Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a lack of null pointer checking in the l2capsockgetsndtimeocb function within the Bluetooth L2CAP...

5.8AI score0.00122EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

WordPress plugin Paid Videochat Turnkey Site 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

Lumiverse 操作系统命令注入漏洞

Lumiverse is a full-featured AI chat application suite developed by Prolix OCs’ individual developers. Versions of Lumiverse prior to 0.9.7 contained an operating system command injection vulnerability. This vulnerability stemmed from the Spindle extension’s build pipeline, which called bun insta...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

JeecgBoot 访问控制错误漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Versions of JeecgBoot 3.9.1 and earlier contained a security vulnerability related to access control. This vulnerability stemmed from incorrect operations with the parameter...

5.3CVSS5.8AI score0.00222EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Prometheus 跨站脚本漏洞

Prometheus is an open-source software developed in the Go language, used to create real-time metric databases built using the HTTP pull model. Versions of Prometheus from 2.49.0 to 3.5.3, as well as versions before 3.11.3, had a cross-site scripting vulnerability. This vulnerability stemmed from...

5.1CVSS5.7AI score0.00182EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.7 views

Velocity.js 安全漏洞

Velocity.js is a JavaScript implementation of the Apache Velocity template engine developed by Eward. Versions of Velocity.js 2.1.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from prototype pollution during the processing of set directives. Attackers could modif...

8.3CVSS6.2AI score0.00505EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

SharpCompress 路径遍历漏洞

SharpCompress is a pure C compression library developed by Adam Hathcock. It is compatible with.NET Standard 2.0, 2.1,.NET Core 3.1, and.NET 5.0. Versions of SharpCompress prior to 0.47.4 contained a path traversal vulnerability; this vulnerability stemmed from the IArchive.WriteToDirectory...

5.9CVSS5.9AI score0.00313EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

OpenTelemetry Collector Contrib 信任管理问题漏洞

OpenTelemetry Collector Contrib is an extensible telemetry data collection component library developed by OpenTelemetry - CNCF. Versions of OpenTelemetry Collector Contrib prior to 1.1.0 contained a trust management vulnerability. This vulnerability stemmed from the lack of validation of HTTPS/TL...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

Vanetza 安全漏洞

Vanetza is an open-source implementation of a vehicle communication protocol suite developed by Raphael Riebl. Versions of Vanetza prior to 26.02 contained a security vulnerability. This vulnerability occurred when processing malformed network packets in the ASN.1/OER parsing pipeline, where the...

7.5CVSS5.8AI score0.00184EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

JeecgBoot 访问控制错误漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contain an access control vulnerability. This vulnerability stems from improper handling of the LoginController.selectDepart function in the sys/...

7.5CVSS7.1AI score0.00291EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

JeecgBoot 访问控制错误漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contain an access control vulnerability caused by improper handling of unknown functions in the /sys/comment/add file. This vulnerability may lead t...

6.5CVSS6.6AI score0.00209EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

JeecgBoot 访问控制错误漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contained an access control vulnerability. This vulnerability stemmed from improper handling of the parameter userIdentity in the user.getUsername...

6.5CVSS6.6AI score0.00209EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

Oban Web 安全漏洞

Oban Web is an embedded real-time backend task monitoring dashboard developed under the Oban Framework. Versions 2.12.0 to 2.12.5 of Oban Web contained a security vulnerability. This vulnerability stemmed from the unlimited cron range expansion in the Elixir.Oban.Web.CronExpr module, which could...

5.9CVSS5.8AI score0.00341EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

MaxKB 代码问题漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.9.1 contained code vulnerabilities. These vulnerabilities stemmed from the work-flowtemplate import feature, where authenticated users could provide...

6.3CVSS6AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.16 views

mistune 跨站脚本漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune 3.2.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the renderfigure function in src/mistune/directives/image.py, which directly concatenated the...

6.1CVSS5.7AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

mistune 跨站脚本漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune prior to 3.2.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of Python format strings to insert id and text values into tags without proper HTML escapin...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

view_component 安全漏洞

viewcomponent is an open-source framework developed by ViewComponent, designed for building reusable and testable view components. There are security vulnerabilities in the viewcomponent version 3.0.0 to 4.9.0. These vulnerabilities arise from the system’s testing entry point using File.realpath ...

5.9CVSS5.8AI score0.00412EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

mistune 跨站脚本漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune prior to 3.2.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the mathematical plugin not properly escaping HTML when rendering inline and block-level mathematic...

6.1CVSS5.7AI score0.00228EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

MaxKB 代码问题漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.0 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing bypass vulnerability in the OSS file service URL...

5.1CVSS5.9AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

Snipe-IT 输入验证错误漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the unauthorized storage of HTTP Referer headers in session variables,...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

ThingsBoard 代码注入漏洞

ThingsBoard is a Java-based platform developed by the ThingsBoard team, used for monitoring, managing, and data collection of IoT devices. Versions of ThingsBoard 4.3.1.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper handling of the...

5.1CVSS6.1AI score0.00219EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

FastNetMon 缓冲区错误漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov, based on multiple packet capture engines. Versions of FastNetMon prior to 1.2.9 contained a buffer error vulnerability, which stems from boundary-checking errors in the dynamicbinarybuffert class, potentially leadi...

9.8CVSS6.1AI score0.00677EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

kavita 安全漏洞

Kavita is a fast and feature-rich cross-platform reading server developed by Kavita OpenSource. Versions of Kavita prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of library-level authorization for download, size checking, and chapter metadata...

5.9CVSS5.8AI score0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

Chatwoot 授权问题漏洞

Chatwoot is an open-source application developed by Chatwoot itself. It serves as an alternative to proprietary solutions such as customer engagement suites, intercom systems, Zendesk, and Salesforce service clouds. In versions of Chatwoot from 2.14.0 to 4.13.0, there was a vulnerability related ...

6.8CVSS5.8AI score0.00344EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

Chatwoot SQL注入漏洞

Chatwoot is an open-source application developed by Chatwoot itself. It serves as an alternative to proprietary solutions such as customer engagement suites, intercom systems, Zendesk, and Salesforce service clouds. Versions of Chatwoot from 2.2.0 to 4.11.2 contained a SQL injection vulnerability...

8.5CVSS5.9AI score0.00227EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

Magic Wormhole 路径遍历漏洞

Magic Wormhole is an open-source, secure cross-computer file transfer tool. Versions of Magic Wormhole prior to 0.24.0 contained a path traversal vulnerability, which was due to the possibility of path traversal when the recipient specified an output directory...

3.5CVSS5.8AI score0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

Faction 访问控制错误漏洞

Faction is an open-source report generation and evaluation framework developed by Faction Security. Versions of Faction prior to 1.8.3 contained a access control vulnerability. This vulnerability stemmed from AccessControlInterceptor unconditionally calling invocation.invoke without checking vali...

9.8CVSS5.8AI score0.00364EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov. It is based on multiple packet capture engines. Versions of FastNetMon Community Edition prior to 1.2.9 contained a security vulnerability caused by integer overflow during the allocation of packet capture buffers,...

7.1CVSS5.8AI score0.00116EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov, based on multiple packet capture engines. Versions of FastNetMon prior to 1.2.9 contain a security vulnerability caused by the uint8t type being used for the length field in the BGP ASPATH attribute encoding, which...

9.8CVSS6.1AI score0.00308EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

algernon 安全漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.7 contained a security vulnerability. This vulnerability stemmed from the hardcoded wildcard in the Access-Control-Allow-Origin header of the SSE event server, which could allow any third-party page to...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

Traccar 安全漏洞

Traccar is a Java-based website building system provided by the American company Traccar. This software supports over 170 GPS protocols and over 1,500 types of GPS tracking devices. Traccar can be used alongside any major SQL database systems. It also offers a user-friendly REST API. Prior to...

5.3CVSS5.9AI score0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov, based on multiple packet capture engines. Versions of FastNetMon prior to 1.2.9 contain security vulnerabilities. These vulnerabilities stem from range resolution loops and field loop cycles in the NetFlow v9 optio...

6.5CVSS5.8AI score0.00264EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

e107 安全漏洞

e107 is a set of open-source, free content management systems CMS developed by the E107 team. It is built using PHP and MySQL. This system supports various plugins and theme options, and can be used for personal blogs, discussion communities, archives, etc. Versions of e107 prior to 2.3.4 contain...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

Apache Flink Kubernetes Operator 安全漏洞

Apache Flink Kubernetes Operator is an operations component for Flink clusters developed by the Apache Foundation. Versions of Apache Flink Kubernetes Operator from 1.3.0 to 1.15.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation of the jarURI in...

6.5CVSS5.8AI score0.0049EPSS
Exploits3References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.17 views

luci-app-https-dns-proxy 命令注入漏洞

Luci-app-https-dns-proxy is an OpenWrt DNS-over-HTTPS proxy with a web management interface, developed by Stan Grishin. Versions of Luci-app-https-dns-proxy dated back to December 29, 2025, and earlier have a command injection vulnerability. This vulnerability stems from command injection in the...

8.8CVSS6.1AI score0.06582EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

karakeep 安全漏洞

Karakeep is an open-source bookmarking app developed by Karakeep App. Versions of Karakeep prior to 0.32.0 contained security vulnerabilities. These vulnerabilities stemmed from a SSRF protection that could be bypassed by carefully crafted HTTP redirection chains. Authentication users could enabl...

7.6CVSS5.8AI score0.003EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

vLLM 安全漏洞

vLLM is an open-source solution designed for LLM-based models, featuring high throughput and efficient memory usage for reasoning and services. Version vLLM 0.19.0 contains a security vulnerability. This vulnerability stems from unknown handling operations in the OpenAI-compatible Serving Path...

6.9CVSS6AI score0.00427EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

@koa/router 安全漏洞

@koa/router is a routing middleware developed by Koa.js. Versions from 14.0.0 to 15.0.0 of @koa/router had a security vulnerability. This vulnerability occurred when the router prefix contained path parameters, causing the middleware to silently discard requests, which could lead to access contro...

7.3CVSS5.8AI score0.0036EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

GNU LibreDWG 安全漏洞

GNU LibreDWG is a C-language library from the GNU community in the United States that is used for processing DWG files. Versions of GNU LibreDWG prior to 0.14 contained security vulnerabilities. These vulnerabilities were caused by improper handling of the read2004compressedsection function in th...

4.8CVSS5.8AI score0.00143EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

archive-tar-new 安全漏洞

archive-tar-new is a Perl module developed by Jos Boumans, used for creating and manipulating tar files in memory. Versions of archive-tar-new prior to version 3.10 contained security vulnerabilities. These vulnerabilities stemmed from the readtar function, which did not set an upper limit when...

7.5CVSS5.9AI score0.00437EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Bitsery 安全漏洞

Bitsery is a C++ binary serialization library developed by Mindaugas Vinkelis. Versions of Bitsery 5.2.4 and earlier contained a security vulnerability. This vulnerability stemmed from improper validation of specified input types in the loadFromSharedState function within the...

7.5CVSS7.2AI score0.00401EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

Mojolicious::Plugin::Statsd 安全漏洞

Mojolicious::Plugin::Statsd is a plugin developed by Robert Rothenberg, designed to send application metrics to Statsd. Versions of Mojolicious::Plugin::Statsd 0.04 and earlier contain security vulnerabilities. These vulnerabilities arise from the lack of checks for line breaks, colons, or pipes ...

5.3CVSS5.8AI score0.00326EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

Dozzle 访问控制错误漏洞

Dozzle is a small, lightweight application developed by Amir Raminfar as an individual project. Versions of Dozzle prior to 10.5.2 contained an access control vulnerability. This vulnerability stemmed from the WebSocket upgrade mechanism used by the /exec and /attach endpoints, which accepted...

9.6CVSS5.7AI score0.00195EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

epa4all-client 信任管理问题漏洞

epa4all-client is an open-source document writing client tool developed by Oviva AG. Versions of epa4all-client prior to 1.2.1 contained a trust management vulnerability. This vulnerability stemmed from the ECDSA signature verification in SignedPublicKeysTrustValidatorImpl.isTrusted, where the...

8.1CVSS5.8AI score0.00121EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Oban Web 安全漏洞

Oban Web is an embedded real-time backend task monitoring dashboard developed under the Oban Framework open source project. Versions of Oban Web from 2.12.0 to 2.12.5 contained a security vulnerability. This vulnerability originated from the Elixir.Oban.Web.Jobs.DetailComponent module, where the...

5.3CVSS5.8AI score0.0041EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.9.1 contained a security vulnerability. This vulnerability stemmed from the use of unaltered MD5 hash storage for user passwords, which could make the...

6.9CVSS5.8AI score0.00083EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

MaxKB 访问控制错误漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Prior to MaxKB 2.9.0, there was an access control vulnerability. This vulnerability stemmed from the Webhook trigger endpoint/api/trigger/v1/webhook/triggerid, which allowed access...

7.5CVSS5.9AI score0.00271EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

smallbitvec 输入验证错误漏洞

smallbitvec is a small bit vector implemented as an inline or heap storage mechanism by Servo Open Source. In versions 1.0.1 to 2.6.0 of smallbitvec, there was a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows in internal capacity calculations,...

7.3CVSS5.9AI score0.00151EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.16 views

eml_parser 安全漏洞

EmlParser is an open-source Python library for parsing email files, developed by GOVCERT.LU. Versions of EmlParser prior to 3.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of EmlParser.getrawbodytext, which performed unrestricted recursive processing on nested...

6.3CVSS5.8AI score0.00395EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from access control flaws in the API for retrieving OSS file service URLs, which...

5.3CVSS5.9AI score0.00207EPSS
Exploits0References1
Total number of security vulnerabilities195539