GeoServer 代码问题漏洞

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code issue vulnerability exists in GeoServer that stems from improper handling of XML external entities, which could lead to information disclosure...

Feng Office 代码问题漏洞

Feng Office formerly known as OpenGoo is an open source online office system by the Feng Office team. The system provides task management, schedule management, document management and Email sending and receiving functions. A code issue vulnerability exists in Feng Office version 3.2.2.1, which...

CVE-2025-49223

billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

Apache InLong 代码问题漏洞

Apache InLong is a one-stop mass data integration framework from the Apache USA Foundation. It provides automated, secure, and reliable data transfer capabilities. A code issue vulnerability exists in Apache InLong versions 1.13.0 to 2.1.0, which stems from deserializing untrustworthy data and...

CVE-2024-41999

Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. If this vulnerability is exploited, an attacker with physical access to the device may exploit the debug function to gain access to the OS functions, escalate the privilege, change the device's...

CVE-2024-33259

Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component scannerseek at jerry-core/parser/js/js-scanner-util.c...

CVE-2024-31406

Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may perform unauthorized operations...

CVE-2024-29748

there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2024-7720

HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries...

CVE-2024-36475

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed...

CVE-2024-48214

KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data...

CVE-2024-35144

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system...

CVE-2023-2193

Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token...

CVE-2023-48412

In privatehandlet of maligrallocbuffer.h, there is a possible information leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-47123

iTop is an IT service management platform. By filling malicious code in an object friendlyname / complementary name, an XSS attack can be performed when this object will displayed as an n:n relation item in another object. This vulnerability is fixed in 3.1.1 and 3.2.0...

zentaopms 代码问题漏洞

zentaopms is EasySoft open source an agile scrum project management system u200b. A code issue vulnerability exists in zentaopms version 21.520250307, which stems from a misbehavior of the parameter filePath in file/index.php leading to deserialization...

ShopXO 代码问题漏洞

ShopXO is an open source enterprise-level open source e-commerce system from ShopXO Inc. A code issue vulnerability exists in ShopXO version 6.5.0, which stems from the incorrect operation of the parameter params in the file app/admin/controller/Payment.php resulting in unlimited uploads...

CVE-2022-22758

When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack. This bug only affects...

CVE-2022-36231

pdfinfo 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3...

CVE-2022-24118

Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6...