Taier 授权问题漏洞

Taier is a distributed scheduling system open source by DTStack. It aims to reduce the costs of ETL processes, clarify complex dependencies between tasks, and lower labor costs related to submission, scheduling, and operations. Versions of Taier 1.4.0 and earlier have vulnerabilities related to...

389 Directory Server 代码问题漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. There is a code vulnerability in 389 Directory Server, which stems from the control plugin’s failure to check for allocation failures before using BER structures. This...

Dolibarr ERP CRM 安全漏洞

Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM prior to 23.0.2 contain security vulnerabilities. These vulnerabilities stem from unauthorized permissions granted to unknown functions in the...

SourceCodester Barangay Resident Profiling and Information Management System 信任管理问题漏洞

The SourceCodester Barangay Resident Profiling and Information Management System is an open-source system developed by SourceCodester for managing profiles and information of Barangay residents. Version 1.0 of the SourceCodester Barangay Resident Profiling and Information Management System contai...

SourceCodester Inventory System 跨站脚本漏洞

The SourceCodester Inventory System is an open-source inventory system developed by SourceCodester. Version 1.0 of the SourceCodester Inventory System has a cross-site scripting vulnerability. This vulnerability stems from operations in the file header.php, which may lead to cross-site scripting...

itsourcecode Hospital Management System 注入漏洞

itsourcecode Hospital Management System is an open-source hospital management system developed by itsourcecode. Version 1.0 of itsourcecode Hospital Management System has a vulnerability related to SQL injection, which stems from the handling of the admissiontime parameter in the addpatient.php...

CodeAstro Payroll System 注入漏洞

The CodeAstro Payroll System is a payroll management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Payroll System has a SQL injection vulnerability. This vulnerability arises from an unknown function in the /homesalary.php file, which improperly handles the parameters...

serialization 安全漏洞

Serialization is a data serialization and deserialization tool open source from Boost.org. Versions of serialization 1.91 and earlier have security vulnerabilities. These vulnerabilities stem from improper input validation by unknown functions for specified types, which may lead to remote attacks...

USN-8382-1: Exim vulnerabilities

Timo Longin discovered that Exim incorrectly handled certain SMTP messages in PIPELINING/CHUNKING configurations. A remote attacker could possibly use this issue to perform SMTP smuggling. This issue only affected Ubuntu 14.04 LTS. CVE-2023-51766 It was discovered that Exim incorrectly handled...

goclaw 访问控制错误漏洞

Goclaw is an open-source multi-tenant AI smart agent platform developed by Next Level Builder. Versions of GoClaw 3.11.3 and earlier contain a security vulnerability related to access control. This vulnerability stems from a lack of authentication in the resolveAuth function within the Webhook...

Student-Management-System 授权问题漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. There is a vulnerability in the student-management-system’s authorization mechanism; this vulnerability stems from improper authentication of unknown functions, which may lead to remote attac...

Project Management 授权问题漏洞

Project Management is an open-source project management tool developed by DEVASLAN and released under the PHP open-source license. Versions of Project Management 2.0.0-beta1 and earlier had an authorization issue vulnerability. This vulnerability stems from an improper authorization in the...

DaybydayCRM 访问控制错误漏洞

DaybydayCRM is a daily customer relationship management system developed by Casper Bottelet as an individual project. Versions of DaybydayCRM prior to 2.2.1 contained an access control vulnerability. This vulnerability stemmed from an unknown feature of the Setting Handler component, which lacked...

SourceCodester Pharmacy Sales and Inventory System 访问控制错误漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a vulnerability related to access control. This vulnerability stems fro...

DaybydayCRM 授权问题漏洞

DaybydayCRM is a daily customer relationship management system developed by Casper Bottelet as an individual project. Versions of DaybydayCRM 2.2.1 and earlier contained an authorization vulnerability. This vulnerability stemmed from improper authorization in the view function within the...

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contain code vulnerabilities. These vulnerabilities stem from a server-side request forgeing vulnerability in the...

Open5GS 授权问题漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.6 and earlier contained vulnerabilities related to authorization. These vulnerabilities were caused by an unknown function in the file...

School Student Management System 授权问题漏洞

School Student Management System is an open-source tool developed by Binary Brains for managing school student information. The School Student Management System has a vulnerability related to authorization. This vulnerability stems from the parameter email in the ajaxforgotpassword function of th...

Aider SQL注入漏洞

Aider is an open-source terminal AI pair programming tool developed by Aider AI. Version 0.86.3 of Aider contains a SQL injection vulnerability, which arises from the Code Generation Workflow component causing SQL injections. Attackers can launch attacks remotely due to this vulnerability...

TRENDnet TEW-432BRP 安全漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by TRENDnet Corporation. Version 3.10B20 of TRENDnet TEW-432BRP has a security vulnerability. This vulnerability stems from a parameter in the function formWlanSetup within the file/goform/formWlanSetup, where enrollee causes a stack...