ZimaOS 代码问题漏洞

ZimaOS is an open-source operating system project by IceWhaleTech, aimed at providing a lightweight, high-performance, and secure operating system environment. ZimaOS versions 1.5.0 and earlier have code vulnerabilities; these vulnerabilities stem from insufficient validation or restrictions on...

openbabel 代码问题漏洞

OpenBabel is an open-source chemistry toolkit software developed by Open Babel. Versions of OpenBabel 3.1.1 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a null pointer dereferencing in the OBAtom::GetExplicitValence function in the isrc/atom.cpp file, which could...

EV2GO 代码问题漏洞

EV2GO is a electric vehicle charging facility management platform developed by the Russian company EV2GO. EV2GO has code-related vulnerabilities; these vulnerabilities stem from the predictable WebSocket backend session identifiers, which allow multiple endpoints to use the same session identifie...

gvfs 代码问题漏洞

GVfs is a virtual file system developed under the Gnome open-source project. GVfs has code vulnerabilities that stem from the unconditional trust placed in information within the passive mode response by clients. This vulnerability could allow malicious servers to detect open ports on the client’...

Manyfold 代码问题漏洞

Manyfold is a self-hosted web application developed by Manyfold OpenSource. Versions of Manyfold prior to 0.133.0 had code-related vulnerabilities; these vulnerabilities were caused by Cookie leaks in the proxy cache, which could lead to session hijacking...

Packistry 代码问题漏洞

Packistry is an open-source, self-hosted Composer repository developed by Packistry. Versions of Packistry prior to 0.13.0 had code-related vulnerabilities. These vulnerabilities stemmed from the lack of enforcement of token expiration checks, which could lead to unauthorized access...

Vikunja 代码问题漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.0.0 had code vulnerabilities. These vulnerabilities stemmed from allowing the setting of weak passwords, where user-changed passwords still allowed active sessions to remain valid,...

Zyxel VMG3625-T50B和Zyxel WX3100-T0 代码问题漏洞

Both Zyxel VMG3625-T50B and Zyxel WX3100-T0 are products of the Chinese company Zyxel. Zyxel VMG3625-T50B is a Wi-Fi device. Zyxel WX3100-T0 is a wireless bridge. There are code vulnerabilities in versions of Zyxel VMG3625-T50B 5.50ABPM.9.6C0 and earlier, as well as Zyxel WX3100-T0 5.50ABVL.4.8C0...

FastAPI Admin 代码问题漏洞

FastAPI Admin is an open-source management dashboard based on FastAPI and TortoiseORM. Versions of FastAPI Admin 2.2.0 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of the uploadcontroller function in the...

Datapizza AI 代码问题漏洞

Datapizza AI is an open-source development framework for intelligent agents by Datapizza. Version 0.0.2 of Datapizza AI contains code vulnerabilities. These vulnerabilities stem from incorrect operations on the function RedisCache in the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.p...

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning

Artificial intelligence AI company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security , is currently available in a limited research preview to...

OpenSift 代码问题漏洞

OpenSift is an open-source artificial intelligence learning assistant developed by OpenSift. Versions of OpenSift 1.1.2-alpha and earlier contained code vulnerabilities. These vulnerabilities stemmed from overly permissive server-side access behaviors allowed by URL ingestion, which could lead to...

WordPress plugin Oxygen 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Bravis Addons 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

Music Assistant 代码问题漏洞

Music Assistant is an open-source media library manager developed by Music Assistant. Versions of Music Assistant 2.6.3 and earlier contained code vulnerabilities. These vulnerabilities stemmed from the music/playlists/update API, which allowed bypassing the .m3u extension restriction and allowin...

WorldQuant Alpha Generator 代码问题漏洞

WorldQuant Alpha Generator is a mining software developed by zhutoutoutousan. Versions of WorldQuant Alpha Generator 1.0.9 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations with the parameter makerequest in the file...

pfSense 代码问题漏洞

pfSense is a network firewall based on FreeBSD Linux. pfSense has code-related vulnerabilities, which stem from defects in the code, potentially leading to execution of unauthorized code...

IBM Watsonx.data 代码问题漏洞

IBM Watsonx.data is an open data lake platform developed by IBM. There were code vulnerabilities in versions 2.2 to 2.2.1 of IBM Watsonx.data. These vulnerabilities allowed privileged users to upload malicious files and execute them on the server, potentially leading to modifications to files or...

Tandoor Recipes 代码问题漏洞

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.5.1 had code vulnerabilities. These vulnerabilities stemmed from the Cookmate recipe import feature not verifying the target URL...

NTN Smart Panel 代码问题漏洞

NTN Smart Panel is a software for insurance business operations developed by the Turkish company NTN. Versions of NTN Smart Panel prior to 20251215 had code-related vulnerabilities. These vulnerabilities stemmed from unlimited upload of dangerous types of files, which could lead to access to...