CVAT.ai CVAT 授权问题漏洞

CVAT.ai CVAT is an open source data processing tool from CVAT.ai. An authorization issue vulnerability exists in CVAT.ai CVAT versions 1.1.0 to 2.41.0, which stems from not enforcing email validation, and could lead to account creation and bot registration using a fake email address...

GLPI 安全漏洞

GLPI is an open source IT asset and service management software suite that provides ITIL service desk functionality, license tracking and software auditing capabilities. A security vulnerability exists in GLPI versions 0.65 through 10.0.18, which originates from a technician being able to utilize...

GLPI 安全漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

GLPI 安全漏洞

GLPI is a free asset and IT management software suite. A phishing attack vulnerability exists in GLPI versions 9.1.0 through 10.0.18, which stems from a planning feature that does not effectively filter malicious links sent by unauthenticated users. An attacker could use this vulnerability to...

Moby 安全漏洞

Moby is an open source project of Moby Open Source. It aims to drive containerization of software and help the ecosystem mainstream container technology. A security vulnerability exists in Moby versions 28.2.0 through 28.3.2, which stems from the failure to recreate iptables rules when the...

GLPI 安全漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

UBUNTU-CVE-2025-7458

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a...

SwitchBot 日志信息泄露漏洞

SwitchBot is a smart switch program from SwitchBot, Inc. A log information disclosure vulnerability exists in SwitchBot versions V6.24 through V9.12, which originates when sensitive information is inserted into a log file, potentially leading to information disclosure...

SQLite 安全漏洞

SQLite is a lightweight database from the SQLite open source, a relational database management system that adheres to ACID. A security vulnerability exists in SQLite versions 3.39.2 through 3.41.1, which stems from an integer overflow that could result in a denial of service or disclosure of...

aioradio (=0.20.24), aisquared (>=0.2.2.dev0 <=0.2.2.dev9) +20 more potentially affected by CVE-2025-54413 via skops (>=0.10.0 <=0.11.0)

skops PYPI version =0.10.0, =0.2.2.dev0, =23.10.1, =23.8.0, =0.5.1, =1.2.15, =1.5.0, =0.4.0, =0.1.0, =1.5.0, =1.6.1 - prompt-protect =0.1.0 and more Source cves: CVE-2025-54413 Source advisory: SNYK:PYTHON-SKOPS-11023249...

XWiki Platform SQL注入漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A SQL injection vulnerability exists in XWiki Platform versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, which stems from a misbehavior of the parameter sort in...

@01ht/ht-api-helper-functions (>=1.0.0 <=1.0.2), @1amageek/tradable (>=0.1.0 <=0.9.0) +529 more potentially affected by CVE-2025-8022 via bun (>=0.0.10 <=1.1.38)

bun NPM version =0.0.10, =1.0.0, =0.1.0, =1.0.1, =0.0.1, =0.1.17, =1.0.0, =0.0.3, =1.1.21, =0.0.2, =0.1.0, =0.0.1, =1.6.0, =1.16.0 and more Source cves: CVE-2025-8022 Source advisory: OSV:GHSA-4J66-8F4R-3PJX...

Compojoom CComment component 跨站脚本漏洞

Compojoom CComment component is a plugin from Compojoom, Inc. A cross-site scripting vulnerability exists in Compojoom CComment component versions 5.0.0-6.1.14, which stems from a stored cross-site scripting vulnerability...

GitLab 15.10 < 18.0.5 / 18.1 < 18.1.3 / 18.2 < 18.2.1 (CVE-2025-4700)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially...

CVE-2024-38335

IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to cause a denial of service due to improper allocation of resources...

ViewVC 路径遍历漏洞

ViewVC is ViewVC open source a Web-based CVS, SVN code repository browsing tool. A path traversal vulnerability exists in ViewVC versions 1.1.0 to 1.1.31 and 1.2.0 to 1.2.3, which stems from a directory traversal in the standalone.py script, which could lead to the disclosure of the contents of t...

TYPO3 powermail 安全漏洞

TYPO3 powermail is a mail form extension for TYPO3 open source. A security vulnerability exists in TYPO3 powermail versions 12.0.0 through 12.5.2 and 13.0.0, which stems from an insecure direct object reference that could lead to the download of arbitrary files from a web server...

app.tozzi.mail:pec-parser (=4.0.0), app.tozzi:uudecoder (=4.0.0) +1243 more potentially affected by CVE-2025-7962 via com.sun.mail:jakarta.mail (>=2.0.0 <=2.0.1)

com.sun.mail:jakarta.mail MAVEN version =2.0.0, =0.2.0, =0.2.0, =2.0.1, =2.0.0, =0.1, =0.4, =1.0.0, =2022.3.4.0, =1.0.0-JDK21, =1.0.3.2-JDK21 - cn.sunyblog.easymail:easymail-spring-boot-starter3 =1.0.1 and more Source cves: CVE-2025-7962 Source advisory: OSV:GHSA-9342-92GG-6V29...

RSJoomla! RSFiles! component for Joomla 资源管理错误漏洞

RSJoomla! RSFiles! component for Joomla is an extension component for the Joomla content management system from RSJoomla! A resource management error vulnerability exists in RSJoomla! RSFiles! component for Joomla versions 1.16.3 through 1.17.7, which stems from mishandling of the search function...

melange 安全漏洞

melange is a Chainguard open source for building APKs from source code. A security vulnerability exists in melange versions prior to 0.23.0 through 0.29.5, which stems from improperly set permissions on the SBOM file, which could lead to a tampering attack...