322 matches found
datart 安全漏洞
datart is an open source data visualization open platform by running-elephant. A security vulnerability exists in datart version 1.0.0-rc.3, which stems from mishandling of configuration files and can lead to path traversal and remote code execution...
datart 安全漏洞
datart is an open source data visualization open platform by running-elephant. A security vulnerability exists in datart version 1.0.0-rc.3, which stems from the POST /viz/image interface not strictly validating filenames, which could lead to a directory traversal attack...
O2OA 安全漏洞
O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which originates from a cross-site scripting due to incorrect manipulation of the parameters name/alias/description in the file...
O2OA 安全漏洞
O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA version 10.0-410 and earlier, which originates from cross-site scripting due to incorrect manipulation of parameters in the file /xportalassembledesigner/jaxrs/widget...
O2OA 安全漏洞
O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which originates from a cross-site scripting due to the incorrect operation of the parameter name/alias/description in the file...
MeterSphere SQL注入漏洞
MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. A SQL injection vulnerability exists in MeterSphere versions prior to 3.6.5-lts, which stems from insufficient validation of the sortField parameter and could lead to SQL injection...
dify 安全漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions 1.1.0 through 1.1.2 of dify, which stems from an uncleaned code node input that could lead to the execution of arbitrary code...
CVE-2025-52487 DNN.PLATFORM possibly allows bypass of IP Filters
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP...
DNN.PLATFORM 安全漏洞
DNN.PLATFORM is an open source web content management platform CMS from DNN Open Source. A security vulnerability exists in DNN.PLATFORM versions prior to 10.0.1, which stems from a specially crafted request bypassing an IP filter design that could lead to unauthorized logins...
CVE-2025-49149 Dify has XSS vulnerability
Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting XSS attack when a user...
CVE-2025-49149 Dify has XSS vulnerability
Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting XSS attack when a user...
dify 跨站脚本漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A cross-site scripting vulnerability exists in dify version 1.2.0, which stems from insufficient user input filtering and could lead to cross-site scripting attacks...
CVE-2024-52008
Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API cal...
CVE-2024-52593
Misskey is an open source, federated social media platform.In affected versions missing validation in NoteCreateService.insertNote, ApPersonService.createPerson, and ApPersonService.updatePerson allows an attacker to control the target of any "origin" links such as the "view on remote instance"...
CVE-2024-52590
Misskey is an open source, federated social media platform. In affected versions missing validation in ApRequestService.signedGet allows an attacker to create fake user profiles that appear to be from a different instance than the one where they actually exist. These profiles can be used to...
CVE-2023-38706
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server...
CVE-2023-38494
MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue...
CVE-2022-41944
Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it...
CVE-2021-29602
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthwiseConv TFLite operator is vulnerable to a division by zero...
CVE-2021-37703
Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user's read state for a topic such as the last read post number and the notification level is exposed...