Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

LibreChat 安全漏洞

LibreChat is an open-source, free, and highly customizable unified AI dialogue platform. It allows for the aggregation and running of large models from any vendor within one interface. LibreChat versions 0.8.3 and earlier have a security vulnerability caused by improper access control to the MCP...

6.5CVSS5.4AI score0.00276EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, where functions return errors that include the input within the error message. This allows attackers ...

5.3CVSS5.3AI score0.0037EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.11 views

Seagate openSeaChest 安全漏洞

Seagate openSeaChest is a set of cross-platform storage device management tools developed by Seagate Corporation. The version of Seagate openSeaChest v25.05.3 contains a security vulnerability. This vulnerability stems from an out-of-bounds write operation during the --showSupportedFormats comman...

1.8CVSS5.4AI score0.00102EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

BlenderMCP 代码注入漏洞

BlenderMCP is a 3D modeling control tool developed by ahujasid that connects Blender with AI. Versions of BlenderMCP 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b and earlier have a code injection vulnerability. This vulnerability stems from the handling of the code parameter in the executeblendercode...

6.5CVSS5.5AI score0.00178EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Libwebsockets 安全漏洞

Libwebsockets is a standardized network library open-sourced by the lws-team. Versions of Libwebsockets 4.5.8 and earlier contain security vulnerabilities. These vulnerabilities stem from the lwssshParseplaintext function in the SSH Protocol Handler component’s plugins/protocollwssshbase/sshd.c...

6.9CVSS5.3AI score0.00429EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

Dräger Protector Software 安全漏洞

Dräger Protector Software is a gas detection and safety monitoring management platform developed by the German company Dräger. Versions of Dräger Protector Software prior to version 6.4.2 contained security vulnerabilities. These vulnerabilities were due to insecure file system permissions, which...

8.3CVSS6AI score0.00107EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

authentik 授权问题漏洞

Authentik is an open-source identity provisioning application. Versions of Authentik before 2025.12.6, 2026.2.4, and 2026.5.1 have vulnerabilities related to authorization. These vulnerabilities stem from the possibility of sending empty POST requests, which may bypass the authentication phase...

9.8CVSS5.5AI score0.00405EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.11 views

Dräger Infinity Acute Care System和Dräger Standalone Infinity M540 patient monitor 数据伪造问题漏洞

The Dräger Infinity Acute Care System and the Dräger Standalone Infinity M540 patient monitor are both products of the German company Dräger. The Dräger Infinity Acute Care System is an emergency monitoring platform that integrates patient monitoring, clinical workstations, and medical informatio...

8.8CVSS5.6AI score0.0016EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

BrowserStack Runner 路径遍历漏洞

BrowserStack Runner is an open-source browser testing command-line tool developed by BrowserStack. Versions of BrowserStack Runner prior to 0.9.5 contained a path traversal vulnerability. This vulnerability originated from the default HTTP handler in lib/server.js, which allowed for path traversa...

7.1CVSS5.5AI score0.00208EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

BrowserStack Runner 代码注入漏洞

BrowserStack Runner is an open-source browser testing command-line tool developed by BrowserStack. Versions of BrowserStack Runner prior to 0.9.5 contained a code injection vulnerability. This vulnerability stems from the log HTTP handler, where data provided by users is passed to...

8.8CVSS6AI score0.00392EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.11 views

National Instruments Ni-Pal 安全漏洞

National Instruments Ni-Pal is a software component of the American company National Instruments. It serves to provide necessary functions for multiple NI drivers. National Instruments Ni-Pal versions prior to 26.3.0 contain security vulnerabilities. These vulnerabilities stem from improper input...

8.4CVSS5.5AI score0.00107EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

GLPI 跨站脚本漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases for managing various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

8.4CVSS4.9AI score0.00418EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

SourceCodester Human Resource Management 安全漏洞

SourceCodester Human Resource Management is an open-source human resource management system developed by SourceCodester. Version 1.0 of SourceCodester Human Resource Management contains a security vulnerability. This vulnerability stems from the handling of the parameter employeeid in the Employe...

5.3CVSS5.3AI score0.00242EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Medplum 代码问题漏洞

Medplum is an open-source platform for rapid development of medical applications. Versions of Medplum prior to 5.1.14 contained code-related vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability present in subscription workers, which could allow...

8.5CVSS5.7AI score0.00229EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

Tesla 安全漏洞

Tesla is an electric vehicle produced by the American company Tesla. Versions of Tesla from 0.8.0 to 1.18.3 contained security vulnerabilities. These vulnerabilities were due to Tesla.Multipart.addcontenttypeparam/2 not verifying CR or LF characters, which could lead to HTTP header injection...

2.1CVSS5.4AI score0.0017EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Tesla 安全漏洞

Tesla is an HTTP client software open source by Elixir Tesla. Versions of Tesla from 1.4.0 to 1.18.3 contained security vulnerabilities. These vulnerabilities stemmed from the use of case-sensitive string comparisons in handling security-sensitive headers. This could lead to credential leakage to...

8.2CVSS5.3AI score0.00396EPSS
Exploits2References5
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Code-Projects Student Admission System SQL注入漏洞

Code-Projects Student Admission System is an open-source student admission system developed by Code-Projects. Version 1.0 of the Code-Projects Student Admission System has a SQL injection vulnerability. This vulnerability stems from the operation of parameters eid/did in the file/index.php, which...

7.5CVSS5.7AI score0.00272EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.11 views

react-router 输入验证错误漏洞

react-router is a declarative routing library for React, open-sourced by Remix. There were input validation vulnerabilities in the versions of react-router from 7.0.0 to 7.14.0, and from 6.7.0 to 6.30.3. These vulnerabilities stemmed from the fact that path values starting with “//” were...

8.7CVSS5.3AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Pterodactyl Panel 安全漏洞

Pterodactyl Panel is an open-source game server management panel developed by Pterodactyl. Versions of Pterodactyl Panel prior to 1.12.3 contained security vulnerabilities. These vulnerabilities stemmed from a complete failure of the database locking mechanism, which could allow users to bypass...

2.3CVSS5.4AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

wireapp wire-ios 数字错误漏洞

wire-ios is the client layer that handles all data displayed in mobile applications. Versions of wire-ios prior to 4.16.0 have a numerical error vulnerability, which stems from a lack of length checking. This vulnerability may lead to crashes when receiving specially crafted malicious Proteus...

6.5CVSS5.8AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.11 views

Crow 安全漏洞

Crow is a C++ microframework developed by Crow OpenSource, used for running web services. Versions of Crow 1.3.1 and earlier contain security vulnerabilities; these vulnerabilities stem from unvalidated response header values, which may lead to response header injection attacks...

9.8CVSS5.4AI score0.00332EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

react-router 安全漏洞

react-router is a declarative routing library for React, open-sourced by Remix. Versions 7.7.0 to 7.13.1 of react-router contain security vulnerabilities. These vulnerabilities stem from improper redirection handling when using the unstable RSC API, which may lead to cross-site scripting attacks ...

7.5CVSS4.9AI score0.00294EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

AuthKit React Router Library 跨站脚本漏洞

AuthKit React Router Library is an open-source project developed by WorkOS, used within React Router 7 for authentication and session management. Versions 7.7.0 to 7.13.1 of the AuthKit React Router Library contain a cross-site scripting vulnerability. This vulnerability arises from improper...

8CVSS5AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

goclaw 访问控制错误漏洞

Goclaw is an open-source multi-tenant AI smart agent platform developed by Next Level Builder. Versions of GoClaw 3.11.3 and earlier contain a security vulnerability related to access control. This vulnerability stems from a lack of authentication in the resolveAuth function within the Webhook...

7.5CVSS5.4AI score0.00399EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

WordPress plugin Content Visibility for Divi Builder 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS5.8AI score0.00682EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

Graph Explorer 安全漏洞

Graph Explorer is an interactive web application for visual exploration of graph databases, open-sourced by Amazon Web Services. Previous versions of Graph Explorer, such as 3.0.1, contained security vulnerabilities. These vulnerabilities stemmed from the proxy server falling back to HTTP when th...

8.2CVSS5.5AI score0.00101EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Dräger CC-Vision Basic和Dräger CC-Vision E-Cal 缓冲区错误漏洞

Dräger CC-Vision Basic and Dräger CC-Vision E-Cal are products of the German company Dräger. Dräger CC-Vision Basic is a portable gas detector with configuration and maintenance software. Dräger CC-Vision E-Cal is a gas detection device with electronic calibration and configuration management...

8.3CVSS5.8AI score0.00122EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

DesDev DedeCMS SQL注入漏洞

DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation. It is built using PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Version 5.7.88 of DesDev DedeCMS contains a SQL injection...

7.5CVSS5.6AI score0.00308EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Dräger Perseus A500 安全漏洞

The Dräger Perseus A500 is a high-end anesthesia workstation developed by the German company Dräger. There are security vulnerabilities in the Dräger Perseus A500 between versions 2.00 and 2.02. These vulnerabilities stem from improper input processing, which could allow external attackers to sen...

6.3CVSS5.4AI score0.00236EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

OpenClaude 安全漏洞

OpenClaude is an open-source coding assistant CLI developed by Gitlawb, which supports multiple backends. Prior to version 0.5.1, OpenClaude had a security vulnerability. This vulnerability stemmed from the dangerouslyDisableSandbox parameter being exposed in the BashTool input mode, and the...

9.8CVSS5.6AI score0.00544EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

OpenClaude 安全漏洞

OpenClaude is an open-source coding assistant CLI developed by Gitlawb. Versions of OpenClaude prior to 0.5.1 contained security vulnerabilities. These vulnerabilities were due to logical flaws in the conditional order logic within the MCP authentication process, allowing attackers to completely...

6.5CVSS5.4AI score0.00219EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

NamelessMC 安全漏洞

NamelessMC is a free, easy-to-use, and powerful website software developed by the NamelessMC team. It’s designed for your Minecraft server and comes with numerous features. Version 2.2.4 of NamelessMC contains a security vulnerability. This vulnerability arises from the fact that the...

6.9CVSS5.3AI score0.00272EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

NamelessMC 安全漏洞

NamelessMC is a free, easy-to-use, and powerful website software developed by the NamelessMC team. It’s suitable for your Minecraft server and comes with numerous features. Version 2.2.4 of NamelessMC has a security vulnerability that arises from not verifying the authorization of viewers before...

5.3CVSS5.4AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

react-router 跨站脚本漏洞

react-router is a declarative routing library for React, open-sourced by Remix. Versions of react-router from 7.5.1 to 7.13.1 have a cross-site scripting vulnerability. This vulnerability stems from improper handling of the HTTP Location header value in framework mode with pre-rendering enabled,...

5.4CVSS5AI score0.00144EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

NamelessMC 安全漏洞

NamelessMC is a free, easy-to-use, and powerful website software developed by the NamelessMC team. It’s suitable for your Minecraft server and comes with numerous features. Version 2.2.4 of NamelessMC has a security vulnerability that stems from the lack of re-enforcing topic-level viewotherstopi...

5.3CVSS5.4AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

goclaw 安全漏洞

Goclaw is an open-source multi-tenant AI smart agent platform developed by Next Level Builder. Versions of GoClaw 3.11.3 and earlier contain security vulnerabilities. These vulnerabilities stem from a flaw in the Team Task Completion Handler component, where the TeamTasksTool.executeComplete...

5.3CVSS5.4AI score0.00206EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

DesDev DedeCMS 安全漏洞

DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation, based on PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Version 5.7.88 of DesDev DedeCMS contains a security vulnerability. Th...

7.5CVSS5.7AI score0.00254EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

Mint 安全漏洞

Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.1.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities stemmed from unlimited resource allocation, which could allow attackers to exhaust the memory of the Mint client on an HTTP/...

8.2CVSS5.4AI score0.00384EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2026.1.19 contained security vulnerabilities, which stemmed from improper access...

5.4CVSS5.3AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

Appsmith 安全漏洞

Appsmith is an open-source platform developed by Appsmith itself, used for building, deploying, and maintaining internal applications. Appsmith has a security vulnerability, which stems from the autocompletion feature of the SQL query editor failing to clean up database object names. This...

6.3CVSS5.6AI score0.00341EPSS
Exploits2References6
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Mint 安全漏洞

Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.1.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the encoderequestline/2 function not verifying the CRLF characters in method parameters, which could lead to HT...

2.1CVSS5.4AI score0.00166EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

OpenTelemetry eBPF Instrumentation 安全漏洞

OpenTelemetry eBPF Instrumentation is an open-source, eBPF-based lightweight telemetry data collection tool developed by OpenTelemetry. Versions of OpenTelemetry eBPF Instrumentation prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the Java TLS ioctl probe usi...

3.8CVSS5.3AI score0.00174EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

OpenTelemetry eBPF Instrumentation 安全漏洞

OpenTelemetry eBPF Instrumentation is an open-source eBPF-based lightweight telemetry data collection tool developed by OpenTelemetry. Versions of OpenTelemetry eBPF Instrumentation prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of a custom...

5.5CVSS5.4AI score0.00161EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

OpenTelemetry eBPF Instrumentation 安全漏洞

OpenTelemetry eBPF Instrumentation is an open-source, eBPF-based lightweight telemetry data collection tool developed by OpenTelemetry. Versions of OpenTelemetry eBPF Instrumentation prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the export of raw Redis erro...

6.5CVSS5.4AI score0.00212EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

NiceGUI 安全漏洞

NiceGUI is an easy-to-use, Python-based UI framework developed under the open source license. Versions of NiceGUI prior to 3.12.0 contained a security vulnerability. This vulnerability stemmed from two FastAPI routes that allowed subpath parameters to be resolved into directories, potentially...

5.3CVSS5.3AI score0.00343EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Klaw 访问控制错误漏洞

Klaw is an open-source operating system tool developed by Aiven Open. Versions of Klaw prior to 2.10.4 contained a vulnerability related to access control, which could lead to password hash leaks due to improper access control practices...

6.9CVSS5.3AI score0.00249EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

WordPress plugin Wallet System for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.1CVSS5.5AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Genetec Security Center 安全漏洞

Genetec Security Center is a unified security platform provided by Genetec Corporation. It connects your security systems, sensors, and data into one interface, simplifying your operations. There is a security vulnerability present in Genetec Security Center, which stems from a specific...

7.8CVSS5.4AI score0.00115EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

NamelessMC 安全漏洞

NamelessMC is a free, easy-to-use, and powerful website software developed by the NamelessMC team. It’s suitable for your Minecraft server and comes with numerous features. Versions of NamelessMC 2.2.4 and earlier have security vulnerabilities. These vulnerabilities stem from unvalidated state...

5.4CVSS5.4AI score0.00114EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Vivotek VIVOTEK FD8136-VVTK 安全漏洞

Vivotek VIVOTEK FD8136-VVTK is a super-miniature fixed dome network camera firmware developed by Vivotek Corporation. The Vivotek VIVOTEK FD8136-VVTK 0300a version contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the motionprivacy.cgi binary file. When t...

6.3CVSS6.4AI score0.00322EPSS
Exploits0References3
Total number of security vulnerabilities195539