Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

WordPress plugin SlimStat Analytics 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS5.6AI score0.00436EPSS
Exploits0References14
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a null pointer dereferencing in the paprhvpipedevcreatehandle function within pseries papr-hvpipe...

5.8AI score0.00121EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

WordPress plugin GutenBee – Gutenberg Blocks 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS6.3AI score0.00659EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Portainer 安全漏洞

Portainer is a lightweight user management interface developed by Portainer, open source, for managing Docker environments and Docker hosts. There were security vulnerabilities in versions of Portainer from 2.33.0 to 2.33.8, as well as in versions before 2.39.2 and 2.41.0. These vulnerabilities...

7.7CVSS5.8AI score0.00316EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from improper input validation, potentially leading to privilege escalation. Users with Fleet management privileges and who are authenticated...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Mantis Bug Tracker 跨站脚本漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.2 contained a cross-site scripting vulnerability. This vulnerability occurred when using the showinline=1 parameter and a valid CSRF token, allowing attackers to...

7.5CVSS5.8AI score0.00349EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Mantis Bug Tracker 安全漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.2 contained a security vulnerability. This vulnerability stemmed from the mcissueupdate function, which allowed users with the updatebugthreshold permission to...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

DeepCode 路径遍历漏洞

DeepCode is a multi-agent code generation tool open-source by Data Intelligence Lab@HKU. Previous versions of DeepCode c991dc2 contained a path traversal vulnerability. This vulnerability originated from the SPA catch-all route in newui/backend/main.py, which had a path traversal vulnerability...

8.7CVSS6AI score0.00376EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Automad 访问控制错误漏洞

Automad is a flat-file content management system and template engine developed by Marc Anton Dahmen. Versions of Automad from 2.0.0-alpha.1 to 2.0.0-beta.27 contain access control vulnerabilities. These vulnerabilities stem from ineffective access control mechanisms, allowing unauthorized attacke...

7.5CVSS5.8AI score0.00298EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Electerm 安全漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions 3.0.6 to 3.8.8 of Electerm have security vulnerabilities, which stem from executing local code through Electerm’s single-instance socket...

9.3CVSS5.9AI score0.00114EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Hono 安全漏洞

Hono is a web framework built in TypeScript for the Hono community. Versions of Hono prior to 4.12.21 contained security vulnerabilities. These vulnerabilities stemmed from the serialize function not verifying the sameSite and priority options. This could allow the application to pass...

5.3CVSS5.8AI score0.00216EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

synapse 安全漏洞

Synapse is an open-source matrix main server developed by Element. Versions prior to 1.152.1 of Synapse contained a security vulnerability. This vulnerability occurred due to locally authenticated users being able to exhaust CPU resources, causing other requests to fail and leading to...

6.8CVSS5.8AI score0.00128EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Zed 安全漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.227.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of shell references or validations for environment variable keys during SSH/WSL remote command execution. This allowed attackers to...

8.6CVSS6.2AI score0.00257EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Oracle Payments 安全漏洞

Oracle Payments is a corporate payment processing and funding management platform owned by Oracle Corporation in the United States. Vulnerabilities exist in versions 12.2.3 to 12.2.15 of Oracle Payments, stemming from issues with the File Transmission component. These vulnerabilities could allow...

9.8CVSS5.8AI score0.00677EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a double release of resources in the error path of the createspaceinfosubgroup function within the btrf...

7CVSS5.8AI score0.00136EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Hono 安全漏洞

Hono is a web framework built with TypeScript in the Hono community. Versions of Hono prior to 4.12.21 contained security vulnerabilities. These vulnerabilities stemmed from the use of app.mount to remove the mount prefix using raw URL path names. Route matching was performed on percent-encoded...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained security vulnerabilities. These vulnerabilities stemmed from the internal RPC layer reverting to the public default key when no shared key was configured, which could lead to...

9.8CVSS5.8AI score0.00268EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux 6.8, 6.17, and 7.0 versions contain security vulnerabilities. These vulnerabilities stem from an inability to verify the invalid size of the name field in AppArmor...

3.3CVSS5.8AI score0.00092EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Speakr 安全漏洞

Speakr is a self-hosted AI transcription and smart note platform developed by Murtaza Nasir. Versions of Speakr prior to 0.8.20-alpha contained a security vulnerability. This vulnerability stemmed from the use of urljoin before parsing in the issafeurl validation function. The controller directly...

6.1CVSS5.8AI score0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

Portainer 信息泄露漏洞

Portainer is a lightweight user management interface developed by Portainer for managing Docker environments and Docker hosts. Versions of Portainer Community Edition prior to 2.33.8, 2.39.2, and 2.41.0 contained an information leakage vulnerability. This vulnerability occurred when creating or...

9.9CVSS5.9AI score0.00416EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

ai-goofish-monitor 安全漏洞

ai-goofish-monitor is an AI-based multi-task real-time monitoring and web management tool developed by Usagi-org. There is a security vulnerability in ai-goofish-monitor. This vulnerability stems from the GET /api/prompts/filename endpoint in Windows deployments, which contains an unvalidated...

8.2CVSS6AI score0.006EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from uncontrolled resource consumption and may lead to denial-of-service attacks. Users with viewer-level access and authenticated status can...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Music Player Daemon 安全漏洞

Music Player Daemon is an open-source music playback daemon developed by Music Player Daemon project. Versions of Music Player Daemon prior to 0.24.11 contained security vulnerabilities. These vulnerabilities stemmed from path traversal issues in functions like LocalStorage::MapFSOrThrow and...

8.7CVSS5.9AI score0.00501EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained a security vulnerability. This vulnerability stemmed from improper authorization in the UploadPartCopy operation, allowing objects to be copied across buckets without enforci...

7.1CVSS5.8AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.9.6 contained a security vulnerability. This vulnerability stemmed from functions defined in the sandbox that exposed Function.caller, potentially allowing sandbox-constructed code to restore internal...

10CVSS6.1AI score0.00472EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Zed 安全漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.229.0 contained security vulnerabilities. These vulnerabilities stemmed from the terminal tool permission system’s ability to bypass the bash variable expansion chain, allowing for the execution of arbitrary commands und...

6.4CVSS6.1AI score0.00438EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

mapfish-print 代码注入漏洞

Mapfish-Print is a JAVA extension library created by individual developers for creating maps-related reports. This extension library is based on Java’s servlet/lib/application framework and can implement a service that receives requests and returns reports. Versions of Mapfish-Print from 3.23.0 t...

9.3CVSS6.2AI score0.00325EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Apache ActiveMQ和Apache ActiveMQ Artemis 安全漏洞

Apache ActiveMQ and Apache ActiveMQ Artemis are both products of the Apache Foundation in the United States. Apache ActiveMQ is an open-source messaging middleware that supports Java Message Service, clustering, Spring Framework, etc. Apache ActiveMQ Artemis is a high-performance open-source...

4.3CVSS5.8AI score0.00372EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

CTI-Transmute 安全漏洞

CTI-Transmute is an open-source network threat intelligence format conversion service developed by the MISP Project. CTI-Transmute has a security vulnerability. This vulnerability stems from the fact that the notification messages in the notification panel contain transition names that are...

6.3CVSS6AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from uncontrolled resource consumption. This vulnerability may cause memory exhaustion and service crashes for users with low privileges who...

6.5CVSS5.8AI score0.00296EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.16 views

Music Player Daemon 安全漏洞

Music Player Daemon is an open-source music playback daemon. Versions of Music Player Daemon prior to 0.24.11 contained a security vulnerability. This vulnerability stemmed from the pcmunpack24be function in src/pcm/Pack.cxx, which had a stack buffer overflow issue. This could allow unauthorized...

8.8CVSS6.2AI score0.0051EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana. This vulnerability stems from issues with operations after resources expire or terminate. As a result, time-limited access tokens can still be used beyon...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the management router did not perform authentication on performance analysis endpoints, which could...

8.8CVSS5.8AI score0.0031EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

CodeWhale 代码注入漏洞

CodeWhale is a terminal coding intelligence tool developed by Hunter Bown. Versions of CodeWhale from 0.3.0 to 0.8.23 contain a code injection vulnerability. This vulnerability arises from the runtests tool executing cargo test with ApprovalRequirement::Auto, allowing for the compilation and...

9.6CVSS6.2AI score0.00375EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

GitButler 代码注入漏洞

GitButler is an open-source modern Git version control interface that supports AI workflows. Versions of GitButler prior to 0.19.7 contained a code injection vulnerability. This vulnerability could allow arbitrary scripts to execute in the Tauri webview due to the malicious links present in the...

9.3CVSS6.1AI score0.00515EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Hono 授权问题漏洞

Hono is a web framework built with TypeScript in the Hono community. Versions of Hono prior to 4.12.21 had an authorization issue vulnerability. This vulnerability stemmed from the jwt and jwk middleware not verifying the Authorization header values using the Bearer scheme. As a result, JWT...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.3 contained security vulnerabilities. These vulnerabilities stemmed from an authentication bypass in the password reset endpoint, allowing unverified attackers to reset the...

8.8CVSS5.8AI score0.00324EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Canonical Multipass 安全漏洞

Canonical Multipass is a virtual instance of Ubuntu developed by Canonical OpenSource. Versions of Canonical Multipass prior to 1.16.3 contained security vulnerabilities. These vulnerabilities stemmed from the validatepath function in the sshfsserver component, which had a path bypass issue. It...

8.4CVSS5.8AI score0.00505EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

WordPress plugin Easy Digital Downloads 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.7AI score0.00135EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.19 views

TP-Link多款产品 安全漏洞

TP-Link Tapo L535E are products of the TP-Link company from China. The TP-Link Tapo L535E is a smart color-adjustable LED bulb. The TP-Link Tapo P300 is a smart Wi-Fi multi-port plug-in device. The TP-Link Tapo D100C is a smart video doorbell with a wireless doorbell buzzer. Several TP-Link...

7.3CVSS5.9AI score0.00097EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

esm.sh 路径遍历漏洞

esm.sh is an open-source content distribution network developed by esm.sh. Versions of esm.sh 137 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the fact that older routers did not clean up path components during the concatenation process, allowing attackers...

8.7CVSS5.8AI score0.00362EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.22 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure of the connection preparation in the mac80211 module. This failure results in the site not...

8.8CVSS5.8AI score0.00302EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

bzip2 安全漏洞

Bzip2 is an open-source compression/ decompression application developed by the Bzip2 organization. Bzip2 has a security vulnerability, which stems from a minor error in the bzip2recover tool. This error may lead to out-of-bound writing when processing specially crafted files, resulting in memory...

5.1CVSS5.8AI score0.00126EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Veeam Service Provider Console 安全漏洞

Veeam Service Provider Console is a cloud-enabled platform developed by the American company Veeam. There is a security vulnerability in Veeam Service Provider Console, which may lead to remote code execution...

9.4CVSS6.1AI score0.00403EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of replay protection when mapping SAML assertions to user...

8.1CVSS6AI score0.00298EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Oracle Database Server Net Service 安全漏洞

Oracle Database Server Net Service is a database network communication and connection management service component provided by Oracle Corporation in the United States. Vulnerabilities exist in versions 23.4.0 to 23.26.2 of Oracle Database Server Net Service. These vulnerabilities stem from issues...

9CVSS5.8AI score0.00328EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle, Inc., in the United States, that exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem from...

9.9CVSS5.8AI score0.00352EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

Follet School Solutions Destiny 安全漏洞

Follet School Solutions Destiny is a school solution provided by Follet Corporation. Versions of Follet School Solutions Destiny prior to 22.0.1 AU1 contained security vulnerabilities. These vulnerabilities stemmed from a cross-site scripting vulnerability in the showSupportExpiredMessage paramet...

5.1CVSS5.9AI score0.00319EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

WordPress plugin LiveSmart Video Chat Live Video Chat 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.00156EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

WordPress plugin Independent Analytics 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.9AI score0.00366EPSS
Exploits0References10
Total number of security vulnerabilities195539