InvoiceShelf 代码问题漏洞

InvoiceShelf is an open-source invoice and expense management application developed by InvoiceShelf. Versions of InvoiceShelf prior to 2.2.0 had code vulnerabilities. These vulnerabilities stemmed from uncleaned HTML provided by users in the payment receipt PDF generation module, which could lead...

SourceCodester RSS Feed Parser 代码问题漏洞

The SourceCodester RSS Feed Parser is an open-source rss feed parser developed by SourceCodester. Version 1.0 of the SourceCodester RSS Feed Parser has code vulnerabilities; these vulnerabilities stem from incorrect operations with the filegetcontents function, which may lead to server-side reque...

LoLLMs 代码问题漏洞

LoLLMs is a large language and multimodal system developed by Saifeddine ALOUI as an individual project. Versions of LoLLMs prior to 2.2.0 contained code vulnerabilities. These vulnerabilities stemmed from the API/export-content endpoint, which did not validate the URLs controlled by users,...

LocalGPT 代码问题漏洞

LocalGPT is a localized private document-based intelligent question-and-answer and analysis platform developed by PromptEngineer. LocalGPT has code issues and vulnerabilities; these vulnerabilities stem from incorrect operations on the doPOST function, resulting in unlimited uploads...

pyLoad 代码问题漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev97 contained code vulnerabilities. These vulnerabilities stemmed from the download engine accepting unverified arbitrary URLs, which could lead to server-side request forgeing attacks...

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the urlgetcontents function not revalidating the target when following HTTP redirection, which could...

Lychee 代码问题漏洞

Lychee is a beautiful and easy-to-use photo management system developed by The Lychee Organisation. It is used for managing and sharing photos. Versions of Lychee prior to 7.5.2 had code vulnerabilities that could be exploited through DNS redirection bypasses, allowing for server-side request...

Roadiz development monorepo 代码问题漏洞

The Roadiz Development Monorepo is an open-source content management system development kit developed by Roadiz. Versions of the Roadiz Development Monorepo prior to 2.7.9, 2.6.28, 2.5.44, and 2.3.42 contained code vulnerabilities. These vulnerabilities allowed authenticated attackers to read...

SANYO DENKI SANUPS SOFTWARE 代码问题漏洞

SANYO DENKI SANUPS SOFTWARE is a software developed by SANYO DENKI Corporation in Japan. It is used for monitoring UPS devices, managing their operation, and analyzing power supply status. SANYO DENKI SANUPS SOFTWARE has code vulnerabilities; these vulnerabilities stem from the Windows service fi...

NVIDIA Nemo Framework 代码问题漏洞

NVIDIA Nemo Framework is a framework developed by NVIDIA Corporation in the United States for building and deploying generative AI models. There are code-related vulnerabilities in the NVIDIA NeMo Framework, and attackers can exploit these vulnerabilities to trigger remote code execution...

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the downloadVideoFromDownloadURL function using the original file name and extension of the remote...

kargo 代码问题漏洞

Kargo is an open-source continuous delivery tool developed by Akuity. Versions of Kargo prior to 1.6.3, 1.7.8 and earlier, 1.8.11 and earlier, as well as 1.9.4 and earlier, have code vulnerabilities. These vulnerabilities stem from server-side request forgery during the HTTP and http-download...

easegen-admin 代码问题漏洞

easegen-admin is a digital human course creation platform developed by Taofagi. There are code issues and vulnerabilities in easegen-admin, which stem from incorrect handling of the parameter 'url' in the PPTUtil.java file. This could lead to server-side request forgery...

WordPress plugin Simple Blog Card 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Quill 代码问题漏洞

Quill is an open-source application developed by Quill. It provides an application editor function. Versions of Quill prior to 0.7.1 had code-related vulnerabilities. These vulnerabilities stemmed from the lack of validation of URL schemes and hosts when obtaining Apple, which could lead to...

SiYuan 代码问题漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.0 contained code vulnerabilities. These vulnerabilities stemmed from a lack of URL validation in the/api/network/forwardProxy endpoint. This allowed authenticated users to make...

Frappe 代码问题漏洞

Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. There are code-related vulnerabilities in versions prior to Frappe 14.100.1, 15.100.0, and 16.6.0. These vulnerabilities allow malicious requests to cause th...

OpenProject 代码问题漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.2.0 had code vulnerabilities. These vulnerabilities stemmed from SMTP test endpoints and Webhooks, which allowed any host and port value to be accepted, potentially leading to internal network...

Microsoft Graphics Component 代码问题漏洞

The Microsoft Graphics Component is a graphics driver component developed by Microsoft Corporation. There are code-related vulnerabilities in the Microsoft Graphics Component. Attackers can exploit these vulnerabilities to cause system denial-of-service attacks. The following products and version...

Microsoft Azure IoT Explorer 代码问题漏洞

Microsoft Azure IoT Explorer is a free and open-source desktop application developed by Microsoft Corporation. There are code-related vulnerabilities in Microsoft Azure IoT Explorer. Attackers exploit these vulnerabilities to carry out deceptive attacks...