Google Mesop 安全漏洞

Google Mesop is a Python-based UI framework from Google, Inc USA. A security vulnerability exists in Google Mesop version 0.9.0 through versions prior to 0.12.4, which stems from insufficient input validation and could allow unauthorized access to files on the server...

128981semzub (=1.0.1), 1food-menu (>=0.3.0 <=0.3.7) +3129 more potentially affected by CVE-2024-45812 via vite (>=4.0.0 <=4.5.3)

vite NPM version =4.0.0, =0.3.0, =1.0.0, =2.0.3, =0.0.1, =0.0.1, =0.0.7, =4.0.61, =4.0.61, =4.0.61, =4.0.61, =0.0.1, =0.0.3 and more Source cves: CVE-2024-45812 Source advisory: OSV:GHSA-64VR-G452-QVP3...

1food-menu (=0.3.8), 2473-alex-ui (>=0.0.1 <=0.0.4-alpha.3) +4772 more potentially affected by CVE-2024-45811 via vite (>=5.4.0 <=5.4.5)

vite NPM version =5.4.0, =0.0.1, =0.0.1, =1.1.2, =0.1.1, =0.1.0, =5.0.0, =0.0.1-alpha.10, =0.0.4-alpha.5, =0.0.11, =0.0.5, =0.0.1, =1.0.0, =1.0.0, =1.1.1 and more Source cves: CVE-2024-45811 Source advisory: OSV:GHSA-9CWX-2883-4WFX...

128981semzub (=1.0.1), 1food-menu (>=0.3.0 <=0.3.7) +3129 more potentially affected by CVE-2024-45811 via vite (>=4.0.0 <=4.5.3)

vite NPM version =4.0.0, =0.3.0, =1.0.0, =2.0.3, =0.0.1, =0.0.1, =0.0.7, =4.0.61, =4.0.61, =4.0.61, =4.0.61, =0.0.1, =0.0.3 and more Source cves: CVE-2024-45811 Source advisory: OSV:GHSA-9CWX-2883-4WFX...

PT-2024-30869 · Unknown · Wpcargo Track & Trace

Name of the Vulnerable Software and Affected Versions: WPCargo Track & Trace versions 7.0.0 through 7.0.6 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows attackers to manipulate the database...

Apache Druid 安全漏洞

Apache Druid is an American Apache Apache Foundation open source, column-oriented distributed database written in the Java language. A security vulnerability exists in Apache Druid versions 0.18.0 through 30.0.0. An attacker exploiting this vulnerability could manipulate pac4j session cookies...

SYSCOM OMFLOW 安全漏洞

SYSCOM OMFLOW is an information maintenance management system from SYSCOM China. A security vulnerability exists in SYSCOM OMFLOW versions 1.1.6.0 through 1.2.1.2, which originates from user input that is not properly validated for the download function, allowing remote attackers with regular...

Adobe Photoshop 缓冲区错误漏洞

Adobe Photoshop is a suite of image processing software from the American company Audobee Adobe. The software is primarily used for processing images. A buffer error vulnerability exists in Adobe Photoshop versions 24.x through 24.7.4 and 25.x through versions prior to 25.11, which stems from bei...

CVE-2024-44573

A stored cross-site scripting XSS vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

0xsodium (>=0.2.0 <=0.14.0), @0xsodium/graphquery (>=0.2.0 <=0.14.0) +468 more potentially affected by CVE-2024-21529 via dset (>=1.0.1 <=3.1.3)

dset NPM version =1.0.1, =0.2.0, =0.2.0, =0.2.0, =1.7.3, =0.2.0, =0.0.4, =0.0.4, =0.6.0, =0.2.0, =0.2.0, =0.0.0, =1.4.0-beta.2, =0.1.0, =0.0.1, =0.0.1, =0.0.8 and more Source cves: CVE-2024-21529 Source advisory: OSV:GHSA-F6V4-CF5J-VF3W...

Relyum RELY-PCIe 安全漏洞

The Relyum RELY-PCIe is an intelligent pluggable board from the Spanish company Relyum. A security vulnerability exists in Relyum RELY-PCIe versions v22.2.1 through v23.1.0, which stems from the sysconf function containing a command injection vulnerability...

Relyum RELY-PCIe 安全漏洞

Relyum RELY-PCIe is a smart pluggable board from Relyum Spain. A security vulnerability exists in Relyum RELY-PCIe versions v22.2.1 through v23.1.0, which stems from a code injection vulnerability in the getParams function in phpinf.php...

PT-2024-10743 · WordPress · Video Carousel Slider With Lightbox Plugin

Name of the Vulnerable Software and Affected Versions: video carousel slider with lightbox plugin for WordPress versions 1.0.0 through 1.0.6 Description: The issue is related to SQL Injection via the id parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient...

@directus/api (>=18.0.0 <=21.0.1) potentially affected by CVE-2024-45596 via directus (>=10.10.0 <=10.13.2)

directus NPM version =10.10.0, =18.0.0, =21.0.1 Source cves: CVE-2024-45596 Source advisory: OSV:GHSA-CFF8-X7JV-4FM8...

01-numacert (>=1.0.0 <=3.0.0), 02-infrastructure (=1.0.0) +18556 more potentially affected by CVE-2024-43800 via serve-static (>=1.0.1 <=1.15.0)

serve-static NPM version =1.0.1, =1.0.0, =1.0.0, =1.0.3, =0.1.0, =0.2.0, =0.2.2 and more Source cves: CVE-2024-43800 Source advisory: OSV:GHSA-CM22-4G7W-348P...

01-numacert (>=1.0.0 <=3.0.0), 10by10-react-app (=1.2.1) +15728 more potentially affected by CVE-2024-43796 via express (>=1.0.0 <=4.1.2)

express NPM version =1.0.0, =1.0.0, =0.0.1, =1.0.3, =0.2.0, =1.0.2, =1.0.0, =2.0.0, =0.2.0, =0.0.1, =0.1.6 and more Source cves: CVE-2024-43796 Source advisory: OSV:GHSA-QW6H-VGH9-J6WX...

PT-2024-9822 · Fortinet · Forticlientems

Name of the Vulnerable Software and Affected Versions: Fortinet FortiClientEMS versions 1.2.1 through 1.2.5 Fortinet FortiClientEMS versions 6.0.0 through 6.0.8 Fortinet FortiClientEMS versions 6.2.0 through 6.2.9 Fortinet FortiClientEMS versions 6.4.0 through 6.4.9 Fortinet FortiClientEMS versio...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft USA. A security vulnerability exists in Microsoft Windows. An attacker exploiting this vulnerability could bypass certain features. The following products and versions are affected:Windows 10 Version 1809...

PT-2024-9818 · Fortinet · Forticlientems

Name of the Vulnerable Software and Affected Versions: Fortinet FortiClientEMS versions 7.0.0 through 7.0.12 Fortinet FortiClientEMS versions 7.2.0 through 7.2.4 Description: The issue is related to an improper neutralization of special elements used in a command, also known as a 'Command...

Pluto 注入漏洞

Pluto is a unique language for Lua open-sourced by PlutoLang. It is used for general-purpose programming. An injection vulnerability exists in Pluto versions 0.9.0 through 0.9.4, which stems from the fact that scripts passing user-controlled values to the http.request header value can be affected...