Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

WordPress plugin StatCounter 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00305EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

TRENDnet TEW-432BRP 安全漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by TRENDnet Corporation. Version 3.10B20 of TRENDnet TEW-432BRP contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the parameter peerPin within the goform/formWPS file, which could allow remote...

9CVSS7.6AI score0.00853EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Indian Motorcycle Scout Bobber + Tech 安全漏洞

The Indian Motorcycle Scout Bobber + Tech is a mid-level cruiser motorcycle produced by the Japanese company Indian Motorcycle. The Scout Bobber + Tech 2025 has a security vulnerability caused by weak authentication in the Wireless Control Module. This vulnerability could allow neighboring networ...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

JetBrains TeamCity 输入验证错误漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Prior to JetBrains TeamCity 2026.1, there was a...

6.1CVSS5.9AI score0.00164EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

JetBrains TeamCity 跨站脚本漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1.1...

8.2CVSS5.7AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.15 views

Red Hat assisted-service 安全漏洞

Red Hat Assisted-Service is a backend service component provided by Red Hat Inc. in the United States, which offers REST APIs. It primarily serves the OpenShift ecosystem. There is a security vulnerability in Red Hat Assisted-Service. This vulnerability arises from writing the original key conten...

6.3CVSS5.8AI score0.00182EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

FreeScout 授权问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.221 contained an authorization vulnerability. This vulnerability stemmed from a lack of email membership checks in the...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

FastGPT 代码问题漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.15.0-beta1 contained code vulnerabilities. These vulnerabilities were caused by server-side request forgery, allowing authenticated attackers to...

7.7CVSS6AI score0.00263EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Emlog Pro 安全漏洞

Emlog Pro is an open-source blog system developed by Emlog. Version 2.6.9 of Emlog Pro contains a security vulnerability, which stems from a path traversal vulnerability in the template upload function. This vulnerability allows authenticated administrators to execute arbitrary PHP code. By...

7.2CVSS6.1AI score0.00782EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.15 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from a range-bypass vulnerability in the Gateway chat.send route, allowing clients with restricted ranges to...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

mall 授权问题漏洞

Mall is a set of e-commerce systems developed by Macro Personal Developers, including a front-end shopping mall system and a back-end management system. Versions of Mall 1.0.3 and earlier had authorization-related vulnerabilities. These vulnerabilities stemmed from improper authorization in the...

5.8CVSS5.9AI score0.00218EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

Mautic 安全漏洞

Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Mautic has a security vulnerability that stems from insufficient URL validation provided by users. This vulnerability may allow...

6.4CVSS5.8AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

WordPress plugin Frontend Admin by DynamiApps SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.9CVSS5.8AI score0.00288EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained a security vulnerability. This vulnerability stemmed from the CreateOrderFromCartAction::execute function, which created order lines before checking and increasing the...

5.9CVSS5.8AI score0.00239EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Acer Wave 7 router 安全漏洞

The Acer Wave 7 router is a three-band wireless router from Acer, a company based in Taiwan, China. The Acer Wave 7 router has a security vulnerability. This vulnerability allows attackers to decrypt, modify, and re-encrypt system backups, enabling persistent backdoors attacks...

10CVSS5.8AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

JetBrains TeamCity 代码问题漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1 an...

7.5CVSS5.9AI score0.00287EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

TRENDnet TEW-432BRP 安全漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by the TRENDnet company. Version 3.10B20 of TRENDnet TEW-432BRP has a security vulnerability. This vulnerability stems from command injection in the file/goform/formSetRoute, where parameters such as ip, mask, and gateway can be used to...

6.5CVSS6.7AI score0.0501EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Shibby Tomato 安全漏洞

Shibby Tomato is a third-party router firmware developed by Shibby’s individual developers. Version 1.28 of Shibby Tomato contains a security vulnerability. This vulnerability stems from the send function in the us/sbin/miniupnpd file within the SUBSCRIBE Call Handler component, which involves...

7.5CVSS7.2AI score0.00278EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

WordPress plugin WP Travel Pro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.1CVSS5.8AI score0.00258EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Suprema BioStar 安全漏洞

Suprema BioStar is a web-based, open-integrated security platform developed by the South Korean company Suprema. It offers comprehensive features for access control, attendance management, visitor management, and video log maintenance. Versions 2.9.8, 2.9.10, and 2.9.11 of Suprema BioStar contain...

8.7CVSS5.8AI score0.00351EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

PHPagebuilder 安全漏洞

PHPagebuilder is a drag-and-drop page building tool developed by Hans Schouten. It is used to quickly create and manage websites. Version PHPagebuilder v0.31.0 contains a security vulnerability. This vulnerability stems from an unlimited file upload vulnerability in the pagmanager/pagebuilder...

7.3CVSS5.9AI score0.00472EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Indian Motorcycle Scout Bobber + Tech 安全漏洞

The Indian Motorcycle Scout Bobber + Tech is a mid-level cruiser motorcycle produced by the Japanese company Indian Motorcycle. The Scout Bobber + Tech 2025 has a security vulnerability caused by weak authentication between the Wireless Control Module and the Engine Control Module. This...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Extreme Networks Extreme Platform ONE IAM Gateway 安全漏洞

The Extreme Networks Extreme Platform ONE IAM Gateway is a network identity and access management gateway provided by Extreme Networks, Inc. There is a security vulnerability present in the Extreme Networks Extreme Platform ONE IAM Gateway, which stems from a race condition in the API key...

6.3CVSS5.8AI score0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.15 views

TRENDnet TEW-432BRP 安全漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by TRENDnet Corporation. Version 3.10B20 of TRENDnet TEW-432BRP contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the file/goform/formSetPortTr, which could allow a remote attacker to execute an...

6.5CVSS6.9AI score0.00399EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

liboqs 缓冲区错误漏洞

Liboqs is an open-source project under Open Quantum Safe, which is an open-source C library for quantum secure encryption algorithms. Versions of Liboqs prior to 0.16.0 contained a buffer error vulnerability. This vulnerability stems from the XMSS and XMSS^MT state signature verification code. Wh...

5.3CVSS6AI score0.00305EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

JetBrains TeamCity 跨站脚本漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1 an...

6.1CVSS5.7AI score0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the management tables for PaymentMethods, Currencies, and Carriers rendering inline switching options and...

6.5CVSS5.8AI score0.00221EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

SillyTavern 跨站脚本漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 had a cross-site scripting vulnerability. This vulnerability occurred when the fetchurl function was called, causing the code to send error responses containing a URL value...

6.9CVSS5.7AI score0.00323EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

arcane 安全漏洞

Arcan is an open-source Docker management software developed by Arcane. Versions of Arcan prior to 1.19.0 contained security vulnerabilities. These vulnerabilities stemmed from multiple endpoints in the Huma-based REST API that did not call the checkAdmin helper function. Additionally, the...

9.9CVSS5.8AI score0.00387EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.12 contained security vulnerabilities. These vulnerabilities stemmed from a permission escalation flaw in Slack plugin approval processes, allowing authorized users with exec...

4.3CVSS5.8AI score0.00173EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

MCP Security 代码问题漏洞

MCP Security is a security tool developed by the Spring AI Community as an open-source project, designed to provide OAuth 2.0 authorization support for the Spring AI’s MCP protocol. Versions of MCP Security prior to 0.1.9 contained code-related vulnerabilities. These vulnerabilities stemmed from...

7.2CVSS5.8AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

FreePBX 安全漏洞

FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI graphical web-based interface. Versions of FreePBX prior to 16.0.22 and 17.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the getcontent AJAX...

8.8CVSS5.8AI score0.00272EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.14 views

FreePBX SQL注入漏洞

FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI web-based graphical interface. Versions of FreePBX prior to 16.0.50 and 17.0.11 contained a SQL injection vulnerability. This vulnerability stemmed from the CDR Reports...

8.8CVSS5.9AI score0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Mautic 安全漏洞

Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Version 7 of Mautic has a security vulnerability, which stems from a stored-xss attack within the project components. This...

7.6CVSS5.8AI score0.00164EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Suprema BioStar 安全漏洞

Suprema BioStar is a web-based, open-integrated security platform developed by the South Korean company Suprema. It offers comprehensive features for access control, attendance management, visitor management, and video log maintenance. There were security vulnerabilities in the versions of Suprem...

10CVSS5.8AI score0.00341EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

n8n-MCP 访问控制错误漏洞

n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. Versions of n8n-MCP prior to 2.51.2 contained an access control vulnerability. This vulnerability arises when multi-tenant mode is enabled, and headers are omitted or only partially provided duri...

8.1CVSS5.9AI score0.00235EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Sitejo HaPe PKH 代码问题漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains a code vulnerability caused by a bypass of file type validation. This vulnerability could allow authenticated attackers to upload malicious files a...

8.8CVSS6.1AI score0.00519EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Microsoft Office SharePoint Operating System Command Injection Vulnerability

Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a vulnerability related to operating system command injection. This vulnerability stems from deserialized untrusted data, which...

8CVSS6AI score0.00638EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Indian Motorcycle Scout Bobber + Tech 安全漏洞

The Indian Motorcycle Scout Bobber + Tech is a mid-level cruiser motorcycle produced by the Japanese Indian Motorcycle company. The 2025 version of the Indian Motorcycle Scout Bobber + Tech has security vulnerabilities. These vulnerabilities stem from an error in the behavior sequence of the...

2.4CVSS5.8AI score0.00143EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Red Hat OpenShift 代码问题漏洞

Red Hat OpenShift is a Platform as a Service PaaS cloud computing platform provided by Red Hat Inc. It supports the construction, testing, deployment, and running of applications. There is a code vulnerability in Red Hat OpenShift. This vulnerability arises from users with write permissions for...

7.7CVSS5.8AI score0.00226EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Indian Motorcycle Scout Bobber + Tech 安全漏洞

The Indian Motorcycle Scout Bobber + Tech is a mid-level cruiser motorcycle produced by the Japanese company Indian Motorcycle. The Scout Bobber + Tech has a security vulnerability, which stems from an error in the behavior displayed on the Infotainment/Digital Round display. This error may allow...

2.4CVSS5.8AI score0.00143EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Red Hat Quay 代码问题漏洞

Red Hat Quay is a container image repository platform operated by the American company Red Hat. Red Hat Quay has code-related vulnerabilities; these vulnerabilities stem from the LDAP and SMTP authentication functions of the config-tool, which do not filter IP or host addresses. This may allow...

4.1CVSS5.8AI score0.00186EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a browser-based error tracking and project management software developed by Czech company JetBrains. This software features error tracking, the ability to create workflows, and monitoring of project progress. Versions of JetBrains YouTrack prior to 2026.1.13570 contained...

6.5CVSS5.8AI score0.00213EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.16 views

PHP-SHOP 跨站请求伪造漏洞

PHP-SHOP is an online shopping system developed by joeyrush, based on PHP. Version 1.0 of PHP-SHOP has a cross-site request forgeing vulnerability. This vulnerability stems from the lack of verification of the request source, which may allow unauthenticated attackers to add administrative users...

6.9CVSS5.7AI score0.00162EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Heatmiser Wifi Thermostat 安全漏洞

The Heatmiser Wifi Thermostat is a smart temperature control device from the British company Heatmiser, capable of wireless connection and remote control. Version 1.7 of the Heatmiser Wifi Thermostat contains a security vulnerability. This vulnerability stems from accessing the networkSetup.htm...

8.7CVSS5.8AI score0.00313EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 TX and RX Hosts 7.9.1.0 R2502171040 version contains an operating system command injection vulnerability. This...

9.8CVSS6.1AI score0.0138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

SourceCodester Doctor Appointment System 安全漏洞

SourceCodester Doctor Appointment System is an open-source application developed by SourceCodester. It provides a scheduling feature. Version 1.0 of the SourceCodester Doctor Appointment System contains a security vulnerability. This vulnerability stems from the improper handling of user inputs...

6.1CVSS5.6AI score0.00155EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

KMW CCTV Security Cameras 安全漏洞

KMW CCTV Security Cameras are a series of video surveillance cameras produced by the Romanian company KMW. KMW CCTV Security Cameras have security vulnerabilities, which stem from unauthenticated password resets. This could allow attackers to remotely reset administrator passwords and gain full...

9.1CVSS5.8AI score0.00624EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

HAX 安全漏洞

HAX is an open-source microsite managed using HAX+CMS with a PHP backend. Versions of HAX 26.0.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the /system/api/saveNode endpoint, which had a storage-oriented cross-site scripting vulnerability. Users with edit...

8.7CVSS5.7AI score0.00228EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Waterfall WF-500 缓冲区错误漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. In the version 7.10.0.0 R2601141040 of the Waterfall WF-500 RX Host, there is a buffer error vulnerability. This vulnerability stems...

7.8CVSS6.2AI score0.0012EPSS
Exploits0References1
Total number of security vulnerabilities195539