Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

Follet School Solutions Destiny 安全漏洞

Follet School Solutions Destiny is a school solution provided by Follet Corporation. Versions of Follet School Solutions Destiny prior to 22.0.1 AU1 contained security vulnerabilities. These vulnerabilities stemmed from a cross-site scripting vulnerability in the showSupportExpiredMessage paramet...

5.1CVSS5.9AI score0.00319EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

WordPress plugin LiveSmart Video Chat Live Video Chat 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.00156EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

WordPress plugin Independent Analytics 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.9AI score0.00366EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.18 views

WordPress plugin Frontend Admin by DynamiApps 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.00433EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux 6.8 version contained a security vulnerability; this vulnerability stemmed from potential null pointer dereferencing during the processing of AppArmor notifications, which cou...

5.5CVSS5.8AI score0.00097EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.16 views

InHand IR Series 安全漏洞

The InHand IR Series is a series of industrial-grade cellular wireless routers produced by InHand Corporation in the United States. The InHand IR Series contains a security vulnerability, which stems from command injection in the WireGuard VPN function. This vulnerability may allow attackers to...

9.8CVSS5.9AI score0.01269EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Samba 操作系统命令注入漏洞

Samba is an open-source suite of standard Windows interoperability programs for Linux and Unix systems. Samba has a vulnerability related to operating system command injection, which stems from the incorrect escaping of shell metacharacters when the “check password” script uses the %u character...

9CVSS5.8AI score0.02501EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

json-2-csv 安全漏洞

json-2-csv is a JSON-to-CSV conversion tool developed by Michael Rodrigues. Versions of json-2-csv from 3.15.0 to 5.5.11 had security vulnerabilities. These vulnerabilities stemmed from the possibility of bypassing the preventCsvInjection option, allowing attackers to inject formulas into the CSV...

7CVSS5.8AI score0.00166EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

WordPress plugin WP Contact Form 7 DB Handler 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.1CVSS5.8AI score0.00248EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error path resource leak in the mlx4ibcreatesrq function within RDMA mlx4. This issue may lead...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

OpenReplay 访问控制错误漏洞

OpenReplay is an open-source, developer-friendly, self-hosted session replay software. Versions of OpenReplay prior to 1.26.0 contained an access control vulnerability. This vulnerability stemmed from the lack of verification that the project belonged to the same tenant during API key...

7.7CVSS5.8AI score0.00231EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Nautobot 安全漏洞

Nautobot is a web-based automation platform developed by the Nautobot team. Versions of Nautobot prior to 2.4.33 and 3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from users who had permission to add/modify GitRepository records being able to directly set the currenthead...

7.1CVSS5.8AI score0.00277EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a double release of memory during the error path in the RDMA vmwpvrdma driver’s pvrdmaallocuconte...

5.8AI score0.00143EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

pyjwt 代码问题漏洞

PyJWT is a Python library developed by José Padilla of the United States. It allows for the encoding and decoding of JSON Web Tokens JWTs. Prior to version 2.13.0, there were code vulnerabilities in PyJWT. These vulnerabilities stemmed from PyJWKClient directly passing the uri parameter to...

4.2CVSS6AI score0.00181EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

WordPress plugin Everest Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.9AI score0.00275EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Sensorweb ScadaBR 安全漏洞

Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation, designed for developing automated data acquisition and monitoring applications. There is a security vulnerability in Sensorweb ScadaBR. This vulnerability stems from an exposed method that allows authenticated...

9.9CVSS6.2AI score0.00316EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

WordPress plugin PDF Embedder 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.8AI score0.00376EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

WordPress plugin 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

4.3CVSS5.8AI score0.00232EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

SourceBans Material Admin 安全漏洞

SourceBans Material Admin is a game server management panel tool developed by SourceBans Material Admin developers. Versions prior to 1.1.6 of SourceBans Material Admin contained security vulnerabilities; these vulnerabilities allowed attackers to manipulate arbitrary user data in web application...

7.3CVSS5.9AI score0.00308EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

WordPress plugin SMTP2GO for WordPress – Email Made Easy 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem...

5.3CVSS5.8AI score0.00183EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Acer NitroSense 安全漏洞

Acer NitroSense is a gaming device performance management software developed by Acer of Taiwan, China. Versions of Acer NitroSense prior to 3.01.3052 contained security vulnerabilities. These vulnerabilities stemmed from the PSAdminAgent service creating named pipes with weak access control lists...

8.5CVSS5.9AI score0.00152EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the assumption in dm-verity-fec that parity-check bytes are not split across blocks, allowing for...

5.8AI score0.00117EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the batman-adv module not rejecting new tpmeter sessions during network disconnection. This allow...

7.8CVSS5.8AI score0.00139EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.16 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the non-active timer cleanup path in the HID applet b-kbd driver, allowing for reuse of resources after...

5.8AI score0.00124EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Oracle Payroll 安全漏洞

Oracle Payroll is a corporate payroll calculation and distribution management system developed by Oracle, a company in the United States. Versions 12.2.3 to 12.2.15 of Oracle Payroll contain security vulnerabilities. These vulnerabilities stem from issues with the Internal Operations component,...

8.1CVSS5.8AI score0.00216EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the isofs exportiget function not verifying the block number in the NFS file handle, potentially...

7.5CVSS5.8AI score0.00425EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from insufficient ICRC checks when processing unknown opcodes in RDMA rxe, potentially leading to out-of-bou...

7.5CVSS5.8AI score0.00574EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.18 views

Portainer 安全漏洞

Portainer is a lightweight user management interface developed by Portainer Foundation for managing Docker environments and Docker hosts. Vulnerabilities existed in versions of Portainer from 2.33.0 to 2.33.8, as well as in version 2.39.1, due to an issue with authorization verification in custom...

6.5CVSS5.8AI score0.00257EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

LinkAce 注入漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.6 had an injection vulnerability. This vulnerability stemmed from the database configuration process allowing attackers to control databases by...

8.1CVSS6AI score0.00456EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Portainer 路径遍历漏洞

Portainer is a lightweight user management interface developed by Portainer for managing Docker environments and Docker hosts. In versions 2.33.0 to 2.33.8 of the Portainer Community Edition, there was a path traversal vulnerability. This vulnerability stemmed from the tar.gz decompression...

5.5CVSS5.9AI score0.00606EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.20 views

Portainer 安全漏洞

Portainer is a lightweight user management interface developed by Portainer Foundation for managing Docker environments and Docker hosts. There were security vulnerabilities in versions of Portainer Community Edition from 2.33.0 to 2.33.8, as well as in versions prior to 2.39.2 and 2.41.0. These...

9.4CVSS5.8AI score0.00347EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Portainer 安全漏洞

Portainer is a lightweight user management interface developed by Portainer Foundation for managing Docker environments and Docker hosts. Vulnerabilities exist in versions of Portainer Community Edition from 2.33.0 to 2.33.8, as well as in versions prior to 2.39.2 and 2.41.0. These vulnerabilitie...

9.4CVSS5.9AI score0.00328EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained a security vulnerability. This vulnerability stemmed from the use of embedded test private keys for license verification, allowing anyone to forge any license token...

8.7CVSS5.8AI score0.00239EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 29.0.2 contained security vulnerabilities. These vulnerabilities stemmed from an application credential impersonation vulnerability combined with a trust...

8.8CVSS5.8AI score0.00328EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

MeshCore Card 跨站脚本漏洞

The MeshCore Card is a Home Assistant card developed by John Pettitt, designed to display statistical data related to the MeshCore grid network. Versions of the MeshCore Card prior to 0.3.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the names of...

9.6CVSS5.9AI score0.00317EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Tigera Calico 安全漏洞

Tigera Calico is an open-source network security solution developed by the American company Tigera, designed for container, virtual machine, and host workload scenarios. Tigera Calico has a security vulnerability that arises from printing the complete connection configuration structure when calle...

7.2CVSS5.8AI score0.00224EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

synapse 输入验证错误漏洞

Synapse is an open-source matrix main server developed by Element. Versions prior to 1.152.1 of Synapse contained a vulnerability related to input validation errors. This vulnerability allowed malicious servers to manipulate room events, thereby preventing the complete history from being provided...

5.1CVSS5.8AI score0.00369EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Zed 操作系统命令注入漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.229.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the terminal tool permissions system, which could be bypassed through bash arithmetic extensions, allowing...

8.6CVSS6AI score0.00232EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

flowintel 安全漏洞

Flowintel is an open-source security analyst case and task management platform developed by flowintel. Versions of FlowIntel 3.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the external reference URL detection function in the app/case/task.py file, which has a...

6.2CVSS5.8AI score0.00232EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Rocket.Chat 安全漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. Vulnerabilities exist in versions prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12. These vulnerabilities stem from the DDP method autoTranslate.translateMessage, which accepts an IMessage object provided b...

7.5CVSS7.1AI score0.00283EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

AutoGPT 安全漏洞

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. Versions of AutoGPT prior to 0.6.59 contained a security vulnerability. This vulnerability stemmed from the POST /api/blocks/blockid/execute endpoint, which allowed unlimited free execution...

5.4CVSS5.9AI score0.00222EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Music Player Daemon 安全漏洞

Music Player Daemon is an open-source music playback daemon. Versions of Music Player Daemon prior to 0.24.11 contained a security vulnerability. This vulnerability stemmed from a server-side request forgeing issue in CurlInputPlugin. When the CURLOPTFOLLOWLOCATION option was set, the...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

rustfs 访问控制错误漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained an access control vulnerability. This vulnerability stemmed from the fact that the GET /rustfs/console/license endpoint did not require authentication, allowing any client th...

6.9CVSS5.8AI score0.0031EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 29.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the joint token revalidation mechanism, which did not propagate the expiration...

8.1CVSS5.8AI score0.00249EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 29.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the application credential authentication plugin not verifying user identities...

8.8CVSS5.8AI score0.00303EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Kuma 安全漏洞

Kuma is a modern service mesh developed by Kuma OpenSource, based on Envoy. It can be run on Kubernetes and VMs, with single- or multi-zone capabilities, across various clouds. There were security vulnerabilities in versions of Kuma before 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5. These...

5.1CVSS5.8AI score0.00204EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Local Path Provisioner 安全漏洞

Local Path Provisioner is a Kubernetes local storage dynamic provisioning tool developed by Rancher. Versions of Local Path Provisioner prior to 0.0.36 contained security vulnerabilities. These vulnerabilities stemmed from insufficient validation of the helperPod.yaml template. Malicious users...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Zed 安全漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.229.0 contained security vulnerabilities. These vulnerabilities stemmed from the terminal tool’s permission system, which could be exploited by adding environment variables before allowed commands, allowing the hijacking...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

logback-core 安全漏洞

logback-core is the core module of the QOS.CH open-source logging framework. Versions of logback-core 1.5.32 and earlier contain security vulnerabilities. These vulnerabilities stem from the HardenedObjectInputStream module’s ability to deserialize untrusted data, which may lead to object injecti...

6.3CVSS5.8AI score0.0037EPSS
Exploits0References1
Total number of security vulnerabilities195539