Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Shibby Tomato 安全漏洞

Shibby Tomato is a third-party router firmware developed by Shibby’s individual developers. Version 1.28 of Shibby Tomato contains a security vulnerability. This vulnerability stems from unknown functions in the usr/sbin/miniupnpd file, which may lead to resource consumption and potentially allow...

8.7CVSS7.1AI score0.00438EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the view/update.php script, which read $POSTupdateFile as a relative path under the...

6.9CVSS5.8AI score0.00469EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

JetBrains TeamCity 参数注入漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1...

8.8CVSS6.2AI score0.00411EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

mall 授权问题漏洞

Mall is a set of e-commerce systems developed by Macro Personal Developers, including a front-end shopping mall system and a back-end management system. Versions of Mall 1.0.3 and earlier had authorization-related vulnerabilities. These vulnerabilities stemmed from improper authorization in the...

5.8CVSS5.9AI score0.00218EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

Frontier 访问控制错误漏洞

Frontier is an Ethereum-compatible layer of Substrate. It is used to run unmodified Ethereum Dapps. Frontier X2 has a access control vulnerability that stems from the lack of mandatory pairing authentication or authorization, allowing unauthorized BLE reads and writes of critical GATT features...

8.8CVSS5.9AI score0.0028EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Free MP3 CD Ripper 安全漏洞

Free MP3 CD Ripper is an audio format converter. Version 2.8 of Free MP3 CD Ripper has a security vulnerability. This vulnerability stems from a stack buffer overflow issue during WMA file processing. It could allow local attackers to bypass the DEP protection by manipulating structured exception...

8.6CVSS6.3AI score0.00181EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

cpp-httplib 环境问题漏洞

cpp-httplib is a C++ library developed by Yhirose, which includes HTTP/HTTPS server and client components. Versions of cpp-httplib prior to 0.44.0 contained an environmental issue vulnerability. This vulnerability stemmed from the server’s request parsing process, where percent signs were decoded...

9.9CVSS5.8AI score0.00295EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

shopper 授权问题漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 had authorization-related vulnerabilities. These vulnerabilities stemmed from two authorization flaws in the team settings system: the mount method in Settings/Team/Index was not...

9.9CVSS5.9AI score0.00321EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

TRENDnet TEW-432BRP 命令注入漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by TRENDnet Corporation. The TRENDnet TEW-432BRP 3.10B20 version has a command injection vulnerability. This vulnerability stems from the peerPin parameter in the goform/formWPS file, which allows for command execution by remote attacker...

6.5CVSS6.7AI score0.0501EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Formie for Craft CMS 安全漏洞

Formie for Craft CMS is a form plugin for the Craft CMS developed by Verbb. Versions prior to 2.2.20 and 3.1.24 of Formie for Craft CMS had security vulnerabilities. These vulnerabilities stemmed from the possibility for unverified users to submit custom values into hidden fields. These values we...

9.8CVSS5.8AI score0.00475EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.19.0 contain security vulnerabilities. These vulnerabilities stem from the protectedProcedure middleware, which only verifies user authentication without enforcing organizational scope checks. As a...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

Mautic 安全漏洞

Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Version 7 of Mautic has a security vulnerability, which stems from a cross-site scripting vulnerability stored in the project...

5.4CVSS5.7AI score0.00133EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

SillyTavern 安全漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from automatic login using the Remote-User and X-Authentik-Username HTTP headers, without verifying whether...

9.8CVSS5.8AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Danelec Marine Danelec MacGregor Voyage Data Recorder 安全漏洞

The Danelec Marine Danelec MacGregor Voyage Data Recorder is a series of ship navigation data recording systems developed by Danelec Marine. There is a security vulnerability present in the Danelec Marine Danelec MacGregor Voyage Data Recorder, which stems from the inclusion of a default username...

8.7CVSS5.8AI score0.00226EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

FreePBX 安全漏洞

FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI-based web interface. Versions of FreePBX prior to 17.0.8 contained a security vulnerability. This vulnerability stemmed from the OAuth2 implementation in the API module,...

8.1CVSS5.8AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Sitejo HaPe PKH SQL注入漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains an SQL injection vulnerability. This vulnerability arises from injecting SQL code through the namakelompok POST parameter, which may allow...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

ASUS Armoury Crate 安全漏洞

ASUS Armoury Crate is a software utility developed by ASUS Corporation in China. It aims to provide centralized control over supported ROG gaming products. ASUS Armoury Crate has a security vulnerability caused by improper allocation of permissions for critical resources. This vulnerability may...

7.3CVSS5.8AI score0.0009EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

SillyTavern 代码问题漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 had code vulnerabilities. This vulnerability stemmed from the corsProxyMiddleware module, which directly forwarded req.params.url to fetchurl, .... This allowed loop request...

6.9CVSS5.9AI score0.00375EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Red Hat OpenShift Container Platform 授权问题漏洞

Red Hat OpenShift Container Platform is a platform developed by Red Hat Inc. It helps enterprises develop, deploy, and manage existing container-based applications across physical, virtual, and public cloud infrastructures. There is an authorization vulnerability in Red Hat OpenShift Container...

7.4CVSS5.8AI score0.0023EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

asn1c 安全漏洞

ASN1C is an ASN.1 compiler developed by Lev Walkin as a personal project. Versions of ASN1C prior to 1.4 contained security vulnerabilities. These vulnerabilities stemmed from memory safety issues in the OER decoding framework. When parsing specially crafted zero-length payloads, the decoder did...

8.2CVSS5.8AI score0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.14 views

FreeScout 数据伪造问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.220 contained a data manipulation vulnerability. This vulnerability stemmed from the use of In-Reply-To/References headers in...

7.5CVSS5.7AI score0.00145EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Waterfall WF-500 安全漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 has a security vulnerability that stems from relative path traversal. This vulnerability could allow attackers...

7.8CVSS6AI score0.00146EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Statamic 代码问题漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. There were code vulnerabilities in versions prior to Statamic 5.73.22 and 6.18.1. These vulnerabilities stemmed from UR...

5.4CVSS5.9AI score0.00151EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Open ISES Project SQL注入漏洞

The Open ISES Project is an open-source information technology platform and resource platform for emergency service organizations developed by Open ISES. Version 3.30A of the Open ISES Project contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.14 views

Neotoma 访问控制错误漏洞

Neotoma is a locally prioritized open-source tool developed by Mark Hendrickson as an AI agent for managing state and records across various tools. Versions of Neotoma from 0.6.0 to 0.11.1 contained an access control vulnerability. This vulnerability occurred when the application received request...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Open ISES Project SQL注入漏洞

The Open ISES Project is an open-source information technology platform developed by Open ISES for emergency service organizations. Version 3.30A of the Open ISES Project contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the ticketid parameter...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

Maxon ERP SQL注入漏洞

Maxon ERP is an ERP software developed by Maxon ERP Corporation. The SQL injection vulnerability exists in versions 8.x to 9.x of Maxon ERP Software. This vulnerability stems from the nomor, user, and jenis parameters in the logactivity function, which may allow authenticated users to execute...

7.1CVSS6.1AI score0.00273EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Acer Predator Connect W6x 安全漏洞

The Acer Predator Connect W6x is a series of high-performance Wi-Fi 6/6E gaming routers produced by Acer of Taiwan, China. The Acer Predator Connect W6x has a security vulnerability, which stems from improper access control in the MQTT proxy, allowing wildcard topic subscriptions, thereby exposin...

8.7CVSS5.8AI score0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Group Office 安全漏洞

Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 26.0.25, 25.0.100, and 6.8.165 contained security vulnerabilities. These vulnerabilities stemmed from allowing authenticated users to persist legacy settings for arbitrary user ID...

5.1CVSS5.8AI score0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Interinfo DreamMaker 代码问题漏洞

Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Interinfo DreamMaker has a code vulnerability that stems from arbitrary file uploads. This vulnerability could allow a privileged remote attacker to upload and execute a Web shell backdoor, thereby enabling...

8.6CVSS6.2AI score0.00456EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

SillyTavern 安全漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of cookie-session for authentication. The password update endpoint only updated the password...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Indian Motorcycle Scout Bobber + Tech 安全漏洞

The Indian Motorcycle Scout Bobber + Tech is a mid-level cruiser motorcycle produced by the Japanese company Indian Motorcycle. The Scout Bobber + Tech 2025 has a security vulnerability, where the resource consumption of the Wireless Control Module is uncontrolled, which may allow neighboring...

4.6CVSS5.8AI score0.00174EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Plesk 安全漏洞

Plesk is a web hosting control panel developed by the Swiss company Plesk. There is a security vulnerability in Plesk, which stems from XPath injection in the APS application directory search function. User input that is not properly cleaned and directly inserted into the XPath query could allow...

9.9CVSS6.1AI score0.00686EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Dokploy 操作系统命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.28.8 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from authenticated OS command injections at the WebSocket endpoints, allowing any member of an...

9.9CVSS6.1AI score0.00758EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

FreeRDP 安全漏洞

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.26.0 contained security vulnerabilities. These vulnerabilities stemmed from malicious RDP clients being able to trigger a heap buffer overflow write in the server-side clipboard...

8.8CVSS6.1AI score0.03453EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.14 views

Sitejo HaPe PKH 跨站请求伪造漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains a cross-site request forgeing vulnerability. This vulnerability stems from the lack of verification of the request source, which may allow attacker...

6.9CVSS5.7AI score0.00175EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

StrongSwan security vulnerabilities

strongSwan is an open-source VPN solution based on IPsec, developed by Andreas Steffen of Switzerland. This solution includes X.509 public key certificates, secure storage of private keys, and authentication mechanisms such as smart cards. strongSwan has security vulnerabilities, which stem from...

5.8AI score
Exploits3References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

FreeRDP 资源管理错误漏洞

FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions of FreeRDP prior to 3.26.0 contained a resource management vulnerability. This vulnerability stemmed from the RDPEAR NDR parser acceptingNDR pointers with multiple logical pointer fields. It...

8.8CVSS5.8AI score0.00384EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go. This vulnerability arises when accessing pixels in an invalid image using palette index values that...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Formie for Craft CMS 安全漏洞

Formie for Craft CMS is a form plugin for the Craft CMS developed by Verbb. Versions prior to 2.2.21 and 3.1.26 of Formie for Craft CMS had security vulnerabilities. These vulnerabilities stemmed from the possibility for unverified users to modify existing submissions by submitting known or guess...

8.7CVSS5.8AI score0.00311EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Live plugin’s YouTube-style view, which rendered the live stream key directly into HTML...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Open ISES Project SQL注入漏洞

The Open ISES Project is an open-source information technology platform for emergency service organizations, developed by Open ISES. Version 3.30A of the Open ISES Project contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the frmpasswd...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

MoviePilot 安全漏洞

MoviePilot is an automated film resource management tool developed by jxxghp. Version 2 of MoviePilot has a security vulnerability. This vulnerability stems from a server-side request forgery in the image proxy endpoint, which may allow authenticated attackers to request arbitrary URLs and...

7.7CVSS5.9AI score0.0025EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Bylancer Zechat SQL注入漏洞

Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat has a SQL injection vulnerability. This vulnerability arises from injecting SQL code via the uname parameter,...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

WordPress plugin Breeze 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

WordPress plugin Media Library Assistant 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.1CVSS5.8AI score0.00203EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

ITP ITS Intelligent SCADA System 跨站脚本漏洞

ITP ITS Intelligent SCADA System is an industrial automation monitoring and data acquisition platform developed by ITP, a company from Taiwan, China. The ITP ITS Intelligent SCADA System has a cross-site scripting vulnerability, which stems from stored-xss scripts. This vulnerability may allow...

4.8CVSS5.7AI score0.00176EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

ImageMagick security vulnerabilities

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. ImageMagick has security vulnerabilities; these vulnerabilities stem from infinite loops in the MIFF decoder, which can lead to CPU...

5.8AI score0.01849EPSS
Exploits4References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained code vulnerabilities. These vulnerabilities stemmed from the lack of using the $resolvedIP output parameter from functions like EpgParser.php and...

6.5CVSS5.9AI score0.00136EPSS
Exploits0References1
Total number of security vulnerabilities195539