1680 matches found
Design/Logic Flaw
Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Use-After-Free
chromium is vulnerable to use-after-free. The vulnerability will allow an attacker to exploit a heap corruption via a crafted HTML page by convincing an user to install a malicious extension...
PT-2022-21608 · Hicos · Hicos
Name of the Vulnerable Software and Affected Versions: HiCOS client-side citizen digital certificate component affected versions not specified Description: The issue is a stack-based buffer overflow vulnerability in the client-side citizen digital certificate component when reading an IC card, du...
Devolutions Server 安全漏洞
Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server versions prior to 2022.2 that stems from incorrect privilege management. An attacker could exploit the...
outline 跨站脚本漏洞
outline is an American outline open source used to provide the fastest wiki and knowledge base for growing teams . A cross-site scripting vulnerability exists in versions prior to outline v0.64.4. An attacker could exploit this vulnerability to conduct cross-site scripting attacks...
django: Denial-of-service possibility in UserAttributeSimilarityValidator
A resource-consumption flaw was found in django's UserAttributeSimilarityValidator, where it incurred significant overhead evaluating any submitted password that was artificially large relative to comparison values. A network attacker could exploit this flaw to cause a denial of service...
Microsoft Edge 安全漏洞
An elevation of privilege vulnerability exists in Microsoft Edge Chromium-based, a Web browser that ships with post-Windows 10 versions of Microsoft Corporation USA. The vulnerability stems from a failure to properly program a call to a high-level native procedure. An attacker could exploit this...
validate-data 安全漏洞
validate-data is a NodeJs backend library by Anoop P R Individual Developer. It is used to validate data according to the provided rules. A denial of service vulnerability exists in validate-data version v0.1.1, which stems from not properly handling incoming error messages and can be exploited b...
Adobe InCopy Out-of-Bounds Write Vulnerability (CNVD-2022-50230)
Adobe InCopy is a text editing software for creative writing from Adobe, USA. Adobe InCopy suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
AgileBits 1Password 安全漏洞
AgileBits 1Password is a cross-platform account password management tool from AgileBits Canada. A security vulnerability exists in AgileBits 1Password. An attacker exploited the vulnerability to convince the 1Password application to communicate with the 1Password service...
Delight Nashorn Sandbox 安全漏洞
Delight Nashorn Sandbox is a sandbox for executing JavaScript in Java using Nashorn from Java Delight A denial of service vulnerability exists in Delight Nashorn Sandbox version 0.2.0, which stems from a weak expression that can be exploited and can be used by an attacker to The vulnerability lea...
Server side request forgery (ssrf)
The AppCheck research team identified a Server-Side Request Forgery SSRF vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In...
The vulnerability of the Vim text editor, caused by uncontrolled recursion, allows a hacker to trigger a service failure.
The vulnerability of the Vim text editor arises from uncontrolled recursion. Exploiting this vulnerability can allow an attacker to cause a service failure...
Google Chrome PDF Security Feature Issue Vulnerability
Google Chrome is a web browser from Google, an American company. A security signature issue vulnerability exists in versions of Google Chrome prior to 102.0.5005.61, which stems from a faulty implementation of PDF. An attacker could exploit the vulnerability to gain access to sensitive informatio...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-44209)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in Google TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, which stems from the presence of a non-numeric...
WordPress Call Now Buttons plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress Call Now Buttons plugin prior ...
Cybozu Garoon 输入验证错误漏洞
Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. An input validation error vulnerability exists in Cybozu Garoon, which stems from insufficient user-supplied inpu...
Jenkins discloses project names via fingerprints
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request...
Bus Pass Management System Insecure Direct Object Reference Vulnerability
Bus Pass Management System is a bus pass management system. version 1.0 of Bus Pass Management System is vulnerable to an insecure direct object reference vulnerability that stems from the viewid parameter failing to check user permissions on all target object accesses. An attacker could exploit...
Simple Social Networking Site 安全漏洞
Simple Social Networking Site is a social networking site. Simple Social Networking Site has a security vulnerability that can be exploited by an attacker to delete arbitrary files...