Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

Nextcloud Forms 安全漏洞

NextCloud Forms is an open-source, hosted questionnaire and form creation tool developed by NextCloud. There were security vulnerabilities in versions 4.3.0 to 5.2.7 of NextCloud Forms, which stemmed from unauthorized access to respondent files uploaded through affected forms, due to retained...

5.3CVSS5.3AI score0.00269EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

parse-nested-form-data 安全漏洞

parse-nested-form-data is a form data parsing tool developed by Christian Schurr. Versions of parse-nested-form-data prior to 1.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of parseFormData, which did not filter or preserve attribute keys when parsing FormDat...

8.2CVSS5.3AI score0.00315EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

Nextcloud 访问控制错误漏洞

Nextcloud is an open-source, self-hosted communication platform for file synchronization and sharing developed by the German company Nextcloud. Versions of Nextcloud between 32.0.0 and 32.0.9, as well as versions between 33.0.0 and 33.0.3, contained a access control vulnerability. This...

6.5CVSS5.3AI score0.00294EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

OETIKER+PARTNER RRDtool 安全漏洞

OETIKER+PARTNER RRDtool is a time-series data storage and plotting system developed by OETIKER+PARTNER Inc. There is a security vulnerability in OETIKER+PARTNER RRDtool; this vulnerability stems from a stack buffer overflow issue. It could allow local attackers to cause the daemon process to cras...

7.8CVSS6.2AI score0.00132EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

CloudFoundry CF Deployment 安全漏洞

CloudFoundry CF Deployment is a code deployment component of the CloudFoundry Foundation. There is a security vulnerability in CloudFoundry CF Deployment, which stems from a bypass of input validation during SMB volume mounting processes. This vulnerability could allow developers with low...

8.1CVSS5.5AI score0.00239EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. The FlexRIC v2.0.0 version contains a security vulnerability. This vulnerability stems from an authorization bypass in the iApp’s xApp isolation mechanism. The comparison function incorrectly compares xappid with itself...

7.5CVSS5.2AI score0.00454EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability arises from the fact that when the lookup function returns NULL, the assert function during debugging builds triggers a SIGABRT, or in release...

7.5CVSS5.4AI score0.00642EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

CodexBar 安全漏洞

CodexBar is an AI programming service usage monitoring tool developed by Peter Steinberger. Versions of CodexBar prior to 0.32.0 contained security vulnerabilities. These vulnerabilities stemmed from the handling of insecure temporary files during the publication of workflows, which could allow...

7.2CVSS5.3AI score0.00129EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.20 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by the American company Google. There are security vulnerabilities in Google Android, which stem from integer overflows and may lead to local privilege escalation...

8.4CVSS5.9AI score0.01714EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by the American company Google. There are security vulnerabilities in Google Android, which stem from the use of proxies. These vulnerabilities may lead to an increase in local privileges...

7.8CVSS5.3AI score0.00072EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

DaybydayCRM 访问控制错误漏洞

DaybydayCRM is a daily customer relationship management system developed by Casper Bottelet as an individual project. Versions of DaybydayCRM prior to 2.2.1 contained an access control vulnerability. This vulnerability stemmed from an unknown feature of the Setting Handler component, which lacked...

6.5CVSS6.5AI score0.00295EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

DaybydayCRM 授权问题漏洞

DaybydayCRM is a daily customer relationship management system developed by Casper Bottelet as an individual project. Versions of DaybydayCRM 2.2.1 and earlier contained an authorization vulnerability. This vulnerability stemmed from improper authorization in the view function within the...

5.3CVSS5AI score0.00227EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.15 views

Claw Orchestrator 访问控制错误漏洞

Claw Orchestrator is a multi-agent coding agent runtime platform developed by Guian Fang’s individual developers. Versions of Claw Orchestrator 3.5.5 and earlier contained an access control vulnerability. This vulnerability stemmed from incorrect operations in the function EmbeddedServer within t...

7.5CVSS7.3AI score0.0041EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

MCPilot 代码问题漏洞

MCPilot is a multi-modal interactive assistant developed by Huang Runzhong, which integrates multiple AI models and the MCP protocol. Version 0.1.0 of MCPilot contains code vulnerabilities. These vulnerabilities stem from incorrect handling of the parameter serverBaseUrl in the MCP API Call...

7.5CVSS7.4AI score0.00305EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

WezTerm MCP Server 操作系统命令注入漏洞

WezTerm MCP Server is a terminal control and interaction tool developed by Kentaro Hiraishi. Version 0.1.0 of WezTerm MCP Server contains a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations in the switchpane/writetospecificpane...

6.5CVSS6.5AI score0.01088EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

MCP Google Workspace Server 访问控制错误漏洞

MCP Google Workspace Server is an integrated Gmail and calendar service tool developed by Jean-Christophe Hoelt. There is a security vulnerability in MCP Google Workspace Server, which stems from incorrect operations in the saveToDisk function of the src/tools/gmail.ts file within the MCP Gmail...

6.5CVSS6.4AI score0.00276EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Jenkins Server MCP 代码问题漏洞

Jenkins Server MCP is a model context protocol server developed by Hekmon for individual developers to interact with Jenkins CI/CD servers. Version 0.1.0 of Jenkins Server MCP contains code vulnerabilities. These vulnerabilities stem from incorrect operations in the functions jobPath of the files...

6.5CVSS6.5AI score0.0027EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

launch-editor 命令注入漏洞

Launch-editor is a Vite open-source tool that allows opening an editor from Node.js and navigating to a specified row and column. Versions of Launch-editor prior to 2.9.0 had a command injection vulnerability. This vulnerability stemmed from insufficient cleanup of the file parameter, which could...

8.3CVSS5.8AI score0.00521EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.16 views

Symantec PC Tools Internet Security 安全漏洞

Symantec PC Tools Internet Security is a comprehensive computer security protection software developed by Symantec Corporation. Symantec PC Tools Internet Security has a security vulnerability, which stems from improper access control in the PCTCore64.sys Windows kernel driver. This allows...

7.8CVSS5.3AI score0.00161EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

Sulu 加密问题漏洞

Sulu is a scalable Symfony framework based on PHP, developed by the Austrian company Sulu. Versions prior to Sulu 2.6.23 and 3.0.6 contained a security vulnerability related to encryption. This vulnerability stemmed from the use of weak encryption hash algorithms for generating password reset...

6.9CVSS5.3AI score0.00193EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Nextcloud 访问控制错误漏洞

Nextcloud is an open-source, self-hosted communication platform for file synchronization and sharing developed by the German company Nextcloud. Vulnerabilities existed in versions of Nextcloud prior to 21.1.10, 22.0.11, and 23.0.3 due to access control flaws. These vulnerabilities stemmed from...

3.5CVSS5.3AI score0.00203EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

Team folders 访问控制错误漏洞

Team Folders is an open-source file sharing software developed by Nextcloud. Versions of Team Folders from 17.0.0 to 17.0.15, from 18.0.0 to 18.1.12, from 19.0.0 to 19.1.16, from 20.0.0 to 20.1.11, and from 21.0.0 to 21.0.4 contain an access control vulnerability. This vulnerability stems from a...

4.3CVSS5.3AI score0.00229EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.26 views

End-to-End Encryption App 安全漏洞

End-to-End Encryption App is an open-source end-to-end encryption client implementation by Nextcloud. Vulnerabilities exist in versions of End-to-End Encryption App between 1.15.0 and 1.15.4, 1.16.0 and 1.16.3, 1.17.0 and 1.17.1, and 1.18.0 and 1.18.1. These vulnerabilities stem from improper...

3.5CVSS5.3AI score0.00203EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.14 views

Nextcloud Collectives 访问控制错误漏洞

NextCloud Collectives is an open-source collaboration and knowledge management tool developed by NextCloud. In versions 2.6.0 to 4.3.0 of NextCloud Collectives, there was a security vulnerability related to access control. This vulnerability stemmed from a lack of permission checks, which could...

2.6CVSS5.3AI score0.00189EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

go-billy 安全漏洞

Go-Billy is an open-source file system abstraction library developed by go-git. Versions of Go-Billy prior to 5.9.0 and 6.0.0-alpha.1 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of specially crafted or malformed inputs by multiple components, which cou...

6.5CVSS5.3AI score0.00295EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Cline 安全漏洞

Cline is an AI programming assistant that serves as an integrated CLI and editor for necboy’s personal developers. Cline versions 2.13.0 and earlier contained security vulnerabilities, which were caused by cross-source WebSocket hijacking. These vulnerabilities could allow attackers to hijack...

9.6CVSS5.3AI score0.0018EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

WordPress plugin GiveWP 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5AI score0.00203EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

WordPress plugin WP Document Revisions 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

7.5CVSS5.4AI score0.00232EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

WordPress plugin Hydra Booking 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.3CVSS5.5AI score0.00178EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

WordPress plugin myCred 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

WordPress plugin Advanced Access Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

7.5CVSS5.5AI score0.00394EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

WordPress plugin GeoDirectory 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.5CVSS5.5AI score0.00196EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.8 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability stems from reachable assert0 calls within the stub message processor, which could allow remote unauthenticated attackers to send E2AP message...

7.5CVSS5.4AI score0.00415EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability stems from a mismatch in cross-layer verifications: the E42 layer accepts an empty ricEventTriggerDefinition field, while the E2AP encoder asser...

7.5CVSS5.4AI score0.00415EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability stems from the iApp message distributor using assert for validation of the allowlist, which may allow remote unauthenticated attackers to send...

7.5CVSS5.4AI score0.00437EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.14 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability arises from the use of hardcoded assertions to verify the count of information elements in E2AP messages, rather than using the protocol-specifi...

7.5CVSS5.4AI score0.00428EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

OpenSC 安全漏洞

OpenSC is an open-source smart card tool and middleware developed by OpenSC. Versions of OpenSC prior to 0.26.1 contain security vulnerabilities. These vulnerabilities stem from a mistake in the function testkpgencertwrite in the Key Generation Module component of the pkcs11-tool. This mistake ma...

5.1CVSS5.9AI score0.00296EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

AEM MCP Server 代码问题漏洞

The AEM MCP Server is a model context protocol server developed by Indrasishbanerjee, designed for content, components, and asset management. The AEM MCP Server has a code vulnerability that stems from incorrect handling of the parameter assetPath in the getAssetMetadata function within the Axios...

6.5CVSS6.5AI score0.00209EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

php-censor 操作系统命令注入漏洞

php-censor is a continuous integration server for the open-source PHP project PHP Censor. Versions of php-censor 2.1.6 and earlier contain an operating system command injection vulnerability. This vulnerability stems from incorrect handling of the commitId parameter in the file...

7.5CVSS7.4AI score0.01367EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.15 views

Student-Management-System 安全漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. There is a security vulnerability in Student-Management-System, which stems from incorrect operations with the parameter uid in the admin/ file within the Admin Endpoint component. This...

7.5CVSS6.6AI score0.00299EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

Student-Management-System 授权问题漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. There is a vulnerability in the Student-Management-System’s authorization mechanism; this issue stems from incorrect handling of the parameter “sid” in the file admin/deleteform.php, which ma...

6.9CVSS6.4AI score0.00307EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

D-Link DI-7001 MINI 安全漏洞

The D-Link DI-7001 MINI is a multi-functional smart gateway from D-Link Corporation. The D-Link DI-7001 MINI, versions prior to 19.09.19A1, have a security vulnerability. This vulnerability stems from the improper handling of the parameter “Time” in the function “sprintf” of the API component’s...

9CVSS8.4AI score0.00687EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

9Router 授权问题漏洞

9Router is an intelligent routing and authorization AI model proxy tool developed by decolua’s individual developers. Versions of 9Router prior to 0.4.0 contained an authorization vulnerability. This vulnerability stemmed from incorrect handling of the Host parameter in the function isAuthenticat...

6.5CVSS6.4AI score0.00276EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

Janet 输入验证错误漏洞

Janet is a functional and imperative programming language and bytecode interpreter developed by Janet Language. Versions of Janet prior to 1.41.0 had a vulnerability related to input validation errors. This vulnerability stemmed from incorrect operations in the function unmarshalonefiber found in...

4.8CVSS4.6AI score0.0012EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

Tychon 安全漏洞

Tychon is a terminal security analysis and management platform developed by the American company Tychon. There is a security vulnerability in Tychon, which stems from the OPENSSLDIR variable in the OpenSSL component potentially being controlled by non-privileged users. This vulnerability could...

7.4CVSS5.9AI score0.00254EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

Disig Web Signer 安全漏洞

Disig Web Signer is an electronic signature middleware platform developed by the Slovak company Disig. Versions 2.0.3 to 2.5.3 of Disig Web Signer contain security vulnerabilities, which stem from critical remote code execution vulnerabilities...

9.4CVSS6.2AI score0.0072EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.14 views

WordPress plugin Gravity Forms 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.6CVSS5.4AI score0.005EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

WordPress plugin LearnPress 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

WordPress plugin VikBooking Hotel Booking Engine & PMS 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.1CVSS5AI score0.00142EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.8 views

WordPress plugin wpForo Forum 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.1CVSS5.4AI score0.00291EPSS
Exploits0References1
Total number of security vulnerabilities195539