Jspxcms Cross-Site Scripting Vulnerability

Blue Intelligence Technology Jspxcms is a scalable enterprise-level open source web content management system CMS from China's Blue Intelligence Technology Company. A cross-site scripting vulnerability exists in Jspxcms version 10.2.0. An attacker can exploit this vulnerability to perform...

LedgerSMB Cross-Site Request Forgery Vulnerability

LedgerSMB is a free web-based double-entry bookkeeping system with quoting, ordering, invoicing, projects, time cards, inventory management, shipping and more. A security vulnerability exists in LedgerSMB. An attacker can escalate privileges by exploiting the vulnerability...

Rockwell Automation ControlLogix and GuardLogix Denial of Service Vulnerability

Rockwell Automation ControlLogix and GuardLogix are both Rockwell Automation controllers. A denial of service vulnerability exists in Rockwell Automation ControlLogix and GuardLogix, which can be exploited by an attacker to cause a denial of service condition by sending a specially crafted reques...

CVE-2023-2439

The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

BuildKit 代码问题漏洞

BuildKit is a concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit. A code issue vulnerability exists in BuildKit. An attacker could exploit this vulnerability to cause the BuildKit daemon to crash due to panic...

Linux kernel denial of service vulnerability (CNVD-2024-30379)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in Linux kernel version 6.7.1 and prior versions, which is caused by use after release in cecqueuemsgfh. A local attacker could exploit...

Google Chrome Security Bypass Vulnerability (CNVD-2024-10242)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome version 121.0.6167.85 and prior versions due to an improper implementation in the Extensions API. An attacker can exploit the vulnerability to bypass security restrictions...

Google Chrome Security Bypass Vulnerability (CNVD-2024-10262)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome version 121.0.6167.85 and earlier versions, which stems from an insufficient policy enforcement issue in the DevTools module. An attacker can exploit this vulnerability to bypa...

Microsoft Edge 安全漏洞

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A spoofing vulnerability exists in Microsoft Edge Chromium-based. An attacker could exploit this vulnerability to conduct spoofing attacks...

Technicolor TC8715D Security Vulnerability

The Technicolor TC8715D is a wireless router from the French company Technicolor. A security vulnerability exists in the Technicolor TC8715D. An attacker can exploit this vulnerability to predict passwords...

The vulnerability of Themes component in the Windows operating system, which allows a hacker to disclose protected information

The vulnerability of Themes component in the Windows operating system is related to information representation errors in the user interface. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by the system...

Microsoft Win32k 安全漏洞

Microsoft Win32k is a system file for Windows multi-user management from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Win32k. An attacker could exploit this vulnerability to gain elevated privileges on the system...

Microsoft Hyper-V 安全漏洞

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. A denial of service vulnerability exists in Microsoft Hyper-V. An attacker could exploit this vulnerability to cause a denial of service...

Cesanta MJS Denial of Service Vulnerability (CNVD-2024-27558)

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. A denial of service vulnerability exists in Cesanta MJS version 2.20.0, which is caused by a flaw in the mjs+0x4ec508 component. An attacker could exploit this vulnerability to cause a denial of service...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI are vulnerable to a privilege...

Foxit PDF Reader AcroForm Doc Memory Misreference Vulnerability

Foxit PDF Reader is a free and compact PDF document reader and printer. A security vulnerability exists in Foxit PDF Reader AcroForm Doc, which can be exploited by a remote attacker to submit a special file request and trick the user into parsing it, which can crash the application or execute...

Code Injection

hono is vulnerable to Code Injection. The vulnerability is due to gHSets method lacking isolation in the handler set parameters for each request. An attacker can potentially exploit this by overriding named path parameters from previous requests, leading to unintended parameter usage in subsequen...

CVE-2023-44277

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's...

Google Android elevation of privilege vulnerability (CNVD-2024-16894)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability. The vulnerability is due to an allowable memory allocation flaw in the mmumapforfw function in gsldfwload.c, which leads to a mitigation bypass. An attack...

Microsoft Azure DevOps Server Security Vulnerability

Microsoft Azure DevOps Server is a suite of software development collaboration tools from Microsoft Corporation USA. The product includes features such as code sharing, work tracking, and software distribution. A security vulnerability exists in Microsoft Azure DevOps Server. An attacker exploits...