Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

MaxKB 访问控制错误漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Prior to MaxKB 2.9.0, there was an access control vulnerability. This vulnerability stemmed from the Webhook trigger endpoint/api/trigger/v1/webhook/triggerid, which allowed access...

7.5CVSS5.9AI score0.00271EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

smallbitvec 输入验证错误漏洞

smallbitvec is a small bit vector implemented as an inline or heap storage mechanism by Servo Open Source. In versions 1.0.1 to 2.6.0 of smallbitvec, there was a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows in internal capacity calculations,...

7.3CVSS5.9AI score0.00151EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.16 views

eml_parser 安全漏洞

EmlParser is an open-source Python library for parsing email files, developed by GOVCERT.LU. Versions of EmlParser prior to 3.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of EmlParser.getrawbodytext, which performed unrestricted recursive processing on nested...

6.3CVSS5.8AI score0.00395EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from access control flaws in the API for retrieving OSS file service URLs, which...

5.3CVSS5.9AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

Snipe-IT 跨站脚本漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from unescaped notes columns, which could lead to cross-site scripting attacks...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov, based on multiple packet capture engines. The FastNetMon Community Edition 1.2.9 and earlier versions have security vulnerabilities, which stem from buffer overflow exploits...

6.2CVSS6AI score0.00124EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov, based on multiple packet capture engines. Versions of FastNetMon prior to 1.2.9 contain security vulnerabilities. These vulnerabilities stem from the lack of validation or cleaning of IP address variables in the...

8.1CVSS5.8AI score0.00234EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

kavita 安全漏洞

Kavita is a fast and feature-rich cross-platform reading server developed by Kavita OpenSource. Versions of Kavita prior to 0.9.0.2 contained security vulnerabilities. These vulnerabilities stemmed from improper token verification, which could allow remote unauthenticated attackers to obtain user...

9.3CVSS5.8AI score0.00171EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov. It is built using multiple packet capture engines. Versions of FastNetMon Community Edition 1.2.9 and earlier contained a security vulnerability. This vulnerability stemmed from the log function in the MikroTik...

8.1CVSS5.8AI score0.0107EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

kavita 访问控制错误漏洞

Kavita is a fast and feature-rich cross-platform reading server developed by Kavita OpenSource. Versions of Kavita prior to 0.9.0 contained an access control vulnerability. This vulnerability stemmed from the ReaderController.GetImage endpoint, which allowed completely unauthenticated access,...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

Faction 安全漏洞

Faction is an open-source report generation and evaluation framework developed by Faction Security. Versions of Faction prior to 1.8.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of output encoding for attachment file names during the evaluation file preview...

8.7CVSS5.7AI score0.00211EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

Cashu NUTs 数据伪造问题漏洞

Cashu NUTs is an open-source protocol specification developed by Cashu. Versions prior to Cashu NUTs 6.2.3 and 5.4.31 contained a data manipulation vulnerability. This vulnerability stemmed from the fact that access tokens accepted endpoints in v1 allowed JWTs signed with any key, without verifyi...

4.4CVSS5.7AI score0.00076EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

mistune 跨站脚本漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune prior to 3.2.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Image directive plugin using regular expressions that only matched prefixes to validate the wid...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

WorkClaw 操作系统命令注入漏洞

WorkClaw is a desktop AI employee team collaboration tool developed by haojing8312. Versions of WorkClaw prior to 0.6.4 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the isdangerous function in the Blacklist Handler...

6.5CVSS6.6AI score0.0105EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov, based on multiple packet capture engines. Versions of FastNetMon prior to 1.2.9 contain security vulnerabilities; these vulnerabilities stem from the lack of verification of TLS certificates, allowing HTTPS...

7.4CVSS5.8AI score0.00164EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov. It is built using multiple packet capture engines. Versions of FastNetMon Community Edition prior to 1.2.9 contained security vulnerabilities. These vulnerabilities stemmed from the use of predictable file paths an...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

Bugsink 安全漏洞

Bugsink is an open-source, self-hosted bug tracking software developed by Bugsink. Versions of Bugsink prior to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the event pages did not require events to be issues within URLs, which could allow authenticat...

3.1CVSS5.8AI score0.00154EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

algernon 安全漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.7 contained security vulnerabilities. These vulnerabilities stemmed from the SSE event server being bound to 0.0.0.0:5553 by default, which could allow unauthorized network access...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a lack of null pointer checking in the l2capsocknewconnectioncb function within the Bluetooth L2CAP...

5.8AI score0.00123EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

algernon 安全漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.7 contained security vulnerabilities. These vulnerabilities stemmed from the forced activation of debugging mode in single-file mode, allowing the leakage of the file’s absolute path and complete byte...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

vowpal_wabbit 安全漏洞

vowpalwabbit is an open-source fast online machine learning system developed by Vowpal Wabbit. There is a security vulnerability in vowpalwabbit, which stems from directly embedding PR titles into bash strings within the workflow. This could lead to arbitrary command execution...

9.9CVSS5.9AI score0.00469EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

MikroORM SQL注入漏洞

MikroORM is an open-source framework from MikroORM that supports type-safe object-relational mapping for multiple databases. MikroORM has a SQL injection vulnerability; this vulnerability arises from improper escaping of identifiers and JSON path injections, which may lead to SQL injections...

7.6CVSS5.8AI score0.01252EPSS
Exploits2References6
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

Twenty 跨站脚本漏洞

Twenty is an open-source CRM platform developed by Twenty. Versions of Twenty 1.18.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of setting response headers such as Content-Type for file service endpoints, which could lead to session...

8.7CVSS5.7AI score0.00258EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov, based on multiple packet capture engines. Versions of FastNetMon prior to 1.2.9 contain security vulnerabilities; these vulnerabilities stem from the lack of boundary checks in the BGP MPREACHNLRI IPv6 attribute...

7.5CVSS5.8AI score0.00283EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov, based on multiple packet capture engines. Versions of FastNetMon prior to 1.2.9 contain security vulnerabilities. These vulnerabilities stem from the log function in the Juniper router integration plugin, which doe...

9.8CVSS5.8AI score0.01645EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov, based on multiple packet capture engines. Versions of FastNetMon prior to 1.2.9 contain security vulnerabilities. These vulnerabilities stem from a lack of boundary checks in the Data template branch of the NetFlow...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov. It is built using multiple packet capture engines. Versions of FastNetMon Community Edition 1.2.9 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of prefix bit length...

9.8CVSS6.1AI score0.00565EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

DocSpace 安全漏洞

DocSpace is an open-source document collaboration and sharing platform developed by ONLYOFFICE. Versions of DocSpace prior to 3.2.1 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references, which could allow users with low privileges to access...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

gitoxide 安全漏洞

GitOxide is a Git implementation written in Rust by Sebastian Thiel. Versions of GitOxide prior to 0.82.0 contained a security vulnerability, which stemmed from improper validation of the update field in.gitmodules. This vulnerability could allow attackers to bypass the...

8.5CVSS6AI score0.00351EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

SQUIRREL 安全漏洞

SQUIRREL is a programming language developed by Alberto Demichelis. It is the stable version of SQUIRREL 3.2. Versions of SQUIRREL 3.2 and earlier had security vulnerabilities. These vulnerabilities were caused by improper handling of the ReadObject function in the Cnut File Handler component,...

5.3CVSS6.3AI score0.0017EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

GNU LibreDWG 代码问题漏洞

GNU LibreDWG is a C-language library from the GNU community in the United States that is used for processing DWG files. Versions of GNU LibreDWG prior to 0.14 contained code vulnerabilities. These vulnerabilities stemmed from improper handling of the matchBLOCKHEADER function in the dwggrep.c fil...

4.8CVSS5.9AI score0.00143EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

Joomla! CMS 跨站脚本漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. Joomla! CMS has a cross-site scripting vulnerability, which stems from the lack of output escaping. This vulnerability may lead to cross-site scripting attacks within the feed module...

6.9CVSS5.6AI score0.00175EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

CODESYS多款产品 安全漏洞

CODESYS Control and others are products of the German company CODESYS. CODESYS Control is a set of industrial control programming software. CODESYS is an industrial control automation software. CODESYS HMI is a visualization software. Several CODESYS products have security vulnerabilities. These...

8.7CVSS5.9AI score0.00445EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

Crypt::ScryptKDF 安全漏洞

Crypt::ScryptKDF is a Perl cryptography module developed by MIK’s individual developers. It supports Scrypt-based key derivation and cryptographic hash processing functions. Versions of Crypt::ScryptKDF prior to 0.010 contained security vulnerabilities, which stemmed from the use of insecure rand...

4.8CVSS5.8AI score0.00222EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

epa4all-client 数据伪造问题漏洞

epa4all-client is an open-source document writing client tool developed by Oviva AG. Versions of epa4all-client prior to version 1.2.2 contained a data manipulation vulnerability. This vulnerability arises from the possibility for a man-in-the-middle attacker to replace the discovered documents...

7.4CVSS5.7AI score0.00118EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.8 views

pacote 安全漏洞

pacote is a npm open-source tool that retrieves package lists and compressed packages from the npm repository. Version pacote 11.2.7 has a security vulnerability. This vulnerability stems from the addGitSha function, which may lead to a denial-of-service attack. Attackers can trigger this functio...

8.7CVSS5.7AI score0.00346EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

Perl 安全漏洞

Perl is a general-purpose, interpreted, dynamic, cross-platform programming language from the Perl community. Versions of Perl 5.43.10 and earlier contain security vulnerabilities. These vulnerabilities stem from a heap buffer overflow vulnerability that occurs when compiling regular expressions...

9.8CVSS6AI score0.00398EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. GnuTLS libgnutls has a security vulnerability that stems from the transmission of extremely short pre-master keys during RSA key exchanges. This...

8.2CVSS5.9AI score0.00727EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

Pear Archive_Tar 安全漏洞

Pear ArchiveTar is a PHP-based software developed by the PEAR team that allows for creating and extracting tar packages. Prior to version 3.08, Pear ArchiveTar had a security vulnerability. This vulnerability stemmed from the makespecialfile function, which passed the linkname of the tar header t...

9.1CVSS5.8AI score0.0043EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. There is a security vulnerability in gnutls. This vulnerability arises from the fact that using an excessively long subject alternative name during...

8.2CVSS5.8AI score0.00423EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Pear Archive_Tar 安全漏洞

Pear ArchiveTar is a PHP-based software developed by the PEAR team that allows for creating and extracting tar packages. Prior to version 3.08, Pear ArchiveTar had a security vulnerability. This vulnerability stemmed from the makespecialfile function, which passed the linkname of the tar header t...

9.1CVSS5.8AI score0.0043EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

Samba 操作系统命令注入漏洞

Samba is an open-source suite of standard Windows interoperability programs for Linux and Unix systems. Samba has a vulnerability related to operating system command injection, which arises from the lack of escaping shell metacharacters when passing client-controlled job description strings to...

9.8CVSS6.2AI score0.12797EPSS
Exploits9References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

WordPress plugin Tiktok Feed 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

Twenty 安全漏洞

Twenty is an open-source CRM platform developed by Twenty. Versions 1.7.7 to 1.16.7 of Twenty contain security vulnerabilities. These vulnerabilities stem from SQL injection attacks via uncleaned timeZone parameters and PostgreSQL COPY TO PROGRAM attacks, which may allow authenticated users to...

9.9CVSS6.1AI score0.00483EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty 环境问题漏洞

IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty are web server integration plugins developed by IBM. Versions 8.5 and 9.0 of these plugins contain environmental issues, which stem from vulnerabilities that can be exploited by HTTP request payload attacks...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

banks 安全漏洞

“banks” is a template language tool developed by Massimiliano Pippi as an individual tool for generating LLM prompts. Versions of “banks” prior to 2.4.2 contained security vulnerabilities. These vulnerabilities stemmed from the use of unshaded jinja2.Environment for rendering prompt templates. Wh...

7.5CVSS6.1AI score0.00539EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

e107 跨站请求伪造漏洞

e107 is a set of open-source, free content management systems CMS developed by the E107 team, based on PHP and MySQL. This system supports various plugins and theme options, and can be used for personal blogs, discussion communities, archives, etc. Versions of e107 prior to 2.3.5 had a cross-site...

6.5CVSS5.7AI score0.00133EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Code-Projects Project Management System SQL注入漏洞

Code-Projects Project Management System is an open-source project management system developed by Code-Projects. Version 1.0 of the Code-Projects Project Management System contains a SQL injection vulnerability. This vulnerability stems from incorrect operations in the chk.php file of the Login...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

SB Admin SQL注入漏洞

SB Admin is a Bootstrap based open source admin backend template by Yash Pokharna individual developer. SB Admin suffers from a SQL injection vulnerability that stems from the operation of the parameter User in the file /success.php, which could lead to SQL injection...

7.5CVSS7.2AI score0.00319EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.7 views

KLiK SocialMediaWebsite 安全漏洞

KLiK SocialMediaWebsite is a simple PHP-based social media website by the individual developer Muhammad Saad. A security vulnerability exists in KLiK SocialMediaWebsite version 1.0, which originates in the HTTP POST Request Parameter Handler component and could lead to injection...

7.5CVSS7.2AI score0.00304EPSS
Exploits0References4
Total number of security vulnerabilities195539