OpenStack Ironic 安全漏洞

OpenStack Ironic is an integrated OpenStack software. It is used to configure bare machines rather than virtual machines. There were security vulnerabilities in versions 32 to 37.0.0 of OpenStack Ironic. These vulnerabilities stemmed from unverified malicious users being able to submit specially...

Arista Edge Threat Management - Arista Next Generation Firewall 安全漏洞

Arista Edge Threat Management - Arista Next Generation Firewall is a unified network security platform developed by the American company Arista. It integrates next-generation firewalls, intrusion prevention, web filtering, application control, and network threat protection capabilities. There are...

Formie for Craft CMS 安全漏洞

Formie for Craft CMS is a form plugin for the Craft CMS developed by Verbb. Versions prior to 2.2.21 and 3.1.26 of Formie for Craft CMS had security vulnerabilities. These vulnerabilities stemmed from the possibility for unverified users to modify existing submissions by submitting known or guess...

PocketBase 授权问题漏洞

PocketBase is an open-source real-time backend developed by PocketBase. Versions of PocketBase prior to 0.22.42 and 0.37.4 contained authorization-related vulnerabilities. These vulnerabilities occurred because, under certain circumstances, attackers could create and link unverified PocketBase...

Sparx Systems Sparx Pro Cloud Server 安全漏洞

Sparx Systems Sparx Pro Cloud Server is a modeling and service platform developed by Australian company Sparx Systems. It supports remote access to model repositories and collaborative management. There is a security vulnerability in Sparx Pro Cloud Server, which allows unverified users to retrie...

Sparx Systems Sparx Pro Cloud Server 安全漏洞

Sparx Systems Sparx Pro Cloud Server is a modeling and service platform developed by Australian company Sparx Systems. It supports remote access to model repositories and collaborative management. There is a security vulnerability in Sparx Pro Cloud Server, which allows unverified users to execut...

BMC Control-M/MFT 安全漏洞

BMC Control-M/MFT is an enterprise-level file transfer and job scheduling integration management software developed by the American company BMC. Versions of BMC Control-M/MFT 9.0.22 and earlier contained security vulnerabilities. These vulnerabilities stemmed from API management endpoints that...

Piwigo 安全漏洞

Piwigo is a web-based open-source image library software developed by Piwigo contributors. This software includes functions such as image management, image classification, and permission management. Versions of Piwigo prior to 16.3.0 contained security vulnerabilities. These vulnerabilities stemm...

PdfDing 安全漏洞

PdfDing is a self-hosted PDF management, viewing, and editing tool developed by mrmn’s developers. Versions of PdfDing prior to 1.7.0 contained security vulnerabilities. These vulnerabilities stemmed from access control loopholes, allowing unverified users to bypass password verification processe...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE before 18.8.7, 18.9.3...

Azure Blob Storage for Craft CMS 安全漏洞

Azure Blob Storage for Craft CMS is an open-source cloud storage integration plugin for Craft CMS. Versions of Azure Blob Storage for Craft CMS prior to version 2.1.1 contained security vulnerabilities. These vulnerabilities stemmed from improper access control at the...

Google Cloud Storage for Craft CMS 信息泄露漏洞

Google Cloud Storage for Craft CMS is an open-source cloud storage integration plugin for Craft CMS. Versions of Google Cloud Storage for Craft CMS prior to version 2.2.1 had a vulnerability related to information leakage. This vulnerability stemmed from improper access control at the...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE before 18.7.6, 18.8.6...

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, including 3.0.13, contained security vulnerabilities. These vulnerabilities stemmed from the possibility for unverified users to inject arbitrary values into internal...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server from 9.3.1-alpha.3 to 9.5.0-alpha.10. These vulnerabilities stemmed from a bypass of interception...

chartbrew 访问控制错误漏洞

Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.4 contained a access control vulnerability. This vulnerability stemmed from the lack of middleware in the chart filter endpoint, allowing unverified users to acces...

WordPress plugin WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress plugin Mail Mint 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions prior to Craft CMS 5.9.0-beta.2 and 4.17.0-beta.2 contained security vulnerabilities. These vulnerabilities stemmed from the actionSendActivationEmail endpoint, which was exposed to unverified users and lacked...

ajenti 访问控制错误漏洞

ajenti is an open-source Linux and BSD-based modular server management panel developed by ajenti. Versions of ajenti prior to 2.2.13 contained a security vulnerability related to access control. This vulnerability allowed unverified users to access servers, potentially enabling them to execute...