Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

Shibby Tomato 操作系统命令注入漏洞

Shibby Tomato is a third-party router firmware developed by Shibby’s individual developers. Version 1.28.0000 of Shibby Tomato contains a vulnerability related to operating system command injection. This vulnerability stems from the startvpnserver function in the /sbin/rc file within the Web UI...

8.6CVSS7.2AI score0.02635EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

WordPress plugin Hybrid Composer 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS5.4AI score0.00347EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

Octopus Server 安全漏洞

Octopus Server is a deployment automation and release management tool provided by the Australian company Octopus, used for continuous delivery. The affected versions of Octopus Server have a security vulnerability. This vulnerability stems from incorrect permission checks, allowing any...

6.5CVSS5.4AI score0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

JoomSky Joomla com_jsjobs 路径遍历漏洞

JoomSky Joomla comjsjobs is a recruitment and job management component provided by JoomSky Inc. Version 1.2.6 of JoomSky Joomla comjsjobs contains a path traversal vulnerability. This vulnerability arises from improper handling of custom user field parameters, which may allow authenticated...

7.1CVSS5.3AI score0.00327EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

Froxlor 安全漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Version 2.3.6 of Froxlor contains a security vulnerability. This vulnerability stems from the fact that the FTP account processing program does not enforce a shell whitelist, which may allow arbitrary shell...

9.4CVSS5.4AI score0.00227EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

Gradio 安全漏洞

Gradio is an open-source Python library developed by Google. It provides a user-friendly web interface for demonstrating machine learning models. Version 6.14.0 of Gradio contains a security vulnerability. This vulnerability stems from the use of a weak hash function in the saveaudiotocache...

2.5CVSS4.6AI score0.00106EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

GNCC GP5 安全漏洞

GNCC GP5 is a 2K indoor security camera produced by GNCC Corporation. The GNCC GP5 v7.1.76 version contains a security vulnerability. This vulnerability stems from the practice of storing the pre-signed Backblaze B2 upload URL as plain text in the serial console. This could allow physically...

7.1CVSS5.4AI score0.00093EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

WordPress plugin Live Chat Unlimited 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.1CVSS5.2AI score0.00211EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.12 views

Niche Office All in One Video Downloader SQL注入漏洞

Niche Office All in One Video Downloader is an online video download tool developed by the Turkish company Niche Office. Version 1.2 of Niche Office All in One Video Downloader has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter, whi...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.12 views

GX Group Earth 2022 ONT 操作系统命令注入漏洞

GX Group Earth 2022 ONT is an FTTH optical network terminal device developed by the Turkish company GX Group. The GX Group Earth 2022 ONT has a vulnerability related to operating system command injection. This vulnerability arises from improper handling of user input by multiple diagnostic...

8.7CVSS6.1AI score0.00388EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

NetworkManager 操作系统命令注入漏洞

NetworkManager is an open-source network management daemon developed by NetworkManager. NetworkManager has a vulnerability related to operating system command injection. This vulnerability stems from the dhclient backend’s handling of format-errors in Manufacturer Usage Description URLs, leading ...

6.7CVSS5.6AI score0.00118EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

Projectworlds Online Art Gallery Shop Project SQL注入漏洞

Projectworlds Online Art Gallery Shop Project is a online art gallery store project developed by the Projectworlds team. Version 1.0 of Projectworlds Online Art Gallery Shop Project has a SQL injection vulnerability. This vulnerability arises from an unknown function in the file...

6.5CVSS6.6AI score0.00303EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

Net::Statsd::Lite 安全漏洞

Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.13 contained security vulnerabilities. These vulnerabilities stemmed from the lack of checks for line breaks, colons, or pipes in...

5.3CVSS5.2AI score0.00258EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the aicmd tool executing with full root access, and it involves direct passing of socket inputs to popen, which may allow...

9.8CVSS5.8AI score0.00317EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from public access rights that are not checked by the core Broadcast Receiver. This vulnerability may allow unauthorized local software component...

8.5CVSS5.4AI score0.00098EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.13 views

GNCC GP5 安全漏洞

GNCC GP5 is a 2K indoor security camera produced by GNCC Corporation. The GNCC GP5 v7.1.76 version contains a security vulnerability. This vulnerability stems from issues with the U-Boot component, which may allow physical proximity attackers to bypass authentication and obtain root access by...

6.8CVSS5.2AI score0.00191EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

Iris 安全漏洞

Iris is a fast, simple, yet fully functional and highly efficient Go network framework developed under the DFIR-IRIS open source project. Versions of Iris prior to 2.4.28 contained security vulnerabilities, which were caused by the return of unnecessary sensitive data...

6.5CVSS5.2AI score0.00232EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.12 views

Microsoft Graph 日志信息泄露漏洞

Microsoft Graph is a unified API platform of the American company Microsoft. There is an information leakage vulnerability in Microsoft Graph; this vulnerability stems from the exposure of sensitive information to unauthorized actors, which may allow authorized attackers to disclose information...

6.5CVSS5.7AI score0.00756EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

Iris 安全漏洞

Iris is an open-source fast, simple, yet fully functional and highly efficient Go network framework developed by DFIR-IRIS. Versions of Iris prior to 2.4.28 contained security vulnerabilities, which stemmed from allowing users to manipulate API requests to modify values in the database...

4.3CVSS5.3AI score0.00183EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.13 views

ITPison OMICARD EDM 安全漏洞

ITPison OMICARD EDM is a high-speed electronic newspaper EDM marketing distribution system developed by the Chinese company ITPison. ITPison OMICARD EDM has a security vulnerability that stems from insecure direct object references. This vulnerability could allow unauthorized remote attackers to...

6.9CVSS5.4AI score0.00244EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

WordPress plugin ad manager wd 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.8CVSS5.5AI score0.0046EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

OpenTelemetry-Go 安全漏洞

OpenTelemetry-Go is an open-source developer toolkit developed by OpenTelemetry - CNCF. Versions of OpenTelemetry-Go prior to 0.0.17 contained a security vulnerability. This vulnerability stemmed from the fact that each successful ParseFile call would leak a file descriptor. Repeated parsing coul...

5.5CVSS5.3AI score0.00168EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

Care2x SQL注入漏洞

Care2x is a hospital information management system developed by Care2x Corporation. Version 2.7 of Care2x contains an SQL injection vulnerability. This vulnerability stems from improper handling of the ckconfig cookie parameter, which may allow unauthenticated attackers to execute arbitrary SQL...

8.8CVSS6.2AI score0.00262EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.12 views

GX Group Earth 2022 ONT 安全漏洞

GX Group Earth 2022 ONT is an FTTH optical network terminal device developed by the Turkish company GX Group. There is a security vulnerability present in GX Group Earth 2022 ONT. This vulnerability stems from the web management interface transmitting user credentials via HTTP plaintext...

8.7CVSS5.5AI score0.00244EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.16 views

Cloud Foundry windows-utilities-release 安全漏洞

Cloud Foundry Windows-Utilities-Release is a collection of Windows platform maintenance tools provided by the Cloud Foundry company. There are security vulnerabilities in Cloud Foundry Foundation Windows-Utilities-Release; these vulnerabilities stem from the use of a predictable random number...

7.5CVSS5.4AI score0.00245EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from the improper handling of special characters in the incoming VPN network configuration files. This vulnerability may allow for command...

8.5CVSS5.3AI score0.0072EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

GNCC GP5 安全漏洞

GNCC GP5 is a 2K indoor security camera produced by GNCC Corporation. The GNCC GP5 v7.1.76 version contains a security vulnerability. This vulnerability arises from the fact that the “Reset to Factory Settings” function fails to remove sensitive encrypted data from the JFFS2 configuration...

4.6CVSS5.3AI score0.00145EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the lack of a bot mitigation mechanism in the /v1/account/register registration path, which may allow malicious automated syste...

9.1CVSS5.3AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

Net::CIDR::Set 安全漏洞

Net::CIDR::Set is a Perl network address management library developed by RRWO’s individual developers. Versions of Net::CIDR::Set prior to 0.20 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of IP addresses. The add method called the encode method ...

7.5CVSS5.2AI score0.00329EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

ModelScope 安全漏洞

ModelScope is an open-source model service and inference training platform developed by ModelScope. Versions of ModelScope 4.2.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the use of a weak hash function in the Template.savepilimage function of the...

3.6CVSS4.9AI score0.00075EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.22 views

Zephyr 安全漏洞

Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, which stems from the fact that the tlssessionstore and tlssessionrestore functions in the TLS socket connection path do not validate the addrlen value. This leads t...

8.8CVSS5.8AI score0.0032EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

Microsoft 365 Copilot 命令注入漏洞

Microsoft 365 Copilot is a generative AI collaboration assistant integrated into the Microsoft Office suite. Microsoft 365 Copilot has a command injection vulnerability, which stems from improper of special elements in commands. This vulnerability could allow authorized attackers to execute code...

8.8CVSS5.6AI score0.00452EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

Neterbit NW-431F Router 安全漏洞

The Neterbit NW-431F Router is a 4G LTE wireless router produced by the Neterbit company. The Neterbit NW-431F Router versions 20241014-IR03 and earlier has a security vulnerability. This vulnerability stems from the SMS module not properly clearing user input, which may lead to stored-xss attack...

7.1CVSS5.3AI score0.00196EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

HCL Hive Telco Observability 安全漏洞

HCL Hive Telco Observability is a telecommunications network observability platform developed by the Indian company HCL. There is a security vulnerability in HCL Hive Telco Observability, which stems from the lack of necessary CSP directives in the keycloak component of the web application. This...

8.1CVSS5.3AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the ability to access internal multimedia session archives without authentication, and lax cross-site resource sharing rules...

8.8CVSS5.2AI score0.00257EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.7 views

Iris 授权问题漏洞

Iris is an open-source fast, simple, yet fully functional and highly efficient Go network framework developed by DFIR-IRIS. Versions of Iris prior to 2.4.28 had an authorization issue vulnerability. This vulnerability stemmed from the GraphQL endpoints not enforcing authorization checks, which...

7.1CVSS5.3AI score0.00246EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from a broadcast event that allows malware to overwrite the device’s default mobile device management endpoint address, potentially...

9.3CVSS5.3AI score0.00098EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.7 views

SolarWinds Serv-U 资源管理错误漏洞

SolarWinds Serv-U is an FTP File Transfer Protocol server software developed by the American company SolarWinds. SolarWinds Serv-U has a resource management vulnerability that stems from unvalidated POST requests using the Content-Encoding: deflate header, which can lead to service crashes...

7.5CVSS5.8AI score0.10659EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Cloud Foundry BOSH 安全漏洞

Cloud Foundry BOSH is a cloud infrastructure automation platform developed by the US-based Cloud Foundry company. All versions of Cloud Foundry BOSH, as well as previous versions, have security vulnerabilities. These vulnerabilities stem from the name parameter in PackagePersister.validatetgz bei...

8.7CVSS5.5AI score0.00116EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from the legacy debugging module containing fixed credentials from the AWS Cognito test sandbox. This vulnerability could potentially lead to...

6.9CVSS5.3AI score0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

HCL iControl 安全漏洞

HCL iControl is an IT infrastructure monitoring and automation platform developed by HCL Company in India. HCL iControl has a security vulnerability, which stems from CSV injection during the export of CSV files. Due to insufficient parameter cleaning, reflection-type cross-site scripting attacks...

8.8CVSS5AI score0.00199EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the lack of authorization verification for the key management API endpoints involved in cellular eSIM allocation. As a result,...

8.3CVSS5.3AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

Froxlor 后置链接漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Version 2.3.6 of Froxlor contains a post-installation link vulnerability. This vulnerability stems from a symbolic link follow-up flaw in the SSH key synchronization path, which may allow root access via SSH...

8.8CVSS5.3AI score0.00366EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.13 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the hardcoded backend API keys generated by the M3WebServer, which can be easily intercepted through detailed error handling...

9.8CVSS5.3AI score0.00292EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

HCL iControl 安全漏洞

HCL iControl is an IT infrastructure monitoring and automation platform developed by HCL Company in India. Version 4.0.0 of HCL iControl contains a security vulnerability. This vulnerability arises from unhandled exceptions, which lead to stack trace leaks. It occurs due to accessing the properti...

4.3CVSS5.3AI score0.00157EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.12 views

Etsy::StatsD 安全漏洞

Etsy::StatsD is an open-source application performance monitoring and metric collection component developed by statsd. Etsy::StatsD versions 1.002002 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of checks for line breaks, colons, or pipes in metric...

7.5CVSS5.2AI score0.00262EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

OpenStack Neutron 安全漏洞

OpenStack Neutron is an open-source project under OpenStack, designed to provide services between interface devices managed by other OpenStack services. Prior to version 28.0.1, OpenStack Neutron had a security vulnerability. This vulnerability stemmed from the ability of project administrators t...

2.2CVSS5.3AI score0.00262EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

libinput 安全漏洞

libinput is an open-source library from freedesktop. It provides a complete input stack for applications that need to handle input devices provided by the kernel. Versions of libinput prior to 1.30.4 and 1.31.x prior to 1.31.3 have security vulnerabilities. These vulnerabilities stem from unescap...

9.8CVSS5.6AI score0.00498EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

itsourcecode Fees Management System 代码注入漏洞

itsourcecode Fees Management System is an open-source charging management system developed by itsourcecode. Versions of itsourcecode Fees Management System 1.0 and earlier had a code injection vulnerability. This vulnerability stemmed from the operation of unknown functions in the /navbar.php fil...

5.3CVSS4.7AI score0.00273EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

Navtor NavBox 信任管理问题漏洞

NAVTOR NavBox is a shipping information system device developed by the Norwegian company Navtor, used for electronic nautical chart management and navigation data synchronization on ships. Versions of NAVTOR NavBox prior to 4.16.1.20 contained a trust management vulnerability. This vulnerability...

6.3CVSS5.3AI score0.00122EPSS
Exploits0References2
Total number of security vulnerabilities195539