195539 matches found
Robustel R1510 操作系统命令注入漏洞
The Robustel R1510 is an industrial VPN router from Robustel China.The Robustel R1510 is vulnerable to an operating system command injection vulnerability, which stems from the fact that specially crafted network packets can be subject to a command injection vulnerability in the...
CODESYS Gateway Server 安全漏洞
CODESYS Gateway Server is an extended CODESYS Gateway from CODESYS Corporation that connects a CODESYS Automation Server to a CODESYS PLC in a local network. A security vulnerability exists in versions prior to CODESYS Gateway Server V2 V2.3.9.38 that stems from comparing only a portion of a...
posix 安全漏洞
posix is a portable operating system interface. A security vulnerability exists in all versions of posix, which stems from a call to the toString method that falls back to the value 0x0 and can be exploited by an attacker to conduct a Dos attack...
SchedMD Slurm 安全漏洞
SchedMD Slurm is an open source and highly scalable cluster management and job scheduling system for large and small Linux clusters from SchedMD, Inc. SchedMD Slurm versions 21.08.x through 21.08.8 A security vulnerability exists in versions 20.11.x through 20.11.9, which stems from incorrect...
flask-session-captcha 代码问题漏洞
flask-session-captcha is a captcha implementation of flask by the individual developer Joakim Uddholm in Germany. A security vulnerability exists in versions of flask-session-captcha prior to 1.2.1, which stems from the fact that the captcha.validate function returns None if no value is passed, a...
WordPress plugin Web To Print Shop : uDraw 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Web To Print Shop: An arbitrary file reading vulnerability exists in versions of uDraw prior...
WordPress plugin WooCommerce SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. SQL injection vulnerability exists in versions of...
Calibre-Web 代码问题漏洞
Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database. Calibre-Web suffers from a server-side cross-site request forgery vulnerability, no detailed vulnerability details are available at this time...
Mezzanine 跨站脚本漏洞
Github Mezzanine, a content management platform, is vulnerable to a cross-site scripting vulnerability that originates from a cross-site scripting XSS vulnerability in Mezzanine v4.3.1. The vulnerability can be exploited to execute arbitrary code via the "Description" field of...
Geutebrück G-Cam E2 操作系统命令注入漏洞
Geutebrück G-Cam E2 is a camera from manualslib. The Geutebrück G-Cam E2 suffers from an operating system command injection vulnerability that stems from the susceptibility of affected products to command injection attacks. An attacker can exploit this vulnerability to remotely execute arbitrary...
OpenVPN ovpn-dco-win 安全漏洞
OpenVPN ovpn-dco-win is a virtual network adapter for Windows developed by OpenVPN. There are security vulnerabilities in versions 2.0.0 to 2.8.3 of OpenVPN ovpn-dco-win. These vulnerabilities stem from errors in buffer size calculations by the epoch key generator, which may allow remotely...
OpenMRS 代码注入漏洞
OpenMRS is an open-source electronic health record system developed by OpenMRS Inc. Versions of OpenMRS from 2.7.0 to 2.7.9 and before 2.8.6 have a code injection vulnerability. This vulnerability arises from the ConceptReferenceRangeUtility.evaluateCriteria method, which evaluates condition...
anything-llm 安全漏洞
anything-llm is an integrated desktop and Docker AI application developed by Mintplex. Versions of anything-llm prior to 1.9.1 contain security vulnerabilities. These vulnerabilities stem from the improper handling of user input by the AgentFlows component, which may lead to path traversal attack...
Microsoft HTTP.sys 访问控制错误漏洞
Microsoft HTTP.sys is an HTTP application protocol from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft HTTP.sys. An attacker could exploit the vulnerability to elevate privileges. The following products and versions are affected:Windows 10 Version 21H2 for...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an MSR access error that could result in a register write failure...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check the validity of the tx-inuse pointer, which could result in a null pointer dereference...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly handling the debugfslookup return value, which could lead to a memory leak...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to reject a VHT mode of operation that does not support channel widths, which could result in a...
SAMSUNG MagicINFO 9 Server 安全漏洞
SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. SAMSUNG MagicINFO 9 Server suffers from a path traversal vulnerability that stems from an improper restriction of restricted directory pathnames. An attacker cou...
Oracle Java SE 资源管理错误漏洞
Oracle Java SE is a U.S. Oracle Oracle company for the development and deployment of desktop, server and embedded devices and real-time environments in the Java application. A security vulnerability exists in Oracle Java SE for Oracle Java SE and Oracle GraalVM for JDK, which can be exploited by...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a buffer overflow that could cause a system crash...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from kprobes not properly updating kcb status flags, which could lead to a kernel panic...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a null pointer dereference vulnerability that stems from not verifying the validity of a decoder, which could lead to a null pointer dereference. An...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from lib/stringhelpers not adding strarray to the device's resource list...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from post-release reuse in the ep93xxclkregistergate function...
Microsoft Directx 资源管理错误漏洞
Microsoft Directx is a tool from Microsoft that is designed to fix Windows anomalies. This software repair tool automatically updates C++ components and fixes the 0xc000007b problem exception. A security vulnerability exists in Microsoft Directx. The vulnerability can be exploited by an attacker ...
Ruby 安全漏洞
Ruby is a cross-platform, object-oriented, dynamically typed programming language from the personal developer Yukihiro Matsumoto. A security vulnerability exists in Ruby that stems from vulnerability to the Marvin attack, which allows an attacker to decrypt previously encrypted messages or forge...
Elastic Kibana 代码问题漏洞
Elastic Kibana is an available data visualization dashboard software from Elastic. A code issue vulnerability exists in Elastic Kibana that stems from a deserialization issue that can be triggered by Kibana when it attempts to parse a YAML document that contains a carefully crafted payload. An...
Microsoft Windows Package Manager 安全漏洞
Microsoft Windows Package Manager is a comprehensive package manager solution from Microsoft Corporation USA. A system or set of tools used to automate the installation, upgrade, configuration, and use of software. Most package managers are designed to discover and install developer tools. A...
libheif 安全漏洞
libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder from struktur open source. A security vulnerability exists in libheif version 1.17.6, which stems from insufficient checks when decoding HEIF files containing forged offsets, which could lead to out-of-bounds reads and write...
WordPress plugin Taxi Booking Manager for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
NVIDIA ChatRTX 安全漏洞
NVIDIA ChatRTX is a content personalization chatbot from NVIDIA, USA. A security vulnerability exists in NVIDIA ChatRTX. An attacker exploits the vulnerability to cause incorrect privilege management issues by leveraging inter-process communication between different processes...
WordPress plugin Ultimate Under Construction 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
Secomea GateManager 安全漏洞
Secomea GateManager is a remote access server product from Secomea, Denmark. A security vulnerability exists in versions prior to Secomea GateManager 11.2.624095033, which stems from the presence of a buffer overflow vulnerability...
phpecc 安全漏洞
phpecc is a pure PHP elliptic curve cryptography library open-sourced by Paragon Initiative Enterprises. A security vulnerability exists in phpecc versions prior to 2.0.1, which stems from a branch-based timing leak in Point addition...
Microsoft OLE DB Provider for SQL Server 安全漏洞
Microsoft OLE DB Driver for SQL Server is a standalone data access application programming interface API for OLE DB. A remote code execution vulnerability exists in Microsoft OLE DB Driver for SQL Server, which can be exploited by an attacker to execute arbitrary code on the system...
SolidWorks 安全漏洞
SolidWorks is a 3D CAD software from SolidWorks that runs on the Microsoft Windows platform. A security vulnerability exists in SolidWorks version 2024 that originates from a vulnerability that allows an attacker to execute arbitrary code when opening a specially crafted CATPART, DWG, DXF, IPT, J...
PTC KEPServerEX Trust Management Issue Vulnerability
PTC KEPserverEX is a connectivity platform from PTC. Users can connect, manage, monitor and control a variety of automation devices and software applications through an intuitive user interface. A security vulnerability exists in PTC KEPServerEX version v6.14.263.0 and prior versions, which stems...
Microsoft Windows Defender Security Vulnerability
Microsoft Windows Defender is a suite of antivirus software that comes with Windows systems from Microsoft USA. A security vulnerability exists in Microsoft Windows Defender. An attacker can exploit the vulnerability to elevate privileges...
Vyper 安全漏洞
Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper versions prior to 0.3.10 that stems from allowing ecrecover to return undefined data for invalid signatures...
Craft CMS 跨站脚本漏洞
Pixel & tonic Craft CMS is a content management system CMS from the US-based company Pixel & tonic. A security vulnerability exists in Craft CMS, which stems from an incorrectly formatted RSS feed that can deliver a payload with cross-site scripting...
Linksys E2000 命令注入漏洞
The Linksys E2000 is a wireless router from Linksys USA. The Linksys E2000 1.0.06 firmware version suffers from a command injection vulnerability that stems from the fact that if an attacker gains web administrative privileges, he/she can inject commands into the post request parameters wlssid,...
Piwigo SQL注入漏洞
Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. A security vulnerability exists in Piwigo version 13.6.0, which stems from a problem with the configuration file functionality and can...
Microsoft PostScript Printer Driver安全漏洞
Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft.Microsoft PCL6 Class Printer Driver is a printer driver from Microsoft. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft. An information disclosure...
Earnings and Expense Tracker App 跨站脚本漏洞
Expense Tracker is an expense tracker organized by SourceCode and Projects. A security vulnerability exists in the SourceCodester Earnings and Expense Tracker App version 1.0, which stems from incorrect manipulation of the parameter name resulting in cross-site scripting...
answer 安全漏洞
answer is an open source knowledge-based community software. A security vulnerability exists in versions of answer prior to 1.0.6, which stems from an unlimited number of authentications...
WordPress Plugin Extensions For CF7 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress plugin The Mongoose Page Plugin 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Apache Kylin 安全漏洞
Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. kylin has a command injection vulnerability, the vulnerability stems fr...
memos 跨站脚本漏洞
memos is an open source hosted memo center with knowledge management and social features. A cross-site scripting vulnerability exists in memos, which can be exploited by an attacker to be able to steal a user's cookie...