195539 matches found
Open Cascade OCCT 代码问题漏洞
Open Cascade OCCT is a 3D modeling and geometry computation kernel from the French company Open Cascade. A code issue vulnerability exists in Open Cascade OCCT version V800rc5, which stems from a flaw in the VrmlDataIndexedFaceSet::TShape function in the VRML V2.0 parser, as malformed VRML inputs...
commonmark 跨站脚本漏洞
commonmark is a highly extensible PHP Markdown parser open-sourced by The League of Extraordinary Packages, with full support for the CommonMark and GFM specifications. A cross-site scripting vulnerability exists in commonmark versions 1.5.0 through 2.6.x. The vulnerability stems from the...
SimpleXLSX 跨站脚本漏洞
SimpleXLSX is a tool by the individual developer Sergey Shuchkin. It is used to parse and retrieve data from Excel XLSx files. A cross-site scripting vulnerability exists in SimpleXLSX version 1.0.12 up to and including version 1.1.12, which stems from the execution of arbitrary JavaScript code...
LogicalDOC Enterprise 安全漏洞
LogicalDOC Enterprise is a document management system from LogicalDOC Italy. A security vulnerability exists in LogicalDOC Enterprise version 7.7.4, which originates from insufficient validation of binary paths when modifying system settings, and may result in the execution of operating system...
Hermes Agent 安全漏洞
Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.30 contained a security vulnerability, which was caused by a problem with the sanitizeenvlines function in the hermescli/config.py file. This vulnerability...
Insyde InsydeH2O 安全漏洞
Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O. An attacker exploiting this vulnerability could bypass certain features. The following products and...
biopython 代码问题漏洞
biopython is a Python library open-sourced by the Biopython Project. A code issue vulnerability exists in biopython version 186 and earlier, which stems from Bio.Entrez allowing doctype XXE...
RAGFlow path traversal vulnerability
RAGFlow is an open-source RAG engine based on deep document understanding, developed by InfiniFlow. Versions of RAGFlow prior to 0.23.1 contained a path traversal vulnerability. This vulnerability stemmed from an arbitrary file overwrite vulnerability in the MinerU parser, which could lead to...
WordPress plugin CURCY cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
MediaWiki 跨站脚本漏洞
MediaWiki is a free and free-to-use web-based wiki engine from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.A cross-site scripting vulnerability exists in MediaWiki, which stems from the product's Special:CheckUserLog...
LibOSDP 安全漏洞
LibOSDP is a goToMain open source cross-platform open source implementation of the IEC 60839-11-5 Open Surveillance Device Protocol. Designed to improve interoperability between access control and security products. A security vulnerability exists in versions prior to LibOSDP 3.0.0 that stems fro...
WordPress plugin Flex QR Code Generator 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
WordPress plugin Booster for WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file upload vulnerability exists in the WordPress Booster for WooCommerce Plugin that stems from a lack of file type validation in the addfilestoorder function, which can be...
WordPress Plugin CityLogic 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress Plugin CityLogic has a cross-site...
ZEIT Next.js 代码问题漏洞
ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. A security vulnerability exists in ZEIT Next.js that stems from the fact that when a specific request is sent to the Next.js server, it may cause an unhandledRejection in the server,...
WordPress plugin Booked 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Radare2 安全漏洞
Radare2 is an open-source reverse framework for Unix geeks developed by Radare. Previous versions of Radare2, up to bc5a890, contained security vulnerabilities. These vulnerabilities stemmed from command injection in the afsv/afsvj command path. A specially crafted ELF binary could embed maliciou...
Livewire 代码注入漏洞
Livewire is Livewire open source a full stack framework for Laravel that allows you to build dynamic UI components without leaving PHP. A code injection vulnerability exists in Livewire 3.6.3 and earlier versions, which stems from mishandling of component property updates and could lead to remote...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a type obfuscation vulnerability that stems from the presence of type obfuscation in V8. No detailed vulnerability details are provided at this time...
NVIDIA CUDA toolkit 代码问题漏洞
NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. A security vulnerability exists in NVIDIA CUDA Toolkit, which can be exploited by an attacker to cause arbitrary code to be executed with the same...
HDF5 安全漏洞
HDF5 is a library of HDF open source . HDF5 has a buffer overflow vulnerability , the vulnerability stems from the H5Z scaleoffsetdecompressonebyte function fails to correctly validate the length of the input data size , an attacker can use this vulnerability to cause a denial of service...
WordPress 路径遍历漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A path traversal vulnerability exists in WordPress Core version 6.2 and earlier versions. An attacker exploits...
Cindori Sensei Mac Cleaner 安全漏洞
Cindori Sensei Mac Cleaner is a Mac cleaner, monitor, and optimizer application from Cindori, Inc. A security vulnerability exists in Cindori Sensei Mac Cleaner that stems from the presence of a local elevation of privilege issue, which allows an attacker to perform a variety of actions as root,...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue with ptpocpwatchdog, which could lead to memory corruption...
NuProcess 安全漏洞
NuProcess is a low-overhead, non-blocking I/O, external process implementation of Java from Brett Wooldridge's personal developer. NuProcess 1.2.0 and later, and versions prior to 2.0.5, are vulnerable to command injection, which stems from the failure of a network system or product to properly...
html5_snmp SQL注入漏洞
html5snmp is an HTML project developed by Pongtud Bualerd. Version 1.11 of html5snmp contains a SQL injection vulnerability. This vulnerability stems from the RouterID and RouterIP parameters, which may allow attackers to extract or modify database information...
gomatrixserverlib 安全漏洞
gomatrixserverlib is a Go library open-sourced by matrix.org. Used for common functions required by the matrix server. A security vulnerability exists in gomatrixserverlib, which stems from the inability of its power level parsing program to parse the "eventsdefault" keyword of the...
Kubernetes 安全漏洞
Kubernetes K8s is an open source system of Kubernetes open source for automating the deployment, scaling, and management of containerized applications. Kubernetes suffers from a trust management issue vulnerability that stems from the certificate validation logic not properly validating the chain...
vLLM 代码问题漏洞
vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A code issue vulnerability exists in vLLM versions 0.6.5 through 0.8.4, which stems from PyNcclPipe KV cache transfers not properly limiting the scope of TCPStore interface access...
phpMyFAQ 安全漏洞
phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ versions prior to 3.2.10, which stems from the ability of an attacker to trigger a file download on a victim's machine by embedding the file in an...
Jenkins Active Directory Plugin 安全漏洞
The Jenkins Active Directory Plugin is an identity integration plugin developed under open source by Jenkins. Versions of the Jenkins Active Directory Plugin 2.41 and earlier contained a security vulnerability, which was caused by unvalidated deserialization of LDAP reference data...
WordPress plugin VR Calendar 操作系统命令注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An operating system command injection...
EnGenius EnShare Cloud Service 操作系统命令注入漏洞
EnGenius EnShare Cloud Service is a cloud-based network management platform from EnGenius Corporation. An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier, which stems from an OS command injection attack due to an uncleared path parameter in t...
Google Chrome 安全漏洞
V8 is the JavaScript engine in Google Chrome, which is used to parse and execute JavaScript code in web pages. A type confusion vulnerability exists in Google Chrome V8, which can be exploited by an attacker to cause a heap memory corruption and potentially execute arbitrary code...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server 3.6 and earlier versions, which...
WordPress SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. Modern Events Calendar Lite Plugin is a WordPress open source application plugin. WordPress Modern Events Calendar Lite...
WordPress plugin XStore Core SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
Wasmtime 缓冲区错误漏洞
Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. Wasmtime suffers from a buffer error vulnerability that stems from an invalid free and out-of-bounds read/write error when running Wasm due to a memory unsoundness vulnerability in...
Super Xray 安全漏洞
Super Xray is an excellent vulnerability scanning tool by 4ra1n individual developers. A security vulnerability exists in Super Xray version 0.2-beta Linux and Mac OS systems, which can be exploited by attackers to elevate privileges...
Blackmagic Design DaVinci Resolve 安全漏洞
Blackmagic Design DaVinci Resolve is an all-in-one software tool for editing, color correction, visual effects, motion graphics and audio post-production.A code execution vulnerability exists in Blackmagic Design DaVinci Resolve, which could be exploited by attackers to execute arbitrary code in...
WordPress plugin StoryChief 代码问题漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin StoryChief file upload vulnerability , the vulnerability stems from the...
WordPress plugin Aeropage Sync for Airtable 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A file upload vulnerability...
WordPress Plugin Avada 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
Microsoft SQL Server 命令注入漏洞
Microsoft SQL Server is a large commercial database system from Microsoft that is used under Microsoft Windows. A command injection vulnerability exists in Microsoft SQL Server. An attacker can exploit the vulnerability to elevate privileges. The following products and versions are...
Apache Hive和Apache Spark 安全漏洞
Apache Hive and Apache Spark are both products of the Apache Foundation, USA.Apache Hive is a suite of data warehouse software based on Hadoop Distributed Systems Infrastructure. The software provides a data integration approach and a high-level query language to support large-scale data analysis...
HP PC 代码问题漏洞
HP PC is a computer product from Hewlett-Packard HP in the United States. A security vulnerability exists in HP PC that stems from a potential hole in the audio package, which could allow privileged escalation...
nsupdate.info 安全漏洞
nsupdate.info is a free dynamic DNS service in the nsupdate.info development open source. A security vulnerability exists in nsupdate.info, which stems from a mishandling of the parameter CSRFCOOKIEHTTPONLY that results in a cookie without the "httponly" flag...
Hoverfly 安全漏洞
Hoverfly is a lightweight open source API emulation tool open-sourced by SpectoLabs. A security vulnerability exists in Hoverfly 1.11.3 and earlier versions that stems from command injection and could lead to remote code execution...
NamelessMC 信息泄露漏洞
NamelessMC is a free, easy to use and powerful website software from the NamelessMC team. For your Minecraft server, which contains tons of features. An information disclosure vulnerability exists in NamelessMC versions prior to 2.2.4, which stems from the disclosure of sensitive information and...
LibreNMS 跨站脚本漏洞
LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. LibreNMS suffers from a cross-site scripting vulnerability that originates from a stored...