev prior to 15.0.5 have...

6.5CVSS6.5AI score0.00214EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.8 views

WordPress plugin Page-list 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.4AI score0.00224EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.9 views

WordPress plugin OptinCraft – Drag & Drop Optins & Popup Builder SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.9CVSS5.8AI score0.00259EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.11 views

WordPress plugin Essential Addons for Elementor – Popular Elementor Templates & Widgets 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.4AI score0.0515EPSS
Exploits1References15
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.11 views

WordPress plugin LearnPress – Backup & Migration Tool 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.6CVSS5.8AI score0.0045EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.11 views

WordPress plugin LearnPress – Backup & Migration Tool 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.9CVSS5.4AI score0.00646EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.10 views

WordPress plugin Smart Slider 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.9CVSS5.5AI score0.00558EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.12 views

TP-Link Tapo C520WS 安全漏洞

The TP-Link Tapo C520WS is a WiFi camera produced by TP-Link Corporation. The TP-Link Tapo C520WS v2 version has a security vulnerability. This vulnerability stems from a stack buffer overflow in the ONVIF DeleteUsers service. Insufficient bounds checking allows authenticated attackers to send...

6.8CVSS5.7AI score0.0018EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.8 views

WordPress plugin All-In-One Security (AIOS) – Security and Firewall 品跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS5.3AI score0.00338EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.12 views

WordPress plugin Klamra Paycal for Aspaclaria 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

4.3CVSS5.6AI score0.00234EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.11 views

OneDev 授权问题漏洞

OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. OneDev versions 15.0.5 and earlier have...

6.5CVSS6.5AI score0.00214EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.11 views

TP-Link Tapo C520WS 安全漏洞

The TP-Link Tapo C520WS is a WiFi camera produced by TP-Link Corporation. The TP-Link Tapo C520WS v2 version has a security vulnerability. This vulnerability stems from a stack buffer overflow in the ONVIF CreateUsers service. The device fails to correctly verify the number of XML user nodes, whi...

6.8CVSS5.7AI score0.0018EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.10 views

WordPress plugin EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Some...

6.4CVSS5.3AI score0.00234EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.12 views

WordPress plugin LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.4AI score0.00353EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.12 views

VERTEX 操作系统命令注入漏洞

VERTEX is an integrated management tool developed by the individual developer of lswl.in, designed for binge-watching and stream watching. Versions of vertex-app and vertex released on February 12, 2026, and earlier have a vulnerability related to operating system command injection. This...

6.5CVSS6.6AI score0.01114EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.11 views

WordPress plugin MapPress Maps for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.4AI score0.00813EPSS
Exploits0References25
Total number of security vulnerabilities195539