Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/06/01 12:0 a.m.22 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow. The...

3.1CVSS5.3AI score0.00459EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow, whic...

7.2CVSS5.3AI score0.00649EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

SOPlanning 代码问题漏洞

SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier had code vulnerabilities. These vulnerabilities stemmed from an unvalidated validation of file extensions during upload. This allowed authenticated attackers to uploa...

6.4CVSS5.4AI score0.0031EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

SOPlanning 跨站请求伪造漏洞

SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier had a cross-site request forgeing vulnerability. This vulnerability stemmed from the susceptibility of the create, modify, and delete endpoints of groupesave to...

5.1CVSS5.2AI score0.00182EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

SOPlanning 路径遍历漏洞

SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the backup endpoints being susceptible to path traversal attacks, allowing authenticated...

6.4CVSS5.5AI score0.00447EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

SOPlanning 跨站脚本漏洞

SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the taches parameter, which was vulnerable to reflection-type cross-site scripting attacks...

5.1CVSS5.4AI score0.00404EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

SOPlanning 安全漏洞

SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization for the backup function, which could allow unauthorized attackers to...

8.8CVSS5.3AI score0.00273EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Fsas ServerView Agents 安全漏洞

Fsas ServerView Agents is a server monitoring and management software developed by the Japanese company Fsas. Fsas ServerView Agents for Windows versions 11.60.04 and earlier contain security vulnerabilities. These vulnerabilities stem from improper allocation of permissions for critical resource...

8.5CVSS7.4AI score0.00097EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

Code-Projects Smart Parking System 访问控制错误漏洞

Code-Projects Smart Parking System is an open-source intelligent parking system developed by Code-Projects. Version 1.0 of the Code-Projects Smart Parking System contains a vulnerability related to access control. This vulnerability stems from the lack of authentication in the Admin Endpoint...

7.5CVSS7.4AI score0.00629EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

Clair 代码问题漏洞

Clair is a project open source by QUAY. It is used for static analysis of vulnerabilities in application containers currently including OCI and Docker. Clair has code-related vulnerabilities. These vulnerabilities arise from the fetcher component, which allows unauthenticated attackers to perform...

5.8CVSS5.3AI score0.00292EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.16 views

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contain code vulnerabilities. These vulnerabilities stem from a server-side request forgeing vulnerability in the...

6.5CVSS6.6AI score0.0027EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.2 and earlier have code vulnerabilities related to the WordUtil.addImage function in the /airag/word/edit file. These vulnerabilities may lead to server-side...

6.5CVSS6.5AI score0.0027EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.2 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations with the parameter baseUrl in the /airag/airagModel/test file, which...

6.5CVSS6.6AI score0.0027EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

SourceCodester Water Billing Management System SQL注入漏洞

The SourceCodester Water Billing Management System is an open-source water billing management system developed by SourceCodester. Version 1.0 of the SourceCodester Water Billing Management System contains a SQL injection vulnerability. This vulnerability stems from incorrect parameter handling in...

5.8CVSS5.2AI score0.00262EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

SourceCodester Water Billing Management System 授权问题漏洞

The SourceCodester Water Billing Management System is an open-source water billing management system developed by SourceCodester. Version 1.0 of the SourceCodester Water Billing Management System has a vulnerability related to authorization issues. This vulnerability stems from a problem with the...

7.5CVSS7.3AI score0.00371EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

Apache Directory LDAP API 安全漏洞

The Apache Directory LDAP API is a LDAP protocol development framework created by the Apache Foundation in the United States. There were security vulnerabilities in the Apache Directory LDAP API between versions 2.0.0 and 2.1.7. These vulnerabilities stemmed from incomplete TLS server...

8.8CVSS5.3AI score0.00182EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

Assimp 安全漏洞

Assimp is an open-source library developed by Assimp. It is used for importing and exporting various 3D model formats. Versions of Assimp 6.0.4 and earlier contained security vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter num.total in the...

5.3CVSS5.9AI score0.00124EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.14 views

Assimp 安全漏洞

Assimp is an open-source library developed by Assimp. It is used for importing and exporting various 3D model formats. Versions of Assimp 6.0.4 and earlier contained security vulnerabilities. These vulnerabilities stemmed from issues with the Assimp::MDL::HalfLife::HL1MDLLoader::readanimations...

5.3CVSS5.9AI score0.00127EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Assimp 安全漏洞

Assimp is an open-source library developed by Assimp. It is used for importing and exporting various 3D model formats. Versions of Assimp 6.0.4 and earlier contain security vulnerabilities, which stem from issues with the HL1MDLLoader::readmeshes function in the HL1MDLLoader.cpp file. These...

5.3CVSS5.9AI score0.00125EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

student_management_system_by_php 代码注入漏洞

studentmanagementsystembyphp is a student information management tool developed by Raisul Islam, based on PHP. studentmanagementsystembyphp has a code injection vulnerability, which stems from incorrect handling of the parameter “Message” by an unknown function in the admissionformcheck.php file...

5.1CVSS4.6AI score0.00199EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

student_management_system_by_php SQL注入漏洞

studentmanagementsystembyphp is a student information management tool developed by Raisul Islam, based on PHP. studentmanagementsystembyphp has a SQL injection vulnerability, which stems from the incorrect handling of the 'role' parameter in the User Creation Handler component of the...

7.5CVSS7.5AI score0.00263EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

student_management_system_by_php SQL注入漏洞

studentmanagementsystembyphp is a student information management tool developed by Raisul Islam, based on PHP. studentmanagementsystembyphp has a SQL injection vulnerability. This vulnerability arises from incorrect operations with parameters such as userid, courseid, teacherid, and studentid in...

7.5CVSS7.5AI score0.00263EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.14 views

student_management_system_by_php SQL注入漏洞

studentmanagementsystembyphp is a student information management tool developed by Raisul Islam, based on PHP. studentmanagementsystembyphp has a SQL injection vulnerability, which stems from the incorrect handling of the Username parameter in the Login component of the logincheck.php file,...

7.5CVSS7.5AI score0.00263EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.30 contained a security vulnerability, which was caused by a problem with the scanmemorycontent function in the tools/memorytool.py file. This vulnerability...

6.5CVSS6.4AI score0.00228EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.14 views

No-CMS SQL注入漏洞

No-CMS is a customizable content management framework developed by Go Frendi Gunawan. Version 1.0 of No-CMS has a SQL injection vulnerability. This vulnerability stems from the orderby parameter in the manageprivilege endpoint, which allows for SQL injection attacks. This could enable authenticat...

7.1CVSS5.7AI score0.00273EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

ArmCode Arm Whois 安全漏洞

ArmCode Arm Whois is a web information query tool developed by ArmCode Corporation. Version 3.11 of ArmCode Arm Whois contains a security vulnerability. This vulnerability stems from a buffer overflow, which may allow local attackers to execute arbitrary code by overriding structured exception...

8.6CVSS6.2AI score0.00162EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Paroiciel SQL注入漏洞

Paroiciel is an parish management information system developed by the French company Paroiciel. Version 11.20 of Paroiciel contains a SQL injection vulnerability. This vulnerability stems from the zProIdPro parameter, which allows for SQL injections. This could enable authenticated attackers to...

7.1CVSS6.1AI score0.00273EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

Paroiciel SQL注入漏洞

Paroiciel is an parish management information system developed by the French company Paroiciel. Version 11.20 of Paroiciel contains a SQL injection vulnerability. This vulnerability stems from the tRecIdListe parameter, which allows for SQL injections. This could enable unauthenticated attackers ...

8.8CVSS6.1AI score0.00341EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

GnuTLS 信息泄露漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. There is a security vulnerability in gnutls, which stems from the fact that the PKCS7 padding check does not occur at a constant time during decryptio...

3.7CVSS5.9AI score0.00379EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.14 views

nanobot 代码问题漏洞

Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.2.1 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing issues in the Microsoft Teams channel processing program. This could allow...

7CVSS5.5AI score0.00382EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

banana-slides 路径遍历漏洞

banana-slides is an AI-based PPT generation application developed by Anion. Versions of banana-slides 0.4.0 and earlier have a path traversal vulnerability. This vulnerability stems from a path traversal issue in the AI service’s backend function, generateimage. Due to the use of os.path.startswi...

8.7CVSS5.3AI score0.00417EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. The FlexRIC v2.0.0 version contains a security vulnerability. This vulnerability arises from the fact that a single SCTP connection can be bound to multiple xappids, but only the first registered resource is cleaned up wh...

8.2CVSS5.4AI score0.00345EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Kiteworks 跨站脚本漏洞

Kiteworks is a security private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.3.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from reflective cross-site scripting, which could allow external attackers...

8.2CVSS5.2AI score0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

SourceCodester SEO Meta Tag Extractor 代码问题漏洞

SourceCodester SEO Meta Tag Extractor is an open-source SEO meta tag extractor developed by SourceCodester. Version 1.0 of SourceCodester SEO Meta Tag Extractor has a code vulnerability. This vulnerability stems from incorrect parameter handling in the getheaders function within the file/index.ph...

7.5CVSS7.4AI score0.00294EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

Project Management 授权问题漏洞

Project Management is an open-source project management tool developed by DEVASLAN and released under the PHP open-source license. Versions of Project Management 2.0.0-beta1 and earlier had an authorization issue vulnerability. This vulnerability stems from an improper authorization in the...

5.5CVSS5.7AI score0.0023EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

Project Management 授权问题漏洞

Project Management is an open-source project management tool developed by DEVASLAN and released under the PHP open-source license. Versions of Project Management 2.0.0-beta1 and earlier contained vulnerabilities related to authorization. These vulnerabilities stemmed from improper authorization i...

5.5CVSS5.8AI score0.0023EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

IBM WebSphere Application Server(WAS) 代码注入漏洞

IBM WebSphere Application Server is an enterprise-level Java application server, primarily used for deploying and running Java enterprise applications. IBM WebSphere Application Server has a security control bypass vulnerability. This vulnerability stems from the improper implementation of securi...

9CVSS6AI score0.00508EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

aiter 代码问题漏洞

aiter is a high-performance AI operator library open source by AMD ROCm™ Software, providing optimized GPU cores for inference and training. Versions of aiter prior to 0.1.14 contain code vulnerabilities. These vulnerabilities stem from unauthenticated remote code execution in the MessageQueue.re...

9.8CVSS6.7AI score0.01104EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.23 views

Nextcloud Server 安全漏洞

NextCloud Server is an open-source NextCloud server program developed by NextCloud. There were security vulnerabilities in versions 32.0.0 to 32.0.9 and 33.0.0 to 33.0.3 of NextCloud Server. These vulnerabilities stemmed from improper authorization control in the calendar backend, allowing...

8.1CVSS5.3AI score0.00284EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Nextcloud user_oidc 输入验证错误漏洞

Nextcloud useroidc is an application developed by the German company Nextcloud. In versions 6.1.0 to 8.2.2, there was a vulnerability related to input validation errors. This vulnerability stemmed from improper redirection handling, which could allow attackers to create links that redirect users ...

6.1CVSS5.3AI score0.00232EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Nextcloud 授权问题漏洞

Nextcloud is an open-source, self-hosted communication platform for file synchronization and sharing developed by the German company Nextcloud. Versions of Nextcloud prior to 2.7.2 contained an authorization vulnerability. This vulnerability stemmed from permission escalation, which could...

6.5CVSS5.2AI score0.00358EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

F5-TTS 路径遍历漏洞

F5-TTS is a voice synthesis tool based on stream matching, developed by Yushen CHEN. Versions of F5-TTS prior to 1.1.20 contained a path traversal vulnerability. This vulnerability stemmed from path traversal within theGradio processing program, allowing unauthenticated attackers to write arbitra...

8.8CVSS5.5AI score0.00393EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

VMware Spring Cloud Function 安全漏洞

VMware Spring Cloud Function is a Java functional application development framework provided by the American company VMware. There is a security vulnerability in VMware Spring Cloud Function, which stems from infinite recursion at the routing layer, potentially leading to a memory insufficiency...

6.5CVSS5.3AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

openairinterface5G 安全漏洞

openairinterface5G is an open-source implementation of the OAI project, focusing on the research, development, and testing of 5G NR New Radio core networks and access networks. Version 2.4.0 of openairinterface5G contains a security vulnerability. This vulnerability stems from the E2SM-KPM RAN...

8.6CVSS5.3AI score0.00393EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability stems from a failure in ASN.1 PER decoding, resulting in a reachable assertion in e2apcreatepdu. This could allow unauthorized remote attackers ...

7.5CVSS5.4AI score0.00624EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability arises from handling RICINDICATION messages that do not contain the ranfuncid field, causing an assert to be triggered or null pointer...

7.5CVSS5.3AI score0.00642EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability stems from the assertion in the e2aprecvsctpmsg function, where assertrc len is used. This could allow unauthorized remote attackers to send SCT...

7.5CVSS5.4AI score0.00642EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.16 views

MediaTek Chipsets 安全漏洞

MediaTek Chipsets are a series of chips developed by MediaTek Corporation in China. The MediaTek Chipsets contain security vulnerabilities. These vulnerabilities stem from competitive conditions in the geniezone mechanism, which lead to unauthorized writing operations. This can result in an...

6.4CVSS5.3AI score0.00078EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.14 views

Cloud Foundry Foundation 安全漏洞

Cloud Foundry Foundation is an open-source platform as a service PaaS offered by the Cloud Foundry Foundation. There is a security vulnerability in Cloud Foundry Foundation’s cf-auth-proxy component. This vulnerability stems from authentication bypassing, allowing unauthenticated remote attackers...

7.5CVSS5.4AI score0.00393EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.14 views

WordPress plugin WP AutoSuggest SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS6.2AI score0.00341EPSS
Exploits0References4
Total number of security vulnerabilities195539