195539 matches found
GLPI SQL注入漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, even toner cartridges a...
rulex 安全漏洞
rulex is a new, portable regular expression language open-sourced by rulex. A security vulnerability exists in rulex versions prior to 0.4.3, which stems from a possible stack overflow when parsing untrusted rulex expressions, potentially leading to a denial of service attack...
Cambium Networks cnMaestro 操作系统命令注入漏洞
Cambium Networks cnMaestro is a cloud-based or native software platform from Cambium Networks for secure end-to-end network control. Cambium Networks cnMaestro suffers from an operating system command injection vulnerability. An attacker could exploit this vulnerability to upload specially crafte...
WordPress plugin Admin Word Count Column路径遍历漏洞
WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. PHP is a scripting language that executes on the server side. WordPress plugin Admin An arbitrary file reading vulnerability exists in Word Count Column 2.2 and earlier versions, which...
CheckMK Raw Edition 安全漏洞
tribe29 CheckMK Raw Edition is a comprehensive and flexible IT monitoring system from tribe29, Germany. A security vulnerability exists in CheckMK Raw Edition that originates from a successful exploit that requires the use of valid credentials or a user with the administrator role to hijack a...
Sourcegraph 代码注入漏洞
Sourcegraph is an open source code search and navigation tool from Sourcegraph, Inc. Sourcegraph is vulnerable to a code injection vulnerability that could be exploited by attackers to cause remote code execution...
Adobe Prelude 代码问题漏洞
Adobe Prelude is a video recording and capture tool designed for intuitive and efficient media organization and metadata entry to quickly tag and transcode video footage and quickly create rough cuts.Adobe Prelude 10.1 and earlier versions are vulnerable to a null pointer dereference. An attacker...
Zope 路径遍历漏洞
Zope is a set of object-oriented, open source web application servers written in the Python language by the Zope ZOPE community. A security vulnerability exists in Zope in versions prior to 4.6 and 5.2 that allows untrusted users to trigger the vulnerability by adding sites that edit Zope page...
Ollama security vulnerabilities
Ollama is an open-source tool developed by Ollama that can be run locally, used for managing and customizing large language models. Version 0.12.10 of Ollama contains a security vulnerability, which stems from issues with the GGUF decoder. This vulnerability could allow remote attackers to trigge...
N-able N-central 安全漏洞
N-able N-central is an RMM platform from N-able Canada Inc. provides large-scale management, automation and orchestration capabilities for sophisticated MSPs and IT professionals. A security vulnerability exists in N-able N-central versions prior to 2025.4 that stems from generating session IDs f...
RPi-Jukebox-RFID 代码注入漏洞
RPi-Jukebox-RFID is a contactless jukebox for the Raspberry Pi from the individual developer Micz Flor in Germany. It can play audio files, playlists, podcasts, web streams and spotify triggered by RFID cards. A code injection vulnerability exists in RPi-Jukebox-RFID version 2.8.0 and earlier,...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a NULL pointer dereference in the media/iris module...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from powerpc rtas not handling the MSR HV bit correctly, which could lead to a crash...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from dwpcieepinit not freeing EPC memory, which could lead to a memory leak...
Splunk Cloud Platform和Splunk Enterprise 安全漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of Splunk, Inc. of the U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. Splunk Cloud Platform and Splunk Enterprise ha...
Citrix Systems NetScaler Gateway和NetScaler ADC 安全漏洞
Citrix Systems NetScaler Gateway Citrix Systems Gateway and Citrix Systems NetScaler ADC are both products of Citrix Systems, Inc.Citrix Systems NetScaler Gateway is a secure remote access solution. The solution provides administrators with application-level and data-level controls to enable user...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab versions 12.5 up to and including...
Chicheng JFLow 访问控制错误漏洞
Chicheng JFLow is a workflow engine form from China Chicheng Chicheng. An access control error vulnerability exists in Chicheng JFLow version 2.0.0, which stems from a parameter oid in file /WF/Ath/EntityMutliFileLoad.do that can lead to improper access control...
WordPress Plugin Salient Core 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
Rails Security Vulnerabilities
Rails is a Ruby-based open source web application framework from the Rails team. A security vulnerability exists in Rails versions prior to 7.1.0 through 7.1.3.1, which stems from a Regular Expression Denial of Service ReDoS vulnerability in the Accept header parsing routine of Action Dispatch...
notrinoserp SQL注入漏洞
notrinoserp is a web-based ERP by Phương Individual Developer, an accounting system written in PHP and MySql. A SQL injection vulnerability exists in notrinoserp version 0.7, which originates from the OrderNumber parameter in /NotrinosERP/sales/customerdelivery.php contains a SQL injection...
Publify 输入验证错误漏洞
Publify is a simple but full-featured web publishing software. versions of Publify prior to 9.2.10 are vulnerable to an input validation error, which stems from the presence of an integer overflow issue. No detailed vulnerability details are currently available...
Publify 安全漏洞
Publify is a simple but full-featured web publishing software. A security vulnerability exists in Publify versions prior to 9.2.10 that stems from insecure storage of sensitive information...
Dromara HuTool 资源管理错误漏洞
Hutool is a small but comprehensive library of Java tools for the Chinese Dromara community. A resource management error vulnerability exists in Dromara HuTool version 5.8.10 and earlier. An attacker could exploit this vulnerability to cause resource consumption...
pgAdmin 代码注入漏洞
pgAdmin 4 is a reliable and comprehensive database design and management software for PostgreSQL. A remote code execution vulnerability exists in pgAdmin 4. The vulnerability is required in Windows environments where, due to lax privilege checks by the developer, an attacker can exploit the...
Yauaa 安全漏洞
Yauaa is a java library from the personal developer Niels Basjes. It is used for UserAgent analysis. A security vulnerability exists in Yauaa, which stems from its introduction of a client-side hint analysis feature that causes applications to crash when the Yauaa library throws an...
VMware open-vm-tools 后置链接漏洞
VMware open-vm-tools is a set of services and modules from VMware, Inc. It includes kernel modules to enhance the performance of virtual machines running Linux or other VMware-supported Unix-like guest operating systems. A security vulnerability exists in VMware open-vm-tools version...
WordPress plugin Form Maker by 10Web SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...
FlyteAdmin 信任管理问题漏洞
FlyteAdmin is a control plane for Flyte open source. Responsible for managing entities tasks, workflows, startup plans and managing workflow execution. An information disclosure vulnerability exists in Flyte FlyteAdmin versions prior to 1.1.44, which stems from the fact that users who enable the...
NextAuth.js 授权问题漏洞
NextAuth.js is an authentication for Next.js. NextAuth.js version v3.0.2 is vulnerable to authorization issues, which can be exploited by attackers to perform unauthorized actions...
Foxit PDF Reader 资源管理错误漏洞
Foxit PDF Reader is a PDF reader from Foxit China.A remote code execution vulnerability exists in Foxit PDF Reader Annotation, which can be exploited by attackers to execute code in the context of the current process...
Red Hat search-api 资源管理错误漏洞
Red Hat search-api is a software component from Red Hat that allows developers to seamlessly introduce search functionality into websites and applications. It provides back-end tools for indexing documents, querying various types of data, managing cluster configurations, viewing search analytics,...
Microsoft Windows Network File System 输入验证错误漏洞
Microsoft Windows Network File System is a file sharing solution from Microsoft that allows you to transfer files between computers running Windows Server and UNIX operating systems using the NFS protocol. An input validation error vulnerability exists in Microsoft Windows Network File System. Th...
mitmproxy 环境问题漏洞
mitmproxy is an interactive, SSL/TLS-enabled interceptor proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. A security vulnerability exists in mitmproxy version 7.0.4 and prior versions, which can be exploited by malicious clients or servers to perform request smuggling attacks vi...
Solarwinds Kiwi Syslog Server 代码问题漏洞
Solarwinds Kiwi Syslog Server is an affordable Syslog management tool for network and system engineers from Solarwinds USA. It is used to receive syslog messages and Snmp traps from network devices routers, switches, firewalls, etc. and Linux®/Unix® hosts. A code issue vulnerability exists in the...
Cobbler 安全漏洞
Cobbler is a Linux installation server that allows for quick setup of network installation environments.Cobbler is vulnerable to authorization issues in versions prior to 3.3.0.The vulnerability stems from a lack of authentication measures or insufficient authentication strength in the network...
jquery-plugin-query-object 安全漏洞
jquery-plugin-query-object is an application. It is used for query string modification and creation in jQuery. A security vulnerability exists in jquery-plugin-query-object 2.2.3, which stems from an improperly controlled modification of the object prototype property that allows a malicious user ...
Nextcloud Server 访问控制错误漏洞
NextCloud Server is an open-source NextCloud server program. Versions of NextCloud Server from 32.0.0 to 32.0.9 and from 33.0.0 to 33.0.3 had a access control vulnerability due to improper sharing token access controls. This vulnerability could allow malicious users to access temporarily uploaded...
SGH SQL injection vulnerability
SGH is a loan fund management PHP script developed by Geraked. Version 0.1.0 of SGH contains an SQL injection vulnerability, which arises from improper handling of the id parameter in the management interface. This vulnerability may lead to SQL injection attacks...
Beetel 777VR1 Access Control Vulnerability
Beetel 777VR1 is a router produced by the Beetel company. Versions of Beetel 777VR1 starting from 01.00.09/01.00.0955 and earlier have a vulnerability related to access control. This vulnerability stems from the lack of authentication in the UART interface, which may allow physical device attacks...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a missing memory copy in the RISC-V architecture kasaninit, which could lead to page faults...
Akinsoft TaskPano 安全漏洞
Akinsoft TaskPano is a team task and project management platform from Akinsoft Turkey. A security vulnerability exists in Akinsoft TaskPano versions prior to s1.06.06, which stems from an improperly restricted authentication attempt that could lead to authentication bypass...
Microsoft SQL Server SQL注入漏洞
Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is applied under the Microsoft Windows system. A SQL injection vulnerability exists in Microsoft SQL Server. An attacker can exploit the vulnerability to elevate privileges. The following products and...
WordPress plugin UltraAddons 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 跨站脚本漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab Enterprise Edition EE and GitLab...
Microchip TimeProvider 4100 操作系统命令注入漏洞
Microchip TimeProvider 4100 is a gateway clock from Microchip, Inc. A security vulnerability exists in the Microchip TimeProvider 4100 prior to version 2.4.7 that stems from improper neutralization of special elements of operating system commands, resulting in OS command injection...
Microsoft Visual Studio and Microsoft .NET Security Vulnerabilities
Microsoft Visual Studio and Microsoft .NET are both products of Microsoft Corporation, USA. Microsoft Visual Studio is a family of development tool suites and a fundamentally complete set of development tools that includes most of the tools needed throughout the software lifecycle. Microsoft .NET...
GNOME Remote desktop 安全漏洞
GNOME Remote desktop is a remote desktop software from GNOME open source. A security vulnerability exists in GNOME Remote desktop that stems from insufficient authentication of the session agent, resulting in the system RDP TLS certificates and keys being potentially exposed to unauthorized users...
Honeywell Experion Server 安全漏洞
Honeywell Experion Server is a high-performance industrial control system server from Honeywell, primarily used in the Experion Process Knowledge System PKS platform. A security vulnerability exists in Honeywell Experion Server, which stems from the fact that the server's receipt of a malformed...
Microsoft SharePoint 安全漏洞
Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...