1238 matches found
Flexense VX Search 代码问题漏洞
Flexense VX Search is a rule-based automated file search solution from Flexense. Allows users to search for files based on file type, category, filename, size, location, extension, regular expressions, text and binary patterns, creation, modification, and last access dates, EXIF tags, etc., save...
CVE-2023-27490 Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth
NextAuth.js is an open source authentication solution for Next.js applications. next-auth applications using OAuth provider versions before v4.20.1 have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social...
loonflow 代码问题漏洞
loonflow is a django based workflow engine by blackholll individual developer. A code issue vulnerability exists in loonflow version r2.0.14. An attacker could exploit this vulnerability to conduct server-side request forgery SSRF attacks...
Linux kernel xusb.c file code issue vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A code issue vulnerability exists in the Linux kernel prior to version 5.17, which stems from the drivers/phy/tegra/xusb.c file incorrectly handling the return value of...
Apache Kafka Code Issue Vulnerability (CNVD-2023-23554)
Apache Kafka is an open source distributed streaming platform from the Apache Foundation in the United States. The platform is capable of acquiring real-time data for building applications that react in real time to changes in the data stream. A code issue vulnerability exists in Apache Kafka...
SUSE CVE-2021-4158
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition...
DataHub 代码问题漏洞
DataHub is datahub-project open source metadata platform for a modern data stack. DataHub is vulnerable to a code issue. An attacker exploits this vulnerability to remotely execute code...
cryptography 代码问题漏洞
python-cryptography is a Python code library for cryptographic applications from the Cryptographic team. A code issue vulnerability exists in cryptography. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement...
Nextcloud 代码问题漏洞
Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A code issue vulnerability exists in Nextcloud. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's...
Pimcore 代码问题漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates applications for Web content management, e-commerce frameworks, and product information management. A code issue vulnerability exists in...
Mitigation of M-07: Issue not mitigated
Lines of code Vulnerability details Mitigation of M-07: Issue not mitigated --- The text was updated successfully, but these errors were encountered: All reactions...
bumsys 代码问题漏洞
bumsys is an open source project called Business Management System by unilogies individual developers. A code issue vulnerability exists in versions prior to bumsys v1.0.3-beta, which stems from the fact that it allows an attacker to upload dangerous types of files without restriction...
Incorrect use of msg.sender in isApprovedForAll function causes issues
Lines of code Vulnerability details Impact the function isApprovedForAlladdress owner, address operator is using msg.sender as the address of the user instead of the address that is passed as the owner parameter, this might cause some issues on the code. --- The text was updated successfully, but...
Mozilla Firefox ESR 代码问题漏洞
Mozilla Firefox ESR is an extended support release of Firefox web browser from the Mozilla Foundation in the United States. A code issue vulnerability exists in Mozilla Firefox ESR. An attacker could exploit this vulnerability to cause arbitrary code execution, information disclosure, or spoofing...
libXpm 代码问题漏洞
libXpm is a lib open source image file format library. A code issue vulnerability exists in libXpm. An attacker could exploit this vulnerability to execute other programs by manipulating the PATH environment variable...
Google Chrome iframe Sandbox Code Issue Vulnerability
Google Chrome is a web browser from Google, an American company. A code issue vulnerability exists in versions of Google Chrome prior to 109.0.5414.74, which stems from an improper implementation of its iframe Sandbox, and can be exploited by remote attackers to bypass file download restrictions...
pyload 代码问题漏洞
pyload is a free and open source download manager written in Python, designed to be extremely lightweight, easily extensible and fully manageable over the Web. A code issue vulnerability exists in versions prior to pyload/pyload 0.5.0b3.dev36, which stems from insufficient session expiration...
ZITADEL 代码问题漏洞
ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era, open sourced by ZITADEL Switzerland. A code issue vulnerability exists in ZITADEL versions 2.17.3 and earlier, 2.16.4 and earlier, which stems from allowing a...
Apache Dubbo code issue vulnerability (CNVD-2023-25935)
Apache Dubbo is the United States Apache Apache Foundation of a lightweight Java-based RPC Remote Procedure Call framework. The product provides interface-based remote calling , fault tolerance and load balancing and automatic service registration and discovery. A code issue vulnerability exists ...
Mozilla Firefox code issue vulnerability (CNVD-2023-05207)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation, U.S. A code issue vulnerability exists in Mozilla Firefox, which stems from an error in the product's handling of JavaScript dialog boxes. A remote attacker could exploit the vulnerability to perform a spoofing attack...