19417 matches found
Google Android 安全漏洞
Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from insufficient permission checks, potentially leading to local privilege escalation...
nanobot 安全漏洞
Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.2.1 contained a security vulnerability. This vulnerability stemmed from a denial-of-service issue in the media download processing routine of the Matrix channel. It could allow...
nanobot 代码问题漏洞
Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.2.1 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing issues in the Microsoft Teams channel processing program. This could allow...
droidclaw 安全漏洞
Droidclaw is an open-source AI tool developed by Unitedby AI U/AI, which allows for control of Android phones through natural language commands. Droidclaw versions 0.5.3 and earlier contain security vulnerabilities. These vulnerabilities stem from an improper limit on the number of authentication...
Google Android 安全漏洞
Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from insufficient permission checks, potentially leading to local privilege escalation...
PT-2026-45523
Name of the Vulnerable Software and Affected Versions Nextcloud versions 6.1.0 through 8.2.1 Description An attacker can craft malicious links that redirect users to an external website when the victim attempts to log in using OpenID Connect OIDC, a protocol used for authentication. Recommendatio...
CVE-2026-10202 OFCMS JSON Query SystemDictController.java query sql injection
A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...
CVE-2026-10193 OFCMS ComnController ComnController.java query sql injection
A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sq...
School Student Management System 授权问题漏洞
School Student Management System is an open-source tool developed by Binary Brains for managing school student information. The School Student Management System has a vulnerability related to authorization. This vulnerability stems from the parameter email in the ajaxforgotpassword function of th...
Aider SQL注入漏洞
Aider is an open-source terminal AI pair programming tool developed by Aider AI. Version 0.86.3 of Aider contains a SQL injection vulnerability, which arises from the Code Generation Workflow component causing SQL injections. Attackers can launch attacks remotely due to this vulnerability...
MAL-2026-5097 Malicious code in cms-storehub (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dda5fa0b4771a3299568c8dd8d17d5663d9c8ae782b8c71f4a2baf0ce1f8e5ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2018-25411 MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php
MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...
[SECURITY] Fedora 43 Update: djvulibre-3.5.30-1.fc43
DjVu is a web-centric format and software platform for distributing documents and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for distributing scanned documents, digital documents, or high-resolution picture s. DjVu content downloads faster, displays and renders faster,...
Student-Management-System SQL注入漏洞
Student-Management-System is an open-source student information management system developed by Cyber-III. Version 1.0 of Student-Management-System has a SQL injection vulnerability; this vulnerability stems from the email parameter on the login page, which may lead to remote attacks...
Yamcs security vulnerabilities
Yamcs is an open-source software framework developed by Yamcs. It is used for commanding and controlling spacecraft, satellites, payloads, ground stations, and ground equipment. YAMCS has a security vulnerability that stems from the lack of rate limits...
Notepad++ security vulnerabilities
Notepad++ is an open-source plain-text editor developed by Don Ho of Taiwan, China. Notepad++ has security vulnerabilities, and attackers can exploit these vulnerabilities to execute arbitrary code...
Yamcs security vulnerabilities
Yamcs is an open-source software framework developed by Yamcs. It is used for commanding and controlling spacecraft, satellites, payloads, ground stations, and ground equipment. Yamcs has a security vulnerability that stems from allowing enumeration of users...
PT-2026-45111
MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...
Yamcs security vulnerabilities
Yamcs is an open-source software framework developed by Yamcs. It is used for commanding and controlling spacecraft, satellites, payloads, ground stations, and ground equipment. There are security vulnerabilities in YAMCS, and attackers can exploit these vulnerabilities to perform LDAP injection...
EUVD-2018-21926
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticketid parameter. Attackers can send GET requests to addfacnote.php with crafted SQL payloads to extract sensitive...