SourceCodester Pizzafy Ecommerce System 注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Claude Agent SDK Master 路径遍历漏洞

Claude Agent SDK Master is a progressive learning tutorial for Claude Agent SDK developed by Erlich. Claude Agent SDK Master has a path traversal vulnerability; this vulnerability stems from the outputFile parameter in the app/api/agent-output/route.ts file, which allows for path traversal,...

D-Link DIR-825M 缓冲区错误漏洞

The D-Link DIR-825M is a router produced by D-Link Corporation. Version 1.1.12 of the D-Link DIR-825M contains a buffer overflow vulnerability. This vulnerability arises from the parameter submit-url in the function sub414BA8 within the file /file/boafrm/formWanConfigSetup, which leads to a buffe...

O2OA 安全漏洞

O2OA is an open-source enterprise application development platform developed by O2OA. Versions of o2oa 10.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from a function called syncFile in the NodeAgent component, which allowed improper authorization, potentially...

Spire.Doc MCP Server 路径遍历漏洞

Spire.Doc MCP Server is a tool provided by E-iceblue Product Family for individual developers, allowing them to work with Word documents without the need for Microsoft Word. Version 0.1.1 of Spire.Doc MCP Server contains a path traversal vulnerability. This vulnerability stems from the getpdfpath...

XXL-JOB 代码问题漏洞

XXL-JOB is a distributed task scheduling platform developed by Xuxue Li xuxueli. Versions of XXL-JOB 3.3.2 and earlier have code vulnerabilities. These vulnerabilities stem from operations on the parameter addressList in the function triggerJob of the trigger Endpoint. This operation allows for...

Code-Projects Invoice System in Laravel 安全漏洞

Code-Projects Invoice System in Laravel is an open-source invoice system developed by Code-Projects. Version 1.0 of the Code-Projects Invoice System in Laravel contained a security vulnerability. This vulnerability stemmed from improper handling of parameter IDs in the Invoice Endpoint component’...

Code-Projects Chat System 加密问题漏洞

Code-Projects Chat System is an open-source chat system developed by Code-Projects. Version 1.0 of the code-projects Chat System has a security vulnerability related to encryption. This vulnerability stems from the parameter “Password” in the MD5 Hash Handler component’s “updateuser.php” file,...

Code-Projects Invoice System in Laravel 访问控制错误漏洞

Code-Projects Invoice System in Laravel is an open-source invoice system developed by Code-Projects. Version 1.0 of the Code-Projects Invoice System in Laravel contained a access control vulnerability. This vulnerability was caused by an unknown function in the /company file, which allowed...

Hermes Agent 授权问题漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Version 0.8.0 of Hermes Agent contains an authorization vulnerability. This vulnerability stems from the checkauth function in the APISERVERKEY Handler component’s gateway/platforms/apiserver.py file...

Hermes Agent 授权问题漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Version 0.8.0 of Hermes Agent contains an authorization vulnerability. This vulnerability arises from an unknown function in the Webhooks Endpoint component’s gateway/platforms/webhook.py file, which...

Code-Projects Employee Management System 注入漏洞

Code-Projects Employee Management System is an open-source employee management system developed by Code-Projects. Version 1.0 of the Code-Projects Employee Management System has a SQL injection vulnerability. This vulnerability arises from unknown code in the 370project/delete.php file, which...

Code-Projects Employee Management System 注入漏洞

Code-Projects Employee Management System is an open-source employee management system developed by Code-Projects. Version 1.0 of the Code-Projects Employee Management System has a SQL injection vulnerability. This vulnerability arises from the operation of an unknown function in the...

Tenda HG3 命令注入漏洞

The Tenda HG3 is a fiber-optic network terminal wireless router device designed for home broadband access by the Chinese company Tenda. Version 2.0 of the Tenda HG3 has a command injection vulnerability. This vulnerability arises from the operation of an unknown function in the...

AstrBot 安全漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Versions of AstrBot 4.22.1 and earlier contained a security vulnerability. This vulnerability stemmed from an issue in the createtemplate function within the Dashboard API’s routes/t2i.py file, wher...

Copilot API Proxy 安全漏洞

Copilot API Proxy is a reverse proxy service for the GitHub Copilot API developed by Erick Christian. Versions of Copilot API Proxy prior to 0.7.0 contain security vulnerabilities. These vulnerabilities stem from the Header Handler component’s reliance on reverse DNS resolution for handling Host...

kodcloud KodExplorer 安全漏洞

KodCloud KodExplorer is a web file manager provided by the Chinese company KodCloud. Versions of KodCloud KodExplorer 4.52 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper authorization during the handling of the fileUpload parameter in...

DjangoBlog 安全漏洞

DjangoBlog is a blog system developed by liangliangyy using Django. Versions of DjangoBlog 2.1.0.0 and earlier have security vulnerabilities. These vulnerabilities stem from operations on the owntracks/views.py file, which results in a lack of authentication protection, potentially allowing for...

DjangoBlog 安全漏洞

DjangoBlog is a blog system developed by liangliangyy using Django. Versions of DjangoBlog 2.1.0.0 and earlier have security vulnerabilities. These vulnerabilities stem from operations on the blog/views.py file, which results in lack of authentication. This may lead to remote attacks...

SuperAGI 安全漏洞

SuperAGI is an open-source infrastructure application developed by SuperAGI. It is used to build components, tools, frameworks, and models to achieve open-source AGI. Versions of SuperAGI 0.0.14 and earlier contain security vulnerabilities. These vulnerabilities stem from operations on the file...