Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/06/05 12:0 a.m.9 views

InfiniStore 安全漏洞

InfiniStore is a high-performance Key-Value cache storage tool open-sourced by Bytedance Inc. Versions of InfiniStore 0.2.33 and earlier contain security vulnerabilities, which stem from an algorithmic complexity issue in the purgekvmap function of the KV Map Handler component’s src/infinistore.h...

4.8CVSS4.5AI score0.00112EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.15 views

OpenAI Atlas 安全漏洞

OpenAI Atlas is an AI browser developed by OpenAI in the United States, which integrates artificial intelligence assistants into the browsing experience. Versions of OpenAI Atlas prior to 1.2025.288.15 contained a security vulnerability. This vulnerability stemmed from exposing privileged browser...

6CVSS4.9AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

Guardrails 安全漏洞

Guardrails is a Python framework open source by Guardrails AI. Version 0.10.1 of Guardrails contains a security vulnerability. This vulnerability stems from the release of a malicious version to PyPI, which may cause damage to user systems...

9.6CVSS5.3AI score0.00276EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.13 views

SourceCodester Ship Ferry Ticket Reservation SQL注入漏洞

SourceCodester Ship Ferry Ticket Reservation is an open-source ticket reservation service developed by SourceCodester. Versions of SourceCodester Ship Ferry Ticket Reservation prior to 1.0 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of the Username...

7.5CVSS7.5AI score0.00328EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

Arista EOS和Arista CloudVision eXchange 安全漏洞

Arista EOS and Arista CloudVision eXchange are both products of the American company Arista. Arista EOS is a fully programmable, highly modular Linux-based network operating system. Arista CloudVision eXchange is a control plane switching platform designed for data centers and enterprise networks...

8.7CVSS5.5AI score0.00323EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

Arista Edge Threat Management - Arista Next Generation Firewall 安全漏洞

Arista Edge Threat Management – Arista Next Generation Firewall is a unified network security platform developed by the American company Arista. It integrates next-generation firewalls, intrusion prevention, web filtering, application control, and network threat protection capabilities. There are...

7CVSS5.9AI score0.0988EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.13 views

Redline WR3200 安全漏洞

The Redline WR3200 is a Wi-Fi 4 router from the Turkish company Redline, capable of supporting 300Mbps wireless transmission. The Redline WR3200 versions from 7.1.3 to 7.1.8 have security vulnerabilities. These vulnerabilities stem from improper authentication, lack of authentication for critical...

9.8CVSS5.4AI score0.0046EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

Open XDMoD SQL注入漏洞

Open XDMoD is an open-source tool developed by the Center for Computational Research for managing high-performance computing resources. Versions of Open XDMoD prior to 10.0.3 contained a SQL injection vulnerability. This vulnerability allows unauthenticated remote attackers to execute arbitrary S...

9.8CVSS6.2AI score0.00479EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.13 views

SAMSUNG Members 安全漏洞

Samsung Members is a community platform app developed by South Korea’s Samsung Corporation. Versions of Samsung Members prior to 5.8.01.5 contained security vulnerabilities. These vulnerabilities were due to improper input validation, which could allow local attackers to use Samsung Members...

7.1CVSS5.5AI score0.00105EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

Markdown Preview Enhanced 操作系统命令注入漏洞

Markdown Preview Enhanced is a highly powerful markup extension developed by Yiyi Wang. Versions of Markdown Preview Enhanced prior to 0.8.28 contained a vulnerability related to operating system command injection. This vulnerability stemmed from opening external files and links via the shell...

8.8CVSS5.4AI score0.0034EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

HCL Digital Experience Compose 安全漏洞

HCL Digital Experience Compose is an enterprise-level content creation and digital experience management platform developed by the Indian company HCL. HCL Digital Experience Compose has a security vulnerability, which stems from a reflection-type cross-site scripting issue in the search center...

6.1CVSS5.5AI score0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

Linqi 安全漏洞

Linqi is an English speaking practice platform developed by the German company Linqi. The platform combines human language interaction with AI feedback. Linqi has a security vulnerability, which stems from the lack of authorized checks. As a result, any authenticated user can read and write...

7.1CVSS5.3AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

Linqi 安全漏洞

Linqi is an English speaking practice platform developed by the German company Linqi. There is a security vulnerability in Linqi, which stems from improper authentication at the/api/Cdn/GetFile endpoint. This allows unauthorized remote attackers to bypass file access controls, but the actual...

6.9CVSS5.4AI score0.00414EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.8 views

Termix 操作系统命令注入漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained an operating system command injection vulnerability. This vulnerability stemmed from the GET /ssh/filemanager/ssh/resolvePath endpoint using double quotes to escape shel...

9.9CVSS6AI score0.02008EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

Markdown Preview Enhanced 安全漏洞

Markdown Preview Enhanced is a highly powerful markup extension developed by Yiyi Wang. Versions of Markdown Preview Enhanced prior to 0.8.28 contained security vulnerabilities. These vulnerabilities stemmed from the use of eval to parse WaveDrom expressions in untrusted markdown content, which...

8.8CVSS5.8AI score0.00362EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

WordPress plugin Alba Board 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.4AI score0.00272EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

HAX 操作系统命令注入漏洞

HAX is an open-source microsite developed by HAX The Web, managed using PHP as the backend. Versions of HAX prior to 26.0.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from an authenticated file overwrite vulnerability, which could allow...

9.4CVSS5.7AI score0.00291EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability. This vulnerability arises from administrators with delegated access rights to read group member identities and user information. They can bypass user profile permission...

2.7CVSS5.3AI score0.00348EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

Lyrion Music Server 跨站脚本漏洞

Lyrion Music Server is an audio server software developed by the Lyrion organization. Version 9.2.0 of Lyrion Music Server contains a cross-site scripting vulnerability. This vulnerability stems from an unvalidated reflective cross-site scripting vulnerability present in the server.log endpoint,...

6.1CVSS5.1AI score0.00324EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

Ansible 参数注入漏洞

Ansible is an easy-to-use IT automation system developed under the open source license of Ansible. Ansible has a parameter injection vulnerability, which stems from improper use of the parameter separator in the ansible-galaxy role install command, allowing arbitrary code to execute...

7.8CVSS5.6AI score0.00156EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

UDS Identity Config 安全漏洞

UDS Identity Config is a Keycloak configuration image building tool developed by Defense Unicorns. Versions 0.11.0 to 0.26.0 of UDS Identity Config contain security vulnerabilities. These vulnerabilities stem from logical errors in the client-kubernetes-secret Keycloak authentication handler. Thi...

10CVSS5.4AI score0.00341EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.8 views

7-Zip 安全漏洞

7-Zip is an open-source compression software developed by 7-Zip. Versions 9.18 to 26.00 of 7-Zip contain security vulnerabilities. These vulnerabilities stem from sparse filling of index arrays in the SquashFS archive processor, which allows for uninitialized heap reads, potentially leading to...

4.2CVSS5.3AI score0.00179EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

HelloTalk 安全漏洞

HelloTalk is a language exchange and social learning app developed by HelloTalk Corporation. Versions of HelloTalk 3.4.1 and earlier contained a security vulnerability. This vulnerability stemmed from the storage of full-precision GPS coordinates. Even if users intended to only share their countr...

5.3CVSS5.4AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.15 views

libinput 安全漏洞

libinput is an open-source library from freedesktop. It provides a complete input stack for applications that need to handle input devices provided by the kernel. There is a security vulnerability in libinput, which stems from the ability to inject arbitrary udev properties through the...

5.7AI score0.00019EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.7 views

7-Zip 缓冲区错误漏洞

7-Zip is an open-source compression software developed by 7-Zip. Versions 9.34 to 26.00 of 7-Zip contain a buffer error vulnerability. This vulnerability stems from improper handling of WIM archive processors’ security descriptor lookups, leading to out-of-bounds read attacks, which may result in...

7.1CVSS5.6AI score0.00225EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

Lyrion Music Server 跨站脚本漏洞

Lyrion Music Server is an audio server software developed by the Lyrion organization. Version 9.2.0 of Lyrion Music Server contains a cross-site scripting vulnerability. This vulnerability stems from an unvalidated storage-based cross-site scripting flaw present in the log viewer, which may allow...

7.2CVSS5AI score0.00183EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

WordPress plugin WP Captcha PRO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.5AI score0.00393EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.13 views

Termix 操作系统命令注入漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the POST /ssh/tunnel/connect endpoint, which directly inserted the...

9.8CVSS5.7AI score0.01729EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

Termix 安全漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the insecure handling of path parameters by the GET /ssh/filemanager/ssh/resolvePath endpoint, which caused...

9CVSS5.5AI score0.00294EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

SAMSUNG Assistant 安全漏洞

SAMSUNG Assistant is a device assistance component developed by South Korean company Samsung. Versions of SAMSUNG Assistant prior to 9.3.14 contained security vulnerabilities. These vulnerabilities stemmed from improper export of the SmartHomeWidgetReceiver component, which could allow local...

7.1CVSS5.8AI score0.00093EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

D-Link DWR-M920 操作系统命令注入漏洞

The D-Link DWR-M920 is a router produced by D-Link Corporation. Versions of the D-Link DWR-M920 prior to 1.1.50 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the IMEIvalue parameter in the sub412DA0 function found in...

6.5CVSS6.4AI score0.01044EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

Tenda FH451 安全漏洞

The Tenda FH451 is a router produced by the Chinese company Tenda. The version Tenda FH451 V1.0.0.9 contains a security vulnerability. This vulnerability stems from a stack overflow issue with the page parameter in the fromDhcpListClient function, which could allow attackers to cause...

7.5CVSS5.5AI score0.00357EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.8 views

HAXCMS 代码问题漏洞

HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS prior to 26.0.0 had code-related vulnerabilities. These vulnerabilities stemmed from improper session termination, which could allow attackers to obtain valid tokens and gain persistent access to...

5.3CVSS5.3AI score0.00311EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.13 views

Linqi 安全漏洞

Linqi is an English speaking practice platform developed by the German company Linqi. Linqi has a security vulnerability, which stems from a server-side request forgeing vulnerability in the custom process creation function. This vulnerability allows authenticated attackers to detect internal...

5.3CVSS5.3AI score0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.9 views

HAXCMS 输入验证错误漏洞

HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS prior to 26.0.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from unvalidated site creation requests, which could allow authenticated attackers to send...

6.5CVSS5.2AI score0.0024EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

CollegeManagementSystem 代码问题漏洞

CollegeManagementSystem is a comprehensive management system for college students and academic administration, developed by Tittu Varghese. There are code vulnerabilities in CollegeManagementSystem. These vulnerabilities stem from improper handling of the Student-Data-CSV parameter in the...

6.5CVSS6.5AI score0.00214EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

7-Zip 缓冲区错误漏洞

7-Zip is an open-source compression software developed by 7-Zip. Versions 9.34 to 26.00 of 7-Zip contained a buffer error vulnerability, which was caused by an integer overflow in SquashFS fragment offsets. This vulnerability could allow attackers to manipulate node offset values to bypass fragme...

8.1CVSS5.7AI score0.00324EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

Mimecast Incydr 安全漏洞

Mimecast Incydr is a cloud-native internal risk management and data protection platform developed by Mimecast Corporation in the United States. Versions of Mimecast Incydr prior to version 2.6.0 contained security vulnerabilities that could lead to arbitrary file access...

4.5CVSS5.5AI score0.0009EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

HAXCMS 安全漏洞

HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS prior to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from improper cleaning of the video-player component, which could allow attackers to execute arbitrary JavaScript in th...

9.3CVSS5.8AI score0.0023EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

OpenDaylight 安全漏洞

OpenDaylight ODL is an open-source SDN controller developed under the OpenDaylight project. OpenDaylight v12.0.5 contains a security vulnerability, which stems from issues with the cluster-admin:backup-datastore component. This vulnerability could allow attackers to perform directory traversal...

9.1CVSS5.3AI score0.00686EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.7 views

Lyrion Music Server 跨站脚本漏洞

Lyrion Music Server is an audio server software developed by the Lyrion organization. Version 9.2.0 of Lyrion Music Server contains a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting vulnerability present in the media file metadata tags, which...

7.2CVSS4.9AI score0.00197EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

Amazon Web Services JDBC Driver 安全漏洞

The Amazon Web Services JDBC Driver is an open-source Go language wrapper developed by Amazon Web Services. There is a security vulnerability in the Amazon Web Services JDBC Driver, which stems from an unreliable search path issue in the GlobalDatabasePlugin. This vulnerability allows remote,...

8.6CVSS5.3AI score0.00305EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.9 views

SAMSUNG Assistant 安全漏洞

SAMSUNG Assistant is a device assistance component developed by South Korea’s Samsung Corporation. Versions of SAMSUNG Assistant prior to 9.3.14 contained security vulnerabilities. These vulnerabilities stemmed from improper export of the ExpressHomeWidgetReceiver component, which could allow loc...

7.1CVSS5.8AI score0.00093EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

7-Zip 安全漏洞

7-Zip is a compression software developed under open source. Versions 9.21 to 26.00 of 7-Zip contain security vulnerabilities. These vulnerabilities stem from a memory leak in the UEFI parser, which allows attackers to exploit the uninitialized memory by truncating files, thereby exposing unread...

6.5CVSS5.3AI score0.00277EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

Altium Enterprise Server 安全漏洞

Altium Enterprise Server is a localization data management server developed by Altium Corporation in the United States. There is a security vulnerability in Altium Enterprise Server. This vulnerability stems from improper handling of file names provided to users, leading to path traversal attacks...

9.4CVSS5.3AI score0.00321EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

Moby 代码问题漏洞

Moby is an open-source project developed by Moby. It aims to promote the containerization of software and help the ecosystem make container technology mainstream. Versions of Moby prior to v2.0.0-beta.14 contained code-related vulnerabilities. These vulnerabilities stemmed from incorrect order of...

7.5CVSS6.1AI score0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.14 views

Arista Edge Threat Management - Arista Next Generation Firewall 安全漏洞

Arista Edge Threat Management – Arista Next Generation Firewall is a unified network security platform developed by the American company Arista. It integrates next-generation firewalls, intrusion prevention, web filtering, application control, and network threat protection capabilities. Version...

7CVSS5.3AI score0.00222EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.9 views

MoviePilot 路径遍历漏洞

MoviePilot is an automated film resource management tool developed by jxxghp. MoviePilot has a path traversal vulnerability, which stems from path traversal within the AliPan, U115, and Rclone cloud storage download processors. This vulnerability allows attackers to manipulate the file names...

8.1CVSS5.3AI score0.00469EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.8 views

CollegeManagementSystem 授权问题漏洞

CollegeManagementSystem is a comprehensive management system for college students and academic administration, developed by Tittu Varghese. There are authorization issues in CollegeManagementSystem; these issues stem from improper handling of the UserAuthData parameter in the sessionstart functio...

7.5CVSS6.4AI score0.00232EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.13 views

Open XDMoD 访问控制错误漏洞

Open XDMoD is an open-source tool developed by the Center for Computational Research for managing high-performance computing resources. Versions of Open XDMoD prior to 11.0.3 contained a access control vulnerability. This vulnerability stemmed from a flaw in the access control logic, allowing...

5.3CVSS5.4AI score0.00236EPSS
Exploits0References4
Total number of security vulnerabilities195539