12 matches found
CVE-2026-11128
Inappropriate implementation in Web Share in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
SiYuan 安全漏洞
SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the /api/query/sql interface, which only checked basic authentication, potentially allowing arbitrary SQL...
Rapid7 AppSpider Pro 安全漏洞
Rapid7 AppSpider Pro is a dynamic application security testing solution from Rapid7, Inc. that allows you to scan Web and mobile applications for vulnerabilities. A security vulnerability exists in Rapid7 AppSpider Pro versions prior to 7.5.021 that stems from an access control flaw in the...
CVE-2019-5383
A remote code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...
Webmin Security Vulnerabilities
Webmin is a set of Web-based system administration tools for use in Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin versions prior to 2.003, which stems from a cross-site request forgery vulnerability in the ajaxterm module...
CVE-2024-22098
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free...
RSSHub 安全漏洞
RSSHub is an RSS feed generator written in Node.js, distributed under the MIT license and maintained by DIYgod and other GitHub users. A security vulnerability exists in versions prior to RSSHub 1.0.0-master.a429472, which stems from a vulnerability that could allow a remote attacker to use the...
ZTE MF258 Cross-Site Scripting Vulnerability
The ZTE MF258 is a desktop router from ZTE Corporation ZTE, China. A cross-site scripting vulnerability exists in the ZTE MF258 version prior to ZTESTDV1.0.0B11, which stems from insufficient validation of SMS interface parameter inputs, resulting in a cross-site scripting attack...
matrix-media-repo Cross-Site Scripting Vulnerability
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A cross-site scripting vulnerability exists in matrix-media-repo versions prior to 1.3.0, which originates from a vulnerability that allows an attacker to upload an SVG image containing JavaScript script to a serv...
Knot Resolver 资源管理错误漏洞
Knot Resolver is a cached DNS resolver implementation that includes a resolver library and daemon. A denial of service vulnerability exists in NIC Knot Resolver versions prior to 5.5.3. The vulnerability stems from not properly handling incoming error messages and can be exploited by a remote...
Unspecified Vulnerability in HashBrown CMS
HashBrown CMS is an open source headless content management system CMS. A security vulnerability exists in the Server/Entity/Resource/Connection.js file in HashBrown CMS versions prior to 1.3.2. The vulnerability can be exploited by an attacker to access the parent directory with the help of a...
Google Chrome URL bar spoofing vulnerability (CNVD-2019-32010)
Google Chrome is a web browser from Google, an American company. A security vulnerability exists in Google Chrome versions prior to 77.0.3865.75. A remote attacker can exploit the vulnerability to spoof the contents of the address bar with the help of a specially crafted website...