195539 matches found
Fortinet FortiADC 输入验证错误漏洞
Fortinet FortiADC is an application delivery controller from Fortinet, Inc. An input validation error vulnerability exists in Fortinet FortiADC, which stems from improper input validation of the application and could be exploited by an authenticated attacker to retrieve a file with a specific...
Discourse 跨站脚本漏洞
Discourse is an open source community discussion platform. The platform includes community, email and chat room features. A cross-site scripting vulnerability exists in Discourse BBCode, which stems from the fact that it allows an attacker to utilize multiple CSS injections...
Necta WiFi Mouse 授权问题漏洞
Necta WiFi Mouse is a wireless mouse from Necta. A security vulnerability exists in Necta WiFi Mouse version 1.7.8.5, which stems from the fact that due to the reliance on client-side authentication, the authentication mechanism can be easily bypassed, which could lead to remote code execution...
Adobe InCopy 缓冲区错误漏洞
Adobe InCopy is an application produced by Adobe for professional word processing. Adobe InCopy 17.3 and 16.4.2 and prior versions contain an out-of-bounds read vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the current user...
Google TensorFlow 安全漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google. A security vulnerability exists in Google TensorFlow, which stems from an assertion failure given by Unbatch when it receives a non-scalar input id, which could trigger a denial-of-service attack. T...
FreeOpcUa 安全漏洞
FreeOpcUa is an open source C++ OPC-UA server and client library. A security vulnerability exists in FreeOpcUa, which is susceptible to a denial of service DoS attack when sending multiple CloseSession requests with the DeleteSubscription parameter equal to False to bypass excessive memory...
WordPress Plugin WP phpMyAdmin 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Advantech iView SQL注入漏洞
Advantech iView, a software based on Simple Network Protocol SNMP for managing B B SmartWorx devices from Advantech, China, is vulnerable to a SQL injection vulnerability in versions prior to Advantech iView 5.7.04.6469, which results from the use of special elements in SQL commands that are not...
Gogs 代码问题漏洞
Gogs Go Git Service is a Go-based self-service Git hosting service from the GOGS team that supports creating and migrating public/private repositories, adding and removing repository collaborators, and more. A security vulnerability exists in Gogs versions prior to 0.12.5, which stems from the la...
Rust 安全漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a security vulnerability exists in versions of Rust nanorand crate prior to 0.6.1, which stems from the fact that the same object can have multiple mutable references. No details of the vulnerability are current...
Rust 加密问题漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. version 0.9.7 before Rust sha2 crate 0.9.8 contains a security vulnerability in which the hash of a long message may be incorrect when the AVX2-accelerated backend is used. No details of the vulnerability are...
Oracle MySQL 输入验证错误漏洞
Oracle MySQL Cluster is a write-scalable, real-time, ACID-compatible transactional database developed by Oracle Corporation USA. Oracle MySQL Cluster 8.0.26 and earlier versions of the Cluster: General component are vulnerable to an input validation error that could be exploited by an attacker to...
WordPress 插件跨站脚本漏洞
WordPress plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress PDF Flipbook, 3D Flipbook, DearFlip plugin versions prior to 1.7.10, which stems from not bypassing the class attribute of its shortcode before outputting back to the attribut...
Strapi 安全漏洞
Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 5.45.0 contained security vulnerabilities. These vulnerabilities stemmed from a rate-limiting mechanism in the users-permissions plugin, which derived rate-limiting keys...
pypdf 资源管理错误漏洞
pypdf is py-pdf open source a free open source pure python PDF library . Able to split , merge , crop and convert pages of PDF files . pypdf versions prior to 6.6.0 has a resource management error vulnerability , the vulnerability stems from the processing of missing Root objects and large Size...
datart 安全漏洞
datart is an open source data visualization open platform by running-elephant. A security vulnerability exists in datart version 1.0.0-rc.3, which stems from the POST /viz/image interface not strictly validating filenames, which could lead to a directory traversal attack...
SUSE Linux多款产品 安全漏洞
SUSE Linux Enterprise Desktop is an enterprise server version of the Linux desktop operating system from SUSE Germany. A security vulnerability exists in various SUSE Linux products that originates from a stream reset in the HTTP/2 implementation that results in excessive consumption of server...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a missing node reference release that could lead to a reference count leak...
Apache Camel 安全漏洞
Apache Camel is the United States Apache Apache Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern Java objects POJO implementation , and throug...
WordPress plugin iThemes Sync 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
Harbor 授权问题漏洞
Harbor is an open source registry from Harbor Open Source. Artifacts are protected through policies and role-based access control to ensure that images are scanned and are not vulnerable, and that images are signed as trusted. Harbor suffers from an authorization issue vulnerability that stems fr...
Adobe Photoshop 数字错误漏洞
Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. Adobe Photoshop suffers from a numeric error vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current...
HP PC 代码问题漏洞
HP PC is a computer product from Hewlett-Packard HP in the United States. A security vulnerability exists in HP PC that stems from a potential hole in the audio package, which could allow privileged escalation...
Splunk Enterprise和Splunk Cloud Platform 安全漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A security vulnerability exists in Splunk...
NginxProxyManager 安全漏洞
NginxProxyManager is NginxProxyManager individual developer's Docker container for managing Nginx proxy hosts with a simple, powerful interface. A security vulnerability exists in NginxProxyManager version 2.11.3, which stems from the presence of a command injection vulnerability that could allow...
WordPress plugin Base64 Encoder/Decoder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
TP-LINK AX1800 安全漏洞
The TP-LINK AX1800 is a dual-band Wi-Fi 6 router from China P&L TP-LINK. The TP-LINK AX1800 suffers from a contention condition vulnerability that can be exploited by an attacker to access resources available on the LAN interface and execute arbitrary code...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE. An attacker exploited the...
WiX Toolset 安全漏洞
WiX Toolset is an open source code library for . A security vulnerability exists in WiX Toolset that originates from a standard user being able to hijack a binary before it is loaded into an application, resulting in elevated privileges...
Grav 代码注入漏洞
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product displays. A security vulnerability exists in Grav prior to version 1.7.45, which stems from validating accessible functions via the Utils::isDangerousFunction function,...
Microsoft Open Management Infrastructure Security Vulnerability
Microsoft Open Management Infrastructure is a free, open source Common Information Model CIM management server from Microsoft. A security vulnerability exists in Microsoft Open Management Infrastructure. An attacker could exploit this vulnerability to gain elevated privileges. The following...
WordPress plugin Font Awesome 4 Menus security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
Apache OpenMeetings 授权问题漏洞
Apache OpenMeetings is a multilingual, customizable video conferencing and collaboration system from the Apache Foundation. The product supports audio, video and allows users to view each participant's desktop and more. An authorization issue vulnerability exists in Apache OpenMeetings versions...
AWS SDK for Rust 日志信息泄露漏洞
Amazon AWS SDK for Rust is an AWS SDK for Rust from Amazon.com, USA. AWS SDK for Rust suffers from a log message disclosure vulnerability that originates from including a user's access key, secret key, and security token in plaintext...
Jenkins Plugin TestQuality Updater 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
WordPress Plugin php-mod/curl 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress plugin InPost Gallery 路径遍历漏洞
WordPress and others are products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language.WordPress plugin is an application plugin.PHP and others are products of.PHP is a scripting language that executes on the server side. A path traversal...
PrestaShop 信息泄露漏洞
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. An information disclosure vulnerability exists in PrestaShop versions prior to 1.7.8.8. The vulnerability...
Wiesemann & Theis Com-Server Family 安全特征问题特征问题漏洞
The Wiesemann & Theis Com-Server Family is a series of serial device servers from the German company Wiesemann & Theis. A security signature issue vulnerability exists in Wiesemann & Theis Com-Server Family. An attacker could exploit this vulnerability to brute force a session id and access...
BoxBilling 代码问题漏洞
BoxBilling is open source billing and customer management software from the individual developers of BoxBilling. A security vulnerability exists in BoxBilling versions prior to 0.0.1 that stems from not restricting the upload of dangerous types of files...
Apache Pinot 安全漏洞
Apache Pinot is the U.S. Apache Apache Foundation, a real-time distributed OLAP data store. It is designed to provide ultra-low latency analytics. A security vulnerability exists in Apache Pinot 0.11.0 and earlier versions, which stems from a vulnerability in the groovy feature support...
BlueCMS SQL注入漏洞
BlueCMS is a PHP and MySQL based content management system CMS. a security vulnerability exists in BlueCMS version 1.6, which stems from an SQL injection in line 55 of admin/model.php. No details of the vulnerability are currently available...
CoreDNS 安全漏洞
CoreDNS is a DNS server for the CoreDNS community. A security vulnerability exists in CoreDNS that stems from DNS redirection of internal services...
Varnish Cache 安全漏洞
Varnish Cache is a suite of reverse web caching servers. A security vulnerability exists in Varnish Cache version 7.0.0, 7.0.1, 7.0.2, and 7.1.0, which originates. An attacker can exploit the vulnerability by spoofing HTTP/1 back-end response assertions and automatically restarting the server...
Online Class and Exam Scheduling System SQL注入漏洞
Online Class and Exam Scheduling System is an online class and exam scheduling system. Online Class and Exam Scheduling System 1.0 suffers from a SQL injection vulnerability that originates from an unknown function in the file /pages/facultysched.php being affected. The operation parameter facult...
Red Hat Keycloak 安全漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that originates from the SAML protocol mapper uploading arbitrary Javascript...
GNU SASL 缓冲区错误漏洞
GNU SASL is a GNU community implementation of the Simple Authentication and Security Layer SASL framework and some common SASL mechanisms. A security vulnerability exists in GNU SASL versions prior to 2.0.1 that stems from. Server-side out-of-bounds reads to maliciously authenticated GSS-API...
Jenkins Plugin Deployment Dashboard 信息泄露漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. an information disclosure vulnerability...
Wire 跨站脚本漏洞
Wire is a chat software from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has group functionality, can make voice calls, send photos, and its original greeting method, PING. Wire has a cross-site scripting vulnerability that stems from insufficient...
TYPO3 跨站脚本漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland. A security vulnerability exists in TYPO3. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor's announcement. The...