Design/Logic Flaw

Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Design/Logic Flaw

Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Unauthorized Access Vulnerability in ZZCMS

zzcms is a building CMS that is biased for personal website building and corporate website building. An unauthorized access vulnerability exists in ZZCMS, which can be exploited by attackers to obtain sensitive information...

Denial of Service Vulnerability in Huawei Router WS5100

The WS5100 is a Huawei router. The Huawei router WS5100 has a denial of service vulnerability that can be exploited by attackers to cause a denial of service attack...

Extreme Office suffers from a memory corruption vulnerability (CNVD-2021-03417)

Extreme Office is an independently controlled office learning software developed by Beijing Haiteng Times Technology Co. A memory corruption vulnerability exists in Extreme Office. An attacker can exploit this vulnerability to cause the program to crash...

Hgiga MailSherlock SQL注入漏洞

HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. HGiga MailSherlock suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to inject and execute SQL commands in URL parameters...

Zammad 代码问题漏洞

Zammad is a Web-based open source helpdesk/customer support system. An information disclosure vulnerability exists in Zammad versions prior to 3.4.1. The vulnerability stems from the way Massenversand's implementation of the SMS configuration interface presents the results of test requests to the...

Binary Vulnerability in Micropoint Baihui Intelligent Defense Software Personal Edition

Micropoint Baihui Intelligent Defense Software Personal Edition is the third generation of anti-virus software. Micropoint Intelligent Defense Personal Edition has a binary vulnerability. An attacker can exploit this vulnerability to cause a system crash via a constructed program...

MediaWiki suffers from an unspecified vulnerability (CNVD-2021-38679)

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.1 and earlier...

Command execution vulnerability in Python dill module

Python is a cross-platform computer programming language. dill is an extension of the python serialization module pickle. A command execution vulnerability exists in the Python dill module. An attacker can exploit this vulnerability to gain server privileges...

Design/Logic Flaw

tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. However, this restriction is enforced in the browser client-side and can be circumvented. This allows an attacker to upload any file as an...

Binary Vulnerability in Rexchip Chip (CNVD-2020-75211)

With a R&D team specializing in system-on-chip design and algorithm research, Rexchip Microelectronics Corporation provides professional chip solutions for high-end intelligent hardware, cell phone peripherals, tablet PCs, TV set-top boxes, industrial control and other fields. A binary...

Google Android 信息泄露漏洞

Google Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA. Google Android Pixel has a security vulnerability. An attacker can exploit this vulnerability to obtain sensitive information...

QEMU msix_table_mmio_write() buffer overflow vulnerability

QEMU is a suite of analog processor software. A buffer overflow vulnerability exists in QEMU msixtablemmiowrite. An attacker could exploit the vulnerability to crash the QEMU process on the host, resulting in a denial of service...

Google Chrome Resource Management Error Vulnerability (CNVD-2021-04393)

Google Chrome is a web browser from Google, an American company. Google chrome suffers from a resource management error vulnerability that is caused by a use-after-free error in the Google Chrome Extensions component. A remote attacker could create a specially crafted web page, trick a victim int...

HCL Domino Login Cross-Site Request Forgery Vulnerability

HCL Domino is a suite of enterprise-class application development platforms from HCL India. HCL Domino has a security vulnerability. An attacker can exploit the vulnerability by tricking a user into accessing the system using another ID, or accessing the internal system from the internet using th...

Backup File Download Vulnerability in OTCMS

OTCMS Nettie CMS is an article-based web content management system CMS. OTCMS has a database backup file download vulnerability, which can be exploited by an attacker to obtain the database backup file by generating a logical error in the backup file name part...

Nextcloud Social app access control error vulnerability

Nextcloud Nextcloud Social app is a social application from Nextcloud Germany. An access control error vulnerability exists in version 0.3.1 of the Nextcloud Social app. The vulnerability is related to the control system of the affected version not properly handling user access requests. There is...

Arbitrary File Deletion Vulnerability in GetSimpleCMS

GetSimpleCMS is geared towards small business owners who can simply control their website content. An arbitrary file deletion vulnerability exists in GetSimpleCMS. An attacker can exploit this vulnerability to delete arbitrary files by constructing a malicious url request...

Null Pointer Reference Vulnerability in Microsoft ChakraCore

Microsoft ChakraCore is an open source ChakraJavaScript scripting engine used by Microsoft in the Edge browser, or as a stand-alone JavaScript engine. A null pointer reference vulnerability exists in Microsoft ChakraCore. An attacker could exploit this vulnerability to cause a software crash...