19501 matches found
PT-2026-45468
Name of the Vulnerable Software and Affected Versions CloudPirates Open Source Helm Charts versions prior to commit fcf9302 Description A GitHub Actions workflow named 'generate-schema.yaml' exposes sensitive credentials, specifically a Personal Access Token and an SSH signing key, to code...
Google Android 安全漏洞
Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from insufficient permission checks, potentially leading to local privilege escalation...
SourceCodester Pet Grooming Management Software 安全漏洞
SourceCodester Pet Grooming Management Software is an open-source pet grooming management system developed by SourceCodester. Version 1.0 of SourceCodester Pet Grooming Management Software contains a security vulnerability. This vulnerability arises from improper operations with files in the admi...
SourceCodester Pharmacy Sales and Inventory System 安全漏洞
SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Versions of the SourceCodester Pharmacy Sales and Inventory System prior to version 1.0 contained security vulnerabilities. These vulnerabilities were...
goclaw 授权问题漏洞
Goclaw is an open-source multi-tenant AI agent platform developed by Next Level Builder. Goclaw versions 3.11.3 and earlier have a vulnerability related to authorization. This vulnerability stems from improper authorization in the auth function within the internal/http/evolutionhandlers.go file,...
droidclaw 安全漏洞
Droidclaw is an open-source AI tool developed by Unitedby AI U/AI, which allows for control of Android phones through natural language commands. Droidclaw versions 0.5.3 and earlier contain security vulnerabilities. These vulnerabilities stem from an improper limit on the number of authentication...
Google Android 安全漏洞
Google Android is an open-source operating system based on Linux, developed by the American company Google. There are security vulnerabilities in Google Android, which stem from logical errors that may lead to the disclosure of local information...
CloakBrowser 路径遍历漏洞
CloakBrowser is an open-source browser tool developed by CloakHQ that bypasses robot detection. Versions of CloakBrowser prior to 0.3.28 contained a path traversal vulnerability. This vulnerability stemmed from the cloakserve CDP multiplexer directly using the user-provided fingerprint query...
Student-Management-System 安全漏洞
Student-Management-System is an open-source student information management system developed by Cyber-III. There is a security vulnerability in Student-Management-System, which stems from incorrect operations with the parameter uid in the admin/ file within the Admin Endpoint component. This...
Google Android 安全漏洞
Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from insufficient permission checks, potentially leading to local privilege escalation...
nanobot 代码问题漏洞
Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.2.1 contained code vulnerabilities. These vulnerabilities stemmed from issues with server-side request forgeing in the webFetch tool. This could allow remote attackers to access...
Google Android 安全漏洞
Google Android is an open-source operating system based on Linux, developed by the American company Google. There are security vulnerabilities in Google Android, which stem from permission bypasses, potentially leading to an increase in local privileges...
nanobot 安全漏洞
Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.2.1 contained a security vulnerability. This vulnerability stemmed from a denial-of-service issue in the media download processing routine of the Matrix channel. It could allow...
nanobot 代码问题漏洞
Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.2.1 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing issues in the Microsoft Teams channel processing program. This could allow...
CloudPirates Open Source Helm Charts 代码注入漏洞
CloudPirates Open Source Helm Charts is a collection of Helm Charts for cloud-native applications, developed by CloudPirates.io. Previous versions of CloudPirates Open Source Helm Charts had a code injection vulnerability. This vulnerability stemmed from GitHub Actions workflows exposing sensitiv...
FlexRIC 安全漏洞
FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. The FlexRIC v2.0.0 version contains a security vulnerability. This vulnerability arises from trusting the xappid field in the trust E42 message without binding it to the sender’s SCTP association. As a result, remote...
CVE-2026-10202 OFCMS JSON Query SystemDictController.java query sql injection
A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...
CVE-2026-10193 OFCMS ComnController ComnController.java query sql injection
A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sq...
School Student Management System 授权问题漏洞
School Student Management System is an open-source tool developed by Binary Brains for managing school student information. The School Student Management System has a vulnerability related to authorization. This vulnerability stems from the parameter email in the ajaxforgotpassword function of th...
Aider SQL注入漏洞
Aider is an open-source terminal AI pair programming tool developed by Aider AI. Version 0.86.3 of Aider contains a SQL injection vulnerability, which arises from the Code Generation Workflow component causing SQL injections. Attackers can launch attacks remotely due to this vulnerability...