Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

Student-Management-System 访问控制错误漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. The STUDENT-MANAGEMENT-SYSTEM contains a security vulnerability related to access control. This vulnerability stems from improper access control measures in the Dashboard component, which may...

7.5CVSS7.2AI score0.00288EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

AppLockZ - TrustedApp App Lock and Fingerprint Lock 安全漏洞

AppLockZ - TrustedApp App Lock and Fingerprint Lock is a mobile application security tool developed by AppLockZ - TrustedApp. Version 4.2.11 of AppLockZ - TrustedApp App Lock and Fingerprint Lock contains a security vulnerability. This vulnerability stems from the PIN lock being implemented as a...

2.4CVSS5.8AI score0.00186EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

Bugsink 代码问题漏洞

Bugsink is an open-source, self-hosted bug tracking software developed by Bugsink. Versions of Bugsink prior to 2.1.3 had code vulnerabilities. These vulnerabilities stemmed from URL parsing issues, which allowed partial bypass of Webhook URL validation. This could enable attackers to circumvent...

4.3CVSS5.9AI score0.00286EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

IBM HTTP Server 代码注入漏洞

IBM HTTP Server is an enterprise-level web server software developed by International Business Machines IBM. Versions 8.5 and 9.0 of IBM HTTP Server contain code injection vulnerabilities. These vulnerabilities stem from configurations involving TLS mutual authentication, which may lead to remote...

9.8CVSS6.5AI score0.00456EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.19 views

Check Point Security Gateway 安全漏洞

Check Point Security Gateway is a series of network security gateway devices developed by the Israeli company Check Point. There is a security vulnerability in Check Point Security Gateway, which arises when the identity-aware module based on browser authentication is enabled, allowing...

7.5CVSS5.8AI score0.0475EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.17 views

SourceCodester CET Automated Grading System with AI Predictive Analytics 安全漏洞

SourceCodester CET Automated Grading System with AI Predictive Analytics is an open-source English language assessment system based on artificial intelligence predictive analytics, developed by SourceCodester. Version 1.0 of the SourceCodester CET Automated Grading System with AI Predictive...

5.3CVSS5.6AI score0.00159EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.17 views

Joomla! CMS 访问控制错误漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has a vulnerability related to access control, which stems from improper access checks. As a result, users with low privileges can edit the task types of existing scheduling programs...

6.4CVSS5.8AI score0.00154EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

Lumiverse 参数注入漏洞

Lumiverse is a full-featured AI chat application suite developed by Prolix OCs’ individual developers. Versions of Lumiverse prior to 0.9.7 contained a parameter injection vulnerability. This vulnerability stemmed from the MCP server creating endpoint validation commands without verifying the arg...

9.9CVSS6.4AI score0.00377EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Check Point Security Gateway 安全漏洞

Check Point Security Gateway is a series of network security gateway devices developed by Check Point in Israel. There is a security vulnerability in Check Point Security Gateway, which stems from an input processing issue in the UserCheck Web Portal during the DLP activation process. This...

5.6CVSS5.8AI score0.04356EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There are security vulnerabilities in versions prior to Apple macOS Sequoia 15.7, Sonoma 14.8, and Tahoe 26. These vulnerabilities stem from logical issues and could allow malicious applicatio...

7.8CVSS5.8AI score0.00135EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

CODESYS Development System 安全漏洞

CODESYS Development System is a set of programming tools developed by the German company CODESYS, used in the fields of industrial controllers and automation technology. There is a security vulnerability in the CODESYS Development System. This vulnerability stems from the use of insecure default...

8.5CVSS5.9AI score0.00123EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

SAP Gateway 安全漏洞

SAP Gateway is a framework based on open standards developed by SAP, a German company. This product allows non-SAP applications to connect to SAP applications, as well as access SAP applications on mobile devices. There is a security vulnerability in SAP Gateway, which allows attackers to inject...

4.3CVSS5.8AI score0.00258EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

IBM Watsonx.data 安全漏洞

IBM Watsonx.data is an open data lake platform developed by IBM. There are security vulnerabilities in the version 2.2 to 2.3.1 of IBM Watsonx.data. These vulnerabilities stem from improper restrictions on inbound and outbound connections, allowing attackers to transfer or modify files without...

5.4CVSS5.8AI score0.00166EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

itsourcecode Student Transcript Processing System SQL注入漏洞

itsourcecode Student Transcript Processing System is an open-source student transcript processing system developed by itsourcecode. Version 1.0 of the itsourcecode Student Transcript Processing System has a SQL injection vulnerability. This vulnerability arises from improper handling of the...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There are security vulnerabilities in versions prior to Apple macOS Sequoia 15.7, Sonoma 14.8, and Tahoe 26. These vulnerabilities stem from logical issues and could allow malicious applicatio...

5.5CVSS5.8AI score0.00139EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

IBM Engineering Lifecycle Management 安全漏洞

IBM Engineering Lifecycle Management is an engineering lifecycle management platform provided by the American multinational company International Business Machines IBM. Versions 7.0.3, 7.1.0, and 7.2.0 of IBM Engineering Lifecycle Management contain security vulnerabilities. These vulnerabilities...

7.2CVSS5.9AI score0.00369EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

Autodesk 3ds Max 缓冲区错误漏洞

Autodesk 3ds Max is a full-featured 3D computer graphics software developed by Autodesk, Inc. Autodesk 3ds Max has a buffer error vulnerability, which arises from the possibility of out-of-bounds writing during the parsing of specially crafted TIF files. Malicious actors may exploit this...

7.8CVSS6.3AI score0.00166EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov, based on multiple packet capture engines. Versions of FastNetMon prior to 1.2.9 contain security vulnerabilities. These vulnerabilities stem from the gRPC API server not enabling authentication mechanisms, which ma...

8.1CVSS5.8AI score0.00233EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Das Parking Management System SQL注入漏洞

Das Parking Management System is a parking management system developed by Das Real Technology Co., Ltd. Version 6.2.0 of Das Parking Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of parameters during the execution of code in the Search API...

7.5CVSS7.3AI score0.00318EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

PbootCMS 安全漏洞

PbootCMS is an open-source enterprise website content management system developed using the PHP language. Version PbootCMS 3.2.11 contains a security vulnerability, which stems from code injection in the site configuration function...

4.3CVSS5.8AI score0.00247EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

IBM Cognos Analytics和IBM Cognos Transformer 跨站脚本漏洞

IBM Cognos Analytics and IBM Cognos Transformer are products of American International Business Machines IBM. IBM Cognos Analytics is a business intelligence software suite. This software includes reports, dashboards, and scorecards, and can assist businesses in adjusting their decisions by...

7.6CVSS5.8AI score0.00185EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Hitachi Energy RTU500 安全漏洞

Hitachi Energy RTU500 is a series of industrial control components developed by Hitachi, Ltd. Hitachi Energy RTU500 contains a security vulnerability; this vulnerability stems from a null pointer dereferencing when using the IEC 60870-5-104 standard in bidirectional mode, which may lead to...

6.9CVSS5.8AI score0.0017EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

MediaInfoLib 安全漏洞

MediaInfoLib is a tool developed by MediaArea for displaying technical information and tag data related to audio and video files. MediaInfoLib has a security vulnerability, which stems from a heap buffer overflow issue during ID3v2 parsing...

7.8CVSS6AI score0.00207EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

IBM Financial Transaction Manager for SWIFT Services 跨站脚本漏洞

IBM Financial Transaction Manager for SWIFT Services is a financial transaction manager product developed by the American multinational company International Business Machines, Inc. IBM. This product is primarily used for monitoring, tracking, and reporting financial payments and transactions...

6.1CVSS5.8AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

NVIDIA Display Driver for Linux 资源管理错误漏洞

NVIDIA Display Driver for Linux is a graphics driver developed by NVIDIA Corporation. The NVIDIA Display Driver for Linux contains a resource management vulnerability that may lead to reuse after release, potentially causing denial-of-service attacks, privilege escalation, information leakage, da...

8.8CVSS5.9AI score0.00188EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26 and earlier contained security vulnerabilities, which were caused by logical issues and could allow applications to access sensitive user data...

5.5CVSS5.8AI score0.0015EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

Das Parking Management System SQL注入漏洞

Das Parking Management System is a parking management system developed by Das Real Technology Co., Ltd. Version 6.2.0 of Das Parking Management System has a SQL injection vulnerability. This vulnerability stems from the improper use of the xpcmdshell function in the API Endpoint component’s...

7.5CVSS7.2AI score0.00318EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

TOTOLINK CA750-PoE 操作系统命令注入漏洞

TOTOLINK CA750-PoE is a wireless network access device produced by TOTOLINK Corporation. Version 6.2c.510 of TOTOLINK CA750-PoE contains a vulnerability related to operating system command injection. This vulnerability arises from the operation of the setUnloadUserData function in the...

6.5CVSS6.6AI score0.01803EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

itsourcecode Electronic Judging System SQL注入漏洞

itsourcecode Electronic Judging System is an open-source electronic judging system developed by itsourcecode. Version 1.0 of the itsourcecode Electronic Judging System has a SQL injection vulnerability. This vulnerability arises from improper handling of the judgeid parameter by an unknown functi...

7.5CVSS7.1AI score0.00319EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

Faction 跨站脚本漏洞

Faction is an open-source collaborative framework for generating and evaluating penetration reports developed by Faction Security. Versions of Faction prior to 1.8.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of output encoding for attachment file nam...

8.7CVSS5.7AI score0.00211EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

Joomla! CMS 跨站脚本漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. Joomla! CMS has a cross-site scripting vulnerability, which stems from the lack of output escaping. This vulnerability may lead to cross-site scripting attacks in multilingual integrated components...

6.9CVSS5.6AI score0.00175EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

epa4all-client 信任管理问题漏洞

epa4all-client is an open-source document writing client tool developed by Oviva AG. Versions of epa4all-client prior to version 1.2.2 contained a vulnerability related to trust management. This vulnerability allowed attackers to present arbitrary TLS certificates on the network path and intercep...

8.1CVSS5.9AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.16 views

Dozzle 代码问题漏洞

Dozzle is a small, lightweight application developed by Amir Raminfar as an individual project. Versions of Dozzle prior to 10.5.2 had code vulnerabilities. These vulnerabilities stemmed from the fact that the POST /api/notifications/test-webhook endpoint was not authenticated during default...

8.6CVSS5.8AI score0.01491EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

GitLab MCP Server 安全漏洞

GitLab MCP Server is an open-source tool developed by yoda.digital that connects AI agents with GitLab repositories. Versions of GitLab MCP Server prior to 0.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication mechanisms at the HTTP transport laye...

9.2CVSS5.8AI score0.00392EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

LangChain 代码问题漏洞

LangChain is an open-source framework developed by LangChain for creating applications powered by large language models LLMs. Versions of LangChain prior to 0.3.85 and 1.3.3 contained code vulnerabilities. These vulnerabilities stemmed from the use of an overly broad object white-list for...

8.2CVSS5.9AI score0.00406EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

view_component 安全漏洞

viewcomponent is an open-source framework developed by ViewComponent, designed for building reusable and testable view components. There are security vulnerabilities in the viewcomponent version 3.0.0 to 4.9.0. These vulnerabilities stem from the fact that the preview routing does not verify...

6.5CVSS5.8AI score0.00343EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

mistune 跨站脚本漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune prior to 3.2.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from HTMLRenderer.heading, which directly inserted id attribute values into HTML tags without escaping...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the API controller, which only removed the superuser key from the permission array, potentially...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

GPAC 安全漏洞

GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC prior to 2.4.0 have security vulnerabilities. These vulnerabilities stem from improper handling of the cat parameter in the MediaGetSample function within the MP4Box component, which can lead to memory leaks...

5.5CVSS5.8AI score0.00161EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

teable 代码注入漏洞

Teable is an open-source online no-code database platform developed by Teable. Versions of Teable 1.9.x and earlier contained a code injection vulnerability. This vulnerability stemmed from an unknown feature in the Sign-up component’s file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx,...

5.3CVSS5.7AI score0.00282EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

GPAC 代码问题漏洞

GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC 2.4.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from improper handling of the MergeFragment function in the MP4Box component, which could lead to null pointer dereferencing...

4.8CVSS5.9AI score0.00115EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

OpenCTI 访问控制错误漏洞

OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions of OpenCTI prior to 6.9.7 contained a access control vulnerability. This vulnerability stemmed from incorrect Access Control Lists ACLs when users were editing relationship additions, potentially allowin...

7.2CVSS5.8AI score0.00316EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

algernon 安全漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.8 contained security vulnerabilities. These vulnerabilities stemmed from path traversal via the Host header when using the --domain option, potentially allowing arbitrary file reading, directory listing...

8.2CVSS6AI score0.00335EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

Bugsink 安全漏洞

Bugsink is an open-source, self-hosted bug tracking software developed by Bugsink. Versions of Bugsink prior to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the issue where batch operations did not require the submission of issue IDs belonging to the same project...

3.1CVSS5.8AI score0.00147EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

algernon 竞争条件问题漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.6 contained a race condition vulnerability. This vulnerability stemmed from the sync.RWMutex used in engine/luahandler.go to protect LoadCommonFunctions, which was released before L.Push and L.PCall...

8.2CVSS5.8AI score0.00182EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.54 views

algernon 路径遍历漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.6 contained a path traversal vulnerability. This vulnerability stemmed from the uploadedFileSaveIn function in lua/upload/upload.go, which used filepath.Join to concatenate the directory provided by the...

8.7CVSS5.8AI score0.00344EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov. It is built using multiple packet capture engines. Versions of FastNetMon prior to 1.2.9 contain security vulnerabilities, which stem from errors in handling extended length flags during the parsing of BGP path...

6.5CVSS5.8AI score0.00295EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

e107 安全漏洞

e107 is a set of open-source, free content management systems CMS developed by the E107 team, based on PHP and MySQL. This system supports various plugins and theme options, and can be used for personal blogs, discussion communities, archives, etc. Versions of e107 prior to 2.3.4 contained securi...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

e107 安全漏洞

e107 is a set of open-source, free content management systems CMS developed by the E107 team. It is built using PHP and MySQL. This system supports various plugins and theme options, making it suitable for use as a personal blog, discussion community, or archive database. Versions of e107 prior t...

8.1CVSS5.8AI score0.00297EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

libyang 安全漏洞

LibYang is an open-source YANG data modeling language parser and toolkit developed in C language by CESNET. Versions of LibYang prior to 5.2.6 contained security vulnerabilities. These vulnerabilities stemmed from a write vulnerability in the lyd parsersetdataflags function, which allowed attacke...

7.1CVSS6.2AI score0.00519EPSS
Exploits0References5
Total number of security vulnerabilities195539