195539 matches found
pymatgen 安全漏洞
pymatgen is an open source Python library for material analysis. A security vulnerability exists in pymatgen that can be exploited to trigger an exponential ReDoS when an attacker provides arbitrary input to the GaussianInput.fromstring method...
Oracle E-Business Suite 访问控制错误漏洞
Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Web...
WordPress plugin Taskbuilder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Taskbuilder plugin versions prior to 1.0.8 have a cross-site scripting vulnerability that stems fro...
Google TensorFlow 安全漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that when CollectiveGather receives a scalar input input, it gives an assertion of failure, which can be exploite...
GNU Inetutils 代码问题漏洞
GNU Inetutils is a common set of networking programs in the GNU community. A security vulnerability exists in GNU Inetutils version 2.3 and earlier, MIT krb5-appl version 1.0.3 and earlier, which stems from dereferencing the NULL pointer and causes the telnetd application to crash...
Intel Ethernet Controllers 安全漏洞
Intel Ethernet Controllers is an Ethernet controller from Intel Corporation USA. A security vulnerability exists in IntelR E810 Ethernet Controllers versions prior to 1.6.2.9, which stems from incorrect access control. An attacker could exploit this vulnerability to perform a denial of service...
Adobe RoboHelp 跨站脚本漏洞
Adobe RoboHelp is a help authoring tool developed and released for Windows by the American company Audobee Adobe. A cross-site scripting vulnerability exists in Adobe RoboHelp version 2020.0.7 and earlier, which stems from the program's lack of checksum filtering of user-supplied data and output...
Roxy-WI 操作系统命令注入漏洞
Roxy-WI is an open source web interface for managing Haproxy, Nginx and Keepalived servers. A security vulnerability exists in Roxy-WI versions prior to 6.1.1.0, which can be exploited by a remote attacker to execute remote code via a system command that can be run remotely via the...
Microsoft Excel 安全漏洞
Microsoft Excel is a spreadsheet processing software in the Office suite of Microsoft Corporation USA. A security vulnerability exists in Microsoft Office Excel. The following products and editions are affected: Microsoft Excel 2016 32-bit edition,Microsoft Excel 2016 64-bit edition,Microsoft Exc...
XWiki Platform 跨站脚本漏洞
XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from XWiki France. A security vulnerability exists in the XWiki Platform Filter UI, which stems from the discovery of a cross-site scripting issue...
django-mfa3 授权问题漏洞
django-mfa3 is a stubborn Django application that handles multi-factor authentication MFA via FIDO2, TOTP and recovery code. A security vulnerability exists in django-mfa3. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor announcement...
IdeaRe SpA IdeaRE RefTree 路径遍历漏洞
IdeaRe SpA IdeaRE RefTree is a web application for managing complex real estate situations from IdeaRe SpA, Italy. path traversal vulnerability exists in versions of IdeaRe SpA IdeaRE RefTree prior to 2021.09.17. The vulnerability stems from the failure of a web system or product to properly filt...
Veeam Backup&Replication 访问控制错误漏洞
Veeam Backup & Replication is a suite of data protection software from the Swiss company Veeam. The software provides backup, replication and recovery for VMware and Hyper-V VMs, physical and cloud environments. Veeam Backup&Replication is vulnerable to an Access Control Error vulnerability, no...
Avast Antivirus 安全漏洞
Avast antivirus is a suite of antivirus software from the Czech company Avast.Avast Antivirus has an access control error vulnerability in versions prior to 20.4, which can be exploited by attackers to abuse the privilege to control the scan results and thus escape detection or delete arbitrary...
Microsoft System Center Operations Manager 信息泄露漏洞
Microsoft System Center Operations Manager is a large-scale monitoring and management software for corporate environments from Microsoft. Formerly known as MOM Microsoft Operations Manager, the software is primarily used to monitor IT systems and provide monitoring support for distributed...
SonicOS 输入验证错误漏洞
Sonicwall SonicOS is an operating system designed for SonicWall firewall appliances from SonicWall USA. SonicOS suffers from an input validation error vulnerability that stems from the system's lack of effective validation and escaping of host headers. The host header redirection vulnerability...
WordPress 插件 信息泄露漏洞
WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin BulletProof Security suffers from an information disclosure vulnerability that stems from the fact that the BulletProof Security plugin for WordPress can easily disclose sensitive information due to a file...
ZEIT Next.js 输入验证错误漏洞
ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack, and Babel.js. ZEIT Next.js is vulnerable to an input validation error in versions prior to 11.1.0, which stems from a web system or product that does not properly validate input data. An attacker...
Restund 安全漏洞
Restund is an open source network traversal server. A security vulnerability exists in Restund that stems from Restund is an open source NAT traversal server that can be instructed to return a TURN server to open a relay to a range of loopback addresses, which allows you to access any other servi...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Membership & Learning Management System...
Epic Games Rocket League 缓冲区错误漏洞
Epic Games Rocket League is an application software from Epic Games, Inc. a game software. A buffer error vulnerability exists in Epic Games/Psyonix Rocket League version 1.95 and earlier, which stems from a stack-based buffer overflow that occurs when Rocket League processes UPK object files,...
GIMP 安全漏洞
GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability that stems from insufficient length validation during the parsing of PSP files, which may lead to remote code execution...
Qdrant 安全漏洞
Qdrant is an open-source vector similarity search engine and vector database developed by Qdrant. Versions of Qdrant from 1.9.3 to 1.16.0 contained security vulnerabilities. These vulnerabilities stemmed from the /logger endpoint, which allowed arbitrary content to be appended to any file through...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from an attempt to dereference a null pointer, which could result in the null pointer being dereferenced...
PrivateBin 安全漏洞
PrivateBin is a minimalist open source online pastebin from the PrivateBin project. A security vulnerability exists in PrivateBin version 1.7.7 up to and including version 2.0.3, which stems from the presence of a local file inclusion in the template switching feature that could lead to the readi...
Microsoft M365 Copilot 命令注入漏洞
Microsoft M365 Copilot is an AI-powered productivity tool from Microsoft Corporation USA. Microsoft M365 Copilot suffers from a command injection vulnerability that stems from command injection and could lead to information disclosure over the network...
Microsoft Windows Netlogon 安全漏洞
Microsoft Windows Netlogon is an important component of Windows from Microsoft Corporation USA, whose main functions are authentication of users and machines on intra-domain networks and replication of databases for domain-controlled backups, as well as maintenance of domain member-to-domain,...
Autodesk Navisworks 缓冲区错误漏洞
Autodesk Navisworks is a 3D model review software for architecture, engineering, and construction by Autodesk, Inc. A security vulnerability exists in Autodesk Navisworks that originates from parsing a specially crafted DWFX file resulting in an out-of-bounds read, which could trigger a crash or...
Rails 安全漏洞
Rails is a set of open source web application frameworks based on the Ruby language by the US-based Rails team. A security vulnerability exists in Rails that stems from the presence of a DOM-based cross-site scripting vulnerability that allows an attacker to inject malicious script into a victim'...
Mastodon 安全漏洞
Mastodon is an open source social networking server based on ActivityPub by Mastodon Open Source. A security vulnerability exists in Mastodon versions 4.1.x prior to 4.1.17 and 4.2.x prior to 4.2.9, which stems from a vulnerability that allows rate limiting to be bypassed via a crafted HTTP reque...
Brocade Fabric OS 安全漏洞
Brocade Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Brocade USA. A security vulnerability exists in Brocade Fabric OS versions prior to 9.2.2, which stems from a vulnerability that could allow a man-in-the-middle attack for remote service...
Refit 注入漏洞
Refit is a library in the ReactiveUI open source. Refit suffers from an injection vulnerability that stems from failing to check for CRLF characters in the header value, making it vulnerable to server-side request forgery attacks...
OSIsoft PI Web API Code Issue Vulnerability
The Osisoft OSIsoft PI Web API is a RESTful interface to a set of PI systems from the US company Osisoft. The product supports client applications with read and write access to their AF and PI data over HTTPS. A code issue vulnerability exists in the OSIsoft PI Web API, which stems from a...
WordPress plugin ShopBuilder 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information...
WordPress Plugin LiteSpeed Cache 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
WordPress Plugin WP-Members Membership Plugin 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Zscaler Client Connector 安全漏洞
Zscaler Client Connector is an application from zscaler. An application installed on a device that ensures that Internet traffic and access to an organization's internal applications are secure and in compliance with the organization's policies, even when not on the corporate network. A security...
RaspberryMatic Security Vulnerabilities
RaspberryMatic is a free and non-commercial open source operating system alternative from the individual developer Jens Maus in Germany. It is used to run cloud-free smart home IoT centers. A security vulnerability exists in RaspberryMatic versions prior to 3.75.6.20240316, which stems from...
Sichuan Yougou Technology KuERP License Issue Vulnerability
Sichuan Yougou Technology KuERP is an e-commerce platform from Sichuan Yougou Technology, a Chinese company. An authorization issue vulnerability exists in Sichuan Yougou Technology KuERP 1.0.4 and earlier versions, which stems from a security issue in the checklogin function of...
WordPress plugin WP Fastest Cache SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress plugin Shareaholic security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
mx-chain-go 安全漏洞
mx-chain-go is a go implementation of the MultiversX protocol open sourced by MultiversX. A security vulnerability exists in mx-chain-go versions prior to 1.4.16, which arises from an invalid transaction caused by using the wrong username that is not properly processed by the Metachain transactio...
WordPress Plugin Side Cart Woocommerce 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress plugin Uji Popup 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress plugin WP Plugin Manager 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress plugin menu shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Pulsar Plus System Controller 跨站请求伪造漏洞
The Pulsar Plus System Controller is the Pulsar Plus family of controllers. A security vulnerability exists in ABB Pulsar Plus System Controller version NE843S, which originates from ABB Infinity DC Power Plant allowing cross-site request forgery, affecting the following products and versions:...
WordPress plugin Watu Quiz 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
OpenStack 安全漏洞
OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA in the U.S. Swift is one of the storage projects used to store permanent static data. A security vulnerability exists in OpenStack that stems from the fact that by providing a specially...
Containous Traefik 信任管理问题漏洞
Containous Traefik is a reverse proxy and load balancer from US-based Containous. A trust management issue vulnerability exists in Containous Traefik versions prior to 2.9.6, which stems from a potential issue when managing TLS connections, where routers configured with an incorrectly formatted...