195539 matches found
Electron 输入验证错误漏洞
Electron is a personal developer of a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium can use HTML, CSS to achieve cross-platform desktop application writing. An input validation error vulnerability exists in Electron versions...
Das U-Boot 缓冲区错误漏洞
Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A security vulnerability exists in Das U-Boot versions prior to 2022.01, which stems from U-Boot's...
Das U-Boot 缓冲区错误漏洞
Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A security vulnerability exists in Das U-Boot 2022.01 and earlier versions, which stems from the...
HashiCorp go-getter 输入验证错误漏洞
HashiCorp go-getter is a library for HashiCorp's Go golang for downloading files or directories from various sources using URLs as the primary form of input. An input validation error vulnerability exists in HashiCorp go-getter version 2.0.2 and prior versions, which stems from the inability to...
Razer Synapse 3 代码问题漏洞
Razer Synapse 3 is an application from Razer USA, Inc. A cloud-based unified hardware configuration tool. A security vulnerability exists in Razer Synapse prior to version 3.7.0228.022817 that stems from the fact that Razer Synapse prior to version 3.7.0228.022817 allows privilege escalation...
Hashicorp HashiCorp Vault 信息泄露漏洞
HashiCorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp, USA. An information disclosure vulnerability exists in HashiCorp Vault, which stems from a misconfiguration of the product's cache that causes the browser to incorrectly cache sensitive information about a...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress Autoptimize plugin versions prior to 2.7.8, which allows an...
QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞
QNAP Systems QTS and QNAP Systems QuTS Hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability stems from command injection, which...
Open Cascade OCCT 缓冲区错误漏洞
Open Cascade OCCT is a 3D modeling and geometry computation kernel from the French company Open Cascade. A buffer error vulnerability exists in Open Cascade OCCT version V800rc5, which stems from multiple issues with the IGES and STEP file parsers, including an out-of-bounds read of...
pnpm security vulnerabilities
PNPM is a package manager developed by the open-source project Pnpm. Versions of Pnpm prior to 10.28.1 contained security vulnerabilities. These vulnerabilities were caused by path traversal in binary links, which could allow malicious npm packages to create executable files or symbolic links...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Card Framework module, which can be exploited by an attacker to cause...
Adobe Animate 代码问题漏洞
Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause a memory information disclosure...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an uninitialized object removal operation that could result in a null pointer dereference...
SAMSUNG MagicINFO 9 Server 安全漏洞
SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. SAMSUNG MagicINFO 9 Server suffers from a path traversal vulnerability that can be exploited by an attacker to execute arbitrary code on the system...
Microsoft Office 资源管理错误漏洞
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...
WordPress plugin SQL Chart Builder SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
Visteon Infotainment 数据伪造问题漏洞
Visteon Infotainment is an automotive infotainment system from Visteon Corporation. Visteon Infotainment suffers from a data forgery vulnerability that arises from insufficient authenticity verification of the firmware image provided during firmware updates to the VIP microcontroller, which could...
WordPress plugin mFolio Lite 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A competing conditional vulnerability exists in versions of Mozilla Firefox prior to 131.0.3, which can be exploited by attackers to cause unexpected behavior and cause the browser to crash...
Grafana 安全漏洞
Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana that stems from the fact that if a...
WordPress plugin JetSearch 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from a failure to properly validate synchronized reactions when shared channels are enabled, which allows a malicious remote person to create...
Qualcomm Chipsets Security Vulnerability
Qualcomm Chipsets are a series of chipsets from Qualcomm, an American company. A security vulnerability exists in Qualcomm Chipsets. An attacker exploiting the vulnerability could gain access to sensitive information...
Siemens Solid Edge 安全漏洞
Siemens Solid Edge is an enterprise-class computer-aided design software for complex 3D modeling. Siemens Solid Edge suffers from a stack buffer overflow vulnerability that stems from improper memory management when the software parses specially crafted PAR files. An attacker can exploit the...
WordPress plugin Auto Featured Image (Auto Post Thumbnail) 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...
Red Hat Keycloak 安全漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from allowing unauthenticated cross-domain messages, allowing an attacker to...
Quarkus 安全漏洞
Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from the leakage of local configuration properties into Quarkus applications...
rust-openssl 安全漏洞
rust-openssl is a library from Rust for interacting with the OpenSSL library. A security vulnerability exists in rust-openssl that stems from the presence of a timing-based side channel flaw...
Label Studio 代码问题漏洞
Label Studio is an open source data labeling tool from Heartex Open Source. Allows you to use a simple and clear UI mark audio, text, images, video and time series and other data types , and exported to a variety of model formats . A code issue vulnerability exists in Label Studio versions prior ...
Vite Security Vulnerabilities
Vite is a new front-end build tool from Vite open source. Vite has a security vulnerability , the vulnerability stems from the file system is not case-sensitive...
Apktool Path Traversal Vulnerability
Apktool is a tool for reverse engineering Android APK files. A path traversal vulnerability exists in Apktool 2.9.1 and earlier versions, which stems from the fact that Apktool can infer the output path of a resource file based on the name of the resource, which can be exploited by an attacker to...
WordPress Plugin Themify Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
Apache InLong 代码问题漏洞
Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. Apache InLong has a deserialization vulnerability that originates from unsafe deserialization processing of serialized data receive...
WordPress plugin Stripe Payment Plugin for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Apache InLong 安全漏洞
Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. A security bypass vulnerability exists in Apache InLong versions 1.2.0 through 1.6.0, which can be exploited by an attacker to cancel an application...
多款BirdDog产品信任管理问题漏洞
BirdDog STUDIO R3 and others are products of BirdDog Inc.BirdDog STUDIO R3 is a camera.BirdDog 4K QUAD is a camera.BirdDog MINI is a video encoder. The BirdDog STUDIO R3, 4K QUAD, MINI, and A300 EYES are vulnerable to a trust management issue that stems from the use of hard-coded credentials. An...
FS-S3900-24T4S 安全漏洞
The FS-S3900-24T4S is a switch from FS. A security vulnerability exists in the FS-S3900-24T4S that stems from the presence of privilege escalation...
VISAM VBASE Automation Base 代码问题漏洞
VISAM VBASE is a data acquisition and monitoring system from VISAM Germany. A security vulnerability exists in VISAM VBASE Automation Base versions prior to 11.7.5. An attacker who exploits this vulnerability could disclose sensitive information...
KubeVirt 安全漏洞
Kubevirt is a virtual machine manager. A security vulnerability exists in KubeVirt 0.59.0 and later, which stems from the ability to modify all node specifications using the virt-handler service account if a malicious user takes over a Kubernetes node running virt-handler...
phpMyFAQ 安全漏洞
phpMyFAQ is a multilingual, fully database-driven FAQ system. phpMyFAQ versions prior to 3.1.11 have a security vulnerability that stems from a weak password requirement. No detailed vulnerability details are currently available...
destiny.gg chat 跨站请求伪造漏洞
destiny.gg chat is destiny.gg open source a destin.gg chat backend. destiny.gg chat suffers from a cross-site request forgery vulnerability that stems from a problem with the function websocket.Upgrader in the file main.go, which could lead to cross-site request forgery...
Apache BookKeeper 信任管理问题漏洞
Apache BookKeeper is a scalable, fault-tolerant, and low-latency storage service optimized for real-time workloads from the Apache Foundation USA. A trust management issue vulnerability exists in the Apache Bookkeeper Java Client versions prior to 4.14.6 and prior to 4.15.0, which stems from a...
MPXJ 安全漏洞
MPXJ is an open source library for Jon Iles individual developers. It is used to read and write project plans from various file formats and databases. A security vulnerability exists in MPXJ versions prior to 10.14.1 that stems from the use of File.createTempFile... This causes a temporary file t...
Moodle 跨站脚本漏洞
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle versions 3.11.0 and later, 3.11.1 and earlier, 4.0.0 and later, and 4.0.5 and...
TestNG 路径遍历漏洞
TestNG is a Java language testing framework developed by Cedric Beust. A path traversal vulnerability exists in TestNG, which stems from an affected testngXmlExistsInJar function in the testng-core/src/main/java/org/testng/JarFileUtils.java file in the component XML File Parser, which could lead ...
Google TensorFlow 输入验证错误漏洞
Google TensorFlow is an open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from the fact that entering 'densefeatures' or 'examplestatedata' that is not rank 2 will trigger a 'CHECK' failure in...
Microsoft Azure 操作系统命令注入漏洞
Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from Microsoft Corporation USA. An operating system command injection vulnerability exists in Microsoft Azure CLI versions prior to 2.40.0, which originates from a host running Azure CLI commands where the parameter...
Teledyne FLIR AX8 操作系统命令注入漏洞
Teledyne FLIR AX8 is a series of thermal surveillance cameras from Teledyne FLIR USA. Teledyne FLIR AX8 1.46.16 and earlier versions suffer from an operating system command injection vulnerability that originates from an attacker being able to use root privileges to execute arbitrary commands on...
ForkCMS 跨站脚本漏洞
ForkCMS is a software application. An easy-to-use open source CMS using Symfony components. A security vulnerability exists in ForkCMS version 5.9.3. A remote attacker can exploit this vulnerability to inject JavaScript via the "enddate" parameter...
DevExpress 代码问题漏洞
DevExpress is a software from DevExpress, Inc. for providing best-in-class UI controls, tools and frameworks for WinForms, ASP.NET, MVC, Blazor, ASP.NET Core, WPF, VCL, Xamarin and JavaScript. A code issue vulnerability exists in DevExpress SafeBinaryFormatter that stems from a lack of proper...