2489 matches found
wolfSSL 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. wolfSSL has a security vulnerability that stems from an integer underflow issue during the parsing of X.509 certificates, which may le...
LiteLLM 安全漏洞
LiteLLM is an open-source application developed by Berri AI. It allows for the invocation of all LLM APIs in the OpenAI format. Versions of LiteLLM dated before April 8, 2026, contain a security vulnerability. This vulnerability stems from the /guardrails/testcustomcode URI, which allows arbitrar...
PraisonAI 安全漏洞
PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication or signature verification for the /media-stream WebSocket endpoint, alo...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained security vulnerabilities. These vulnerabilities were due to a rate-limiting mechanism in the Webhook token verification process, which allowed bypasses and could le...
TP-Link Archer AX53 安全漏洞
The TP-Link Archer AX53 is a dual-core router produced by TP-Link Corporation. Prior versions of the TP-Link Archer AX53, including v1.0, 1.7.1 Build 20260213, contained security vulnerabilities. These vulnerabilities stemmed from the OpenVPN module’s ability to allow external control, which coul...
Unfurl 安全漏洞
Unfurl is a URL data extraction and visualization analysis tool developed by Ryan Benson. Versions of Unfurl prior to version 2026.04 contained security vulnerabilities. These vulnerabilities stemmed from an unlimited zlib decompression issue in the parsecompressed.py script. This could allow...
Hayabusa 跨站脚本漏洞
Hayabusa is an open-source Windows event log forensic and threat hunting tool developed by Yamato Security. Versions prior to Hayabusa 3.8.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from HTML report outputs that had the same cross-site scripting vulnerabilities,...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from improper limitation of work quantities during the chain construction process,...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the incorrect application of DNS constraints during certificate chain verification...
emmett 路径遍历漏洞
Emmett is a full-stack Python web framework developed by Emmett. Versions of Emmett from 2.5.0 to 2.8.1 had a path traversal vulnerability. This vulnerability stemmed from issues with the RSGI static processing program, allowing for the reading of files outside the asset directory...
Scoold 安全漏洞
Scoold is a team-based Q&A and knowledge-sharing platform developed by Erudika. Versions of Scoold prior to 1.66.2 contained security vulnerabilities. These vulnerabilities were due to authorization flaws, which could allow low-privilege users to override the permissions of other users...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from memory security issues...
LiteLLM 授权问题漏洞
LiteLLM is an open-source application developed by Berri AI. It allows for the invocation of all LLM APIs in the OpenAI format. Prior to version 1.83.0, LiteLLM had an authorization vulnerability. This vulnerability stemmed from the use of token:20 as a cache key when JWT authentication was...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of netlink policy validation, potentially leading to out-of-bound access...
Vim 操作系统命令注入漏洞
Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim prior to 9.2.0276 contained a vulnerability related to operating system command injection. This vulnerability stemmed from a model line sandbox bypass, allowing arbitrary operating system commands to be...
KADOS SQL注入漏洞
KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability; this flaw allows attackers to manipulate database queries...
Wikipedia 访问控制错误漏洞
Wikipedia is a multilingual online encyclopedia platform operated by the Wikipedia Corporation. Version 12.0 of Wikipedia has a security vulnerability related to access control. This vulnerability arises from the search function’s improper handling of excessively large inputs, which may allow...
prompts.chat 路径遍历漏洞
prompts.chat is an open-source AI prompt library developed by Fatih Kadir Akın. Previous versions of prompts.chat had a path traversal vulnerability; this vulnerability stemmed from path traversal in skill file processing. Attackers could write arbitrary files onto the client system through...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of null pointer checking in the inteldmcupdatedc6allowedcount function. This vulnerabili...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of holding the device lock during nandlock and nandunlock operations, potentially leadin...