195539 matches found
Microsoft SharePoint 安全漏洞
Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...
Kubernetes 安全漏洞
Kubernetes K8s is an open source system from the Cloud Native Computing Foundation for automating the deployment, scaling, and management of containerized applications. A security vulnerability exists in Kubernetes Kubelet that stems from a setting that allows Pods to bypass seccomp configuration...
Hitachi Vantara Pentaho Business Analytics Server 代码注入漏洞
Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that stems from not allowing system administrators to...
WordPress plugin Unlimited Elements For Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
Pulsar Plus System Controller 安全特征问题漏洞
Pulsar Plus System Controller is a Pulsar Plus series controller. A security vulnerability exists in the ABB Pulsar Plus System Controller NE843S, ABB Infinity DC Power Plant, which stems from the presence of an Insufficient Use of Random Values vulnerability. The following products and versions...
crossplane 资源管理错误漏洞
crossplane is a framework for building cloud-native control planes without writing code. A resource management error vulnerability exists in crossplane-runtime that stems from user-supplied input that is not properly validated, which could use too much memory and lead to out of memory...
Pimcore 代码问题漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates applications for Web content management, e-commerce frameworks, and product information management. A code issue vulnerability exists in...
fhir-ig-publisher 路径遍历漏洞
HL7 fhir-ig-publisher is the source code for IG publisher from HL7. A security vulnerability exists in fhir-ig-publisher versions prior to 1.2.30, which originates from a vulnerability that allows attackers to extract files from ZIP or TGZ packages into arbitrary directories via directory travers...
ctrlo lenio 安全漏洞
lenio is an open source facility management system from ctrlo. A security vulnerability exists in ctrlo lenio, which stems from unknown code in the views/task.tt file of its Task Handler component that operates on the parameters site.org.name/check.name/task.tasktype allowing an attacker to...
Google TensorFlow 缓冲区错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc...
Hoosk CMS 代码问题漏洞
Hoosk CMS is a lightweight content management system. Hoosk CMS v1.8.0 suffers from an arbitrary file upload vulnerability that stems from its /attachments component failing to validate uploaded files. An attacker can exploit the vulnerability to remotely execute code...
Netwrix Auditor 代码问题漏洞
Netwrix Auditor is a suite of IT auditing software from US-based Netwrix. The software features user behavior analysis, proactive detection of security threats, and alerts on threat types. A security vulnerability exists in Netwrix Auditor User Activity Video Recording. An attacker can exploit th...
Softmotions IOWOW 缓冲区错误漏洞
Softmotions IOWOW is a C11 persistent key/value store based on a jump table data structure from Softmotions. A security vulnerability exists in Softmotions IOWOW version 1.4.15 and prior versions, which stems from a contained stack buffer overflow vulnerability. An attacker could exploit this...
Google TensorFlow 输入验证错误漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. Google TensorFlow suffers from an input validation error vulnerability that stems from a segmentation error that can be used to trigger a denial-of-service attack if...
Microsoft Windows 安全漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in the Microsoft Windows Credential Roaming Service. The following products and versions are affected:Windows 10 Version 1809 for 32-b...
Flux2 路径遍历漏洞
Flux2 is a tool from the Cloud Native Computing Foundation that keeps Kubernetes clusters synchronized with their configuration sources. A path traversal vulnerability exists in Flux2 versions v0.21.0 through v0.31.0, which stems from mishandling of user-supplied input and can be exploited by an...
Red Hat Keycloak 跨站脚本漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from an application having incorrect input validation. An attacker could exploit...
Couchbase Sync Gateway 信任管理问题漏洞
Couchbase Sync Gateway is a secure web gateway for data access and data synchronization over the web from Couchbase, Inc. A security vulnerability exists in the Couchbase Sync Gateway version 3.x, prior to version 3.0.2, which stems from the fact that administrator credentials are not validated...
7-Zip 缓冲区错误漏洞
7-Zip is a compression software. A buffer error vulnerability exists in 7-Zip 21.07 that allows privilege escalation and command execution when a file with the extension .7z is dragged into the HelpContents area. This is caused by a 7z.dll configuration error and heap overflow. The command runs i...
snapd 后置链接漏洞
Snapd is an open source, cross-platform package management tool. snapd suffers from a security vulnerability that can be exploited by local attackers to cause snapd to restrict the execution of other arbitrary binaries, thereby gaining privileged escalation...
Mattermost 输入验证错误漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost 6.0 and earlier versions, which can be exploited by an authenticated attacker to cause a WEB application client to crash via a maliciously crafted post...
WordPress 访问控制错误漏洞
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress SendGrid plugin version 1.11.8 and earlier is vulnerable to an access control error, which stems fro...
WordPress plugin Form Notify 授权问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Open Cascade OCCT 缓冲区错误漏洞
Open Cascade OCCT is a 3D modeling and geometry computation kernel from the French company Open Cascade. A buffer error vulnerability exists in Open Cascade OCCT version V800rc5, which stems from an out-of-bounds read issue in the VrmlDataIndexedLineSet::TShape function in the VRML parser, as the...
PropertyGuru AgentNet Singapore App 安全漏洞
The PropertyGuru AgentNet Singapore App is a mobile application used by PropertyGuru in Singapore as an real estate agency. The PropertyGuru AgentNet Singapore App versions prior to 23.7.10 contained a security vulnerability, which was caused by the use of hardcoded encryption keys for parameters...
Authlib 安全漏洞
Authlib is the ultimate Python library for building OAuth and OpenID Connect servers open-sourced by Authlib. A security vulnerability exists in Authlib versions prior to 1.6.5 that stems from the JOSE implementation accepting unlimited JWS/JWT headers and signature segments, which could lead to ...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from the fact that ledheartbeatfunction may cause a sleep operation to be executed in atomic...
HP LaserJet Pro 安全漏洞
HP LaserJet Pro is a line of laser printers and MFPs from Hewlett-Packard HP in the United States. A security vulnerability exists in the HP LaserJet Pro that stems from an information disclosure issue that could cause a non-authenticated user to query the device's local address book...
CampCodes Courier Management System 注入漏洞
CampCodes Courier Management System is a courier management system from CampCodes Philippines. An injection vulnerability exists in CampCodes Courier Management System version 1.0, which originates from a SQL injection due to a misbehavior of parameter s in file /parcellist.php...
SonicWALL SMA1000 代码问题漏洞
The SonicWALL SMA1000 is a series of secure mobile access solutions from SonicWALL, Inc. simplifies end-to-end secure remote access to enterprise resources hosted across local, cloud and hybrid data centers. The SonicWALL SMA1000 suffers from a cross-site request forgery vulnerability that stems...
Browser Use 安全漏洞
Browser Use is an open source application from Browser Use. Allows AI agents to access websites. A security vulnerability exists in versions of Browser Use prior to 0.1.45 that stems from improper URL parsing of alloweddomains, which could lead to user information being placed in the authorizatio...
LiteLLM 安全漏洞
LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. A security vulnerability exists in LiteLLM v1.52.1, which stems from an error in the parsing team settings that resulted in the disclosure of Langfuse API keys, potentially leading to the...
Cisco IOS XR 权限许可和访问控制问题漏洞
Cisco IOS XR is a set of operating systems developed by Cisco USA for its network devices. A Privilege Permission and Access Control Issues vulnerability exists in Cisco IOS XR Software that stems from incorrect handling of packets, which could lead to bypassing configured access control lists...
Pure-FTPd 安全漏洞
Pure-FTPd is an FTP File Transfer Protocol server from the individual developer Frank Denis. A security vulnerability exists in Pure-FTPd versions prior to 1.0.52, which stems from an out-of-bounds read problem in the domlsd of the ls.c file...
BYOB 安全漏洞
BYOB Build Your Own Botnet is an open source post-exploitation framework for students, researchers and developers by malwaredllc individual developers. BYOB has a security vulnerability that originates from unauthenticated remote code execution via arbitrary file writes and command injection...
WordPress plugin Themify Ultra security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Gibbon 安全漏洞
Gibbon is a school platform that solves real-world problems that educators encounter every day. A security vulnerability exists in Gibbon version 26.0.00 and earlier that stems from a vulnerability that allows an attacker to conduct a PHP via columnOrder in a POST request to...
Mbed TLS Security Vulnerability
Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library. A security vulnerability exists in Mbed TLS version 3.5.1. An attacker could exploit this vulnerability to cause a denial of service...
Wazuh Security Breach
Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh versions prior to 4.5.3 that stems from the presence of a stack overflow...
find-exec 操作系统命令注入漏洞
find-exec is a shime personal developer that takes a list of shell commands and returns the first available command. An operating system command injection vulnerability exists in find-exec versions prior to 1.0.3, which stems from the inability to properly escape user input and the ease with whic...
编号撤回
SQLite is a lightweight database that is an ACID-compliant relational database management system. This CVE number has been withdrawn...
H3C R160 安全漏洞
The H3C R160 is a wireless router from China's Xinhua San H3C. A security vulnerability exists in the H3C R160 V1004004 version that stems from a stack-based buffer overflow due to incorrect manipulation of the parameter go...
Zyxel ZyWALL USG 操作系统命令注入漏洞
The Zyxel ZyWALL USG is a network security firewall appliance from China's Heqin Zyxel. An operating system command injection vulnerability exists in Zyxel ZyWALL USG versions 4.60 through 5.35, which stems from improper error message handling. An attacker could exploit this vulnerability to...
sqlparse 安全漏洞
sqlparse is Python's non-validating SQL parser. It provides support for parsing, splitting and formatting SQL statements. A security vulnerability exists in sqlparse version 0.1.15 and later. An attacker could exploit this vulnerability to cause a denial of service...
AVEVA Plant SCADA Access Anywhere 授权问题漏洞
AVEVA Plant SCADA Access Anywhere is a reliable, flexible and high-performance Supervisory Control and Data Acquisition SCADA software solution for industrial process customers from AVEVA. The true value and power of Plant SCADA can be accessed in any compatible web browser. An authorization issu...
WordPress plugin ShiftNav 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
Froxlor 命令注入漏洞
Froxlor is a lightweight server management software from the Froxlor team. A command injection vulnerability exists in Froxlor versions prior to 2.0.8, which stems from the presence of command injection...
Cisco Small Business RV340 和 RV345 操作系统命令注入漏洞
The Cisco Small Business RV340 and the Cisco Small Business RV345 are both products of Cisco, Inc.The Cisco Small Business RV340 is a router. The Cisco Small Business RV340 is a router, a hardware device that connects two or more networks and acts as a gateway between them.The Cisco Small Busines...
WordPress plugin GetYourGuide Ticketing 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Digital Alert Systems DASDEC EAS 跨站脚本漏洞
Digital Alert Systems DASDEC EAS is a digital alert system from Digital Alert Systems in the United States. A cross-site scripting vulnerability exists in all current versions of Digital Alert Systems DASDEC, which stems from a lack of effective filtering and escaping of user-supplied data on an...