Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

Mautic 安全漏洞

Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Mautic has a security vulnerability, which stems from insufficient recursive cleaning of nested query parameters in the API contac...

7.1CVSS6AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 TX and RX Hosts contains an operating system command injection vulnerability. Thi...

9.8CVSS6.1AI score0.0138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1...

4.3CVSS5.9AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

TP-Link TL-SG108PE 安全漏洞

The TP-Link TL-SG108PE is an 8-port Gigabit Ethernet intelligent managed PoE switch from TP-Link Corporation. The TP-Link TL-SG108PE v5 has a security vulnerability, which stems from improper cleaning of SYSNAM configuration parameters during the file configuration import process in the web...

5.3CVSS5.6AI score0.00239EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a browser-based error tracking and project management software developed by Czech company JetBrains. This software features error tracking, the ability to create workflows, and monitoring of project progress. Versions of JetBrains YouTrack prior to 2026.1.13570 contained...

6.5CVSS5.8AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the Livewire component in the product editor, which lacked authorization for the store method. Any...

6.5CVSS5.8AI score0.00221EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.29 contained security vulnerabilities. These vulnerabilities stemmed from SSRF policy bypasses in browser debugging and route exports, allowing for the reuse of already opened...

6.5CVSS5.8AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

arcane 跨站脚本漏洞

Arcan is an open-source Docker management software developed by Arcane. Versions of Arcan prior to 1.19.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the unvalidated GET /api/app-images/logo endpoint, which directly replaced user-provided color parameters into...

8.2CVSS5.6AI score0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Mermaid 安全漏洞

Mermaid is an open-source application developed by mermaid-js. It uses text and code to create charts and visualizations. Versions of Mermaid prior to 10.9.6 and 11.15.0 have security vulnerabilities. These vulnerabilities arise from the use of the excludes property when rendering Gantt charts; i...

5.3CVSS5.9AI score0.00384EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain security vulnerabilities. These vulnerabilities stem from storing user-input category descriptions as raw HTML during Gallery view rendering. This allows...

5.4CVSS5.7AI score0.00162EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain security vulnerabilities. These vulnerabilities allow unauthorized remote attackers to read arbitrary image files on a disk that can be accessed by PHP...

6.9CVSS5.9AI score0.00455EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Mautic 安全漏洞

Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Version 7 of Mautic has a security vulnerability, which stems from path traversal in the activity import function. This...

9.9CVSS6.3AI score0.00583EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

Spatie Laravel Media Library Pro 代码问题漏洞

Spatie Laravel Media Library Pro is a UI component for Laravel media libraries developed by the Belgian company Spatie. Versions of Spatie Laravel Media Library Pro prior to 11.23.0 had code vulnerabilities. These vulnerabilities stemmed from the addMediaFromUrl method in InteractsWithMedia.php,...

7.4CVSS6AI score0.00248EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Spatie Laravel Media Library Pro 安全漏洞

Spatie Laravel Media Library Pro is a UI component for Laravel media libraries developed by the Belgian company Spatie. Versions of Spatie Laravel Media Library Pro prior to 11.23.0 contained security vulnerabilities. These vulnerabilities were caused by a bypass of file upload restrictions in...

8.8CVSS5.8AI score0.0044EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

NanoMQ 安全漏洞

NanoMQ is an open-source IoT edge platform broker developed by EMQ in the United States. Versions of NanoMQ prior to 0.24.14 contained a security vulnerability. This vulnerability stemmed from the fact that data stored as “nniquicconn” during dialing was read as “exquicconn” when the dialer was...

4.5CVSS5.8AI score0.00096EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

JetBrains IntelliJ IDEA 安全漏洞

JetBrains IntelliJ IDEA is an integrated development environment for the Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to version 2026.1.1 contained a security vulnerability; this vulnerability could allow command execution due to guest user...

8.8CVSS5.9AI score0.00332EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

SillyTavern 安全漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from the/api/search/searxng endpoint, which accepted a baseUrl controlled by an attacker and used it to...

8.5CVSS5.8AI score0.00866EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.29.1 contain security vulnerabilities. These vulnerabilities stem from the destinationPath parameter in the Docker file upload function not being properly cleaned and directly inserted into the shell...

9.9CVSS6.1AI score0.00866EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Dokploy 操作系统命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.29.0 contained a vulnerability related to operating system command injection. This vulnerability arose because the deleteRegistry function executed the docker logout command without proper shell escapin...

8.8CVSS5.8AI score0.00841EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the plugin/AuthorizeNet/processPayment.json.php file, which only increased the logged-in user’s wallet...

7.1CVSS6AI score0.0012EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

form-data-objectizer 安全漏洞

form-data-objectizer is a form data-to-object conversion tool developed by Kasper Stöckel. Versions of form-data-objectizer prior to 1.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of filtering for proto, constructor, or prototype when handling bracket notati...

8.2CVSS5.8AI score0.00282EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

WWBN AVideo 操作系统命令注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained an operating system command injection vulnerability. This vulnerability stemmed from the execAsync command in the YPTSocket notification branch, which constructed...

8.8CVSS5.9AI score0.00318EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

OpenSC 安全漏洞

OpenSC is an open-source smart card tool and middleware developed by OpenSC. Versions of OpenSC prior to 0.27.0-rc1 contained security vulnerabilities. These vulnerabilities stemmed from a stack buffer overflow vulnerability in the pivprocesshistory function found in src/libopensc/card-piv.c. Thi...

3.8CVSS5.9AI score0.00216EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Mautic 安全漏洞

Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Version 7 of Mautic has a security vulnerability, which stems from an API v2 endpoint authorization bypass. This vulnerability cou...

7.1CVSS5.8AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Rizin 资源管理错误漏洞

Rizin is a free, open-source reverse-engineering framework developed by the Rizin organization. It is used for analyzing binary files, disassembling code, debugging programs, as a forensics tool, and as a command-line hexadecimal editor capable of opening disk files. Rizin has a resource manageme...

3.3CVSS5.8AI score0.00101EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

XX-Net 安全漏洞

XX-Net is an open-source network stealth proxy tool developed by XX-Net. Version 5.16.6 of XX-Net contains a security vulnerability. This vulnerability stems from issues with WebSocket frame parsing in the WebSocketreceiveworker routine within simplehttpserver.py, which may lead to corruption of...

5.1CVSS5.8AI score0.00125EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

Roslyn CodeLens MCP Server 安全漏洞

Roslyn CodeLens MCP Server is a Roslyn-based .NET code library tool for deep semantic analysis, developed by Marcel Roozekrans. Versions of Roslyn CodeLens MCP Server from 0.0.9 to 1.17.0 contain security vulnerabilities. These vulnerabilities stem from the getdiagnostics tool, which loads and...

7.8CVSS6.1AI score0.00143EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

Avro 资源管理错误漏洞

Avro is a fast Go Avro decoder developed by hamba. Versions prior to 2.33.0 contained a resource management vulnerability. This vulnerability stemmed from the Avro array and mapping decoders’ tendency to loop through a counter controlled by the attacker without checking the error status of the...

8.7CVSS5.8AI score0.00378EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

FreePBX 信任管理问题漏洞

FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI graphical web-based interface. Versions of FreePBX prior to 15.0.42, 16.0.45, and 17.0.7 contained a trust management vulnerability. This vulnerability stemmed from the...

9.8CVSS5.8AI score0.00425EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from cross-site request forgeing during 2FA switching. The set.json.php file accepts POST requests to set 2...

6.5CVSS5.7AI score0.0011EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Avro 输入验证错误漏洞

Avro is a fast Go Avro decoder developed by hamba. Versions prior to Avro 2.33.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from multiple Avro decoder paths reading 64-bit values controlled by an attacker and truncating or using overflow signed intege...

8.7CVSS5.9AI score0.00397EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

NanoMQ 代码问题漏洞

NanoMQ is an open-source IoT edge platform broker developed by EMQ in the United States. Versions of NanoMQ prior to 0.24.8 have code vulnerabilities. These vulnerabilities stem from the quicstreamrecv function, which cancels references to empty substream pointers when the substream is reopened,...

6.3CVSS5.9AI score0.00227EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.26.6 and earlier contain security vulnerabilities. These vulnerabilities stem from command injection in the /docker-container-logs WebSocket endpoint. The tail and since parameters are concatenated directly into...

9.9CVSS6.1AI score0.00922EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

Dokploy 命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.29.2 and earlier contained a command injection vulnerability. This vulnerability stemmed from the use of JavaScript template literal expressions to construct shell commands, which were executed via...

9.6CVSS6.1AI score0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.21 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from an authorization bypass vulnerability in the QQBot’s native approval button, which failed to enforce th...

8CVSS5.8AI score0.00199EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

FastGPT 安全漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.15.0-beta1 contained a security vulnerability. This vulnerability stemmed from the JavaScript sandbox worker’s use of regular expressions. It test...

6.3CVSS5.9AI score0.00239EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Mermaid 代码注入漏洞

Mermaid is an open-source application software developed by mermaid-js. It uses text and code to create charts and visualizations. Versions of Mermaid prior to 10.9.6 and 11.15.0 contain a code injection vulnerability. This vulnerability stems from the default configuration, which allows CSS to b...

5.3CVSS5.9AI score0.00398EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

OpenSC 安全漏洞

OpenSC is an open-source smart card tool and middleware developed by OpenSC. Versions of OpenSC prior to 0.27.0 contained security vulnerabilities. These vulnerabilities stemmed from a stack and heap buffer overflow vulnerability in the dokeyvalue function located in src/pkcs15init/profile.c. Thi...

3.8CVSS6AI score0.00146EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Shibby Tomato 安全漏洞

Shibby Tomato is a third-party router firmware developed by Shibby’s individual developers. Versions of Shibby Tomato prior to 1.28 contained security vulnerabilities. These vulnerabilities were caused by a stack buffer overflow in the tomatoups.cgi file within the UPS service component, which...

9CVSS7.5AI score0.00438EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Shibby Tomato 安全漏洞

Shibby Tomato is a third-party router firmware developed by Shibby’s individual developers. Version 1.28 of Shibby Tomato contains a security vulnerability. This vulnerability stems from unknown functions in the usr/sbin/miniupnpd file, which may lead to resource consumption and potentially allow...

8.7CVSS7.1AI score0.00438EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the view/update.php script, which read $POSTupdateFile as a relative path under the...

6.9CVSS5.8AI score0.00469EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

JetBrains TeamCity 参数注入漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1...

8.8CVSS6.2AI score0.00411EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

Frontier 访问控制错误漏洞

Frontier is an Ethereum-compatible layer of Substrate. It is used to run unmodified Ethereum Dapps. Frontier X2 has a access control vulnerability that stems from the lack of mandatory pairing authentication or authorization, allowing unauthorized BLE reads and writes of critical GATT features...

8.8CVSS5.9AI score0.0028EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Free MP3 CD Ripper 安全漏洞

Free MP3 CD Ripper is an audio format converter. Version 2.8 of Free MP3 CD Ripper has a security vulnerability. This vulnerability stems from a stack buffer overflow issue during WMA file processing. It could allow local attackers to bypass the DEP protection by manipulating structured exception...

8.6CVSS6.3AI score0.00181EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

cpp-httplib 环境问题漏洞

cpp-httplib is a C++ library developed by Yhirose, which includes HTTP/HTTPS server and client components. Versions of cpp-httplib prior to 0.44.0 contained an environmental issue vulnerability. This vulnerability stemmed from the server’s request parsing process, where percent signs were decoded...

9.9CVSS5.8AI score0.00295EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

shopper 授权问题漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 had authorization-related vulnerabilities. These vulnerabilities stemmed from two authorization flaws in the team settings system: the mount method in Settings/Team/Index was not...

9.9CVSS5.9AI score0.00321EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

TRENDnet TEW-432BRP 命令注入漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by TRENDnet Corporation. The TRENDnet TEW-432BRP 3.10B20 version has a command injection vulnerability. This vulnerability stems from the peerPin parameter in the goform/formWPS file, which allows for command execution by remote attacker...

6.5CVSS6.7AI score0.0501EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Formie for Craft CMS 安全漏洞

Formie for Craft CMS is a form plugin for the Craft CMS developed by Verbb. Versions prior to 2.2.20 and 3.1.24 of Formie for Craft CMS had security vulnerabilities. These vulnerabilities stemmed from the possibility for unverified users to submit custom values into hidden fields. These values we...

9.8CVSS5.8AI score0.00475EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The version 7.9.1.0 R2502171040 of the Waterfall WF-500 TX Host contains an operating system command injection vulnerability. This...

8.6CVSS6.1AI score0.00882EPSS
Exploits0References1
Total number of security vulnerabilities195539