195539 matches found
Apache Pulsar 信任管理问题漏洞
Apache Pulsar is an Apache Foundation distributed messaging platform for cloud environments that integrates messaging, storage, and lightweight functional computing. The software supports multi-tenancy, persistent storage, multi-room cross-regional data replication, with strong consistency, high...
Roxy-WI 命令注入漏洞
Roxy-WI is an open source web interface for managing Haproxy, Nginx and Keepalived servers. A command injection vulnerability exists in Roxy-WI versions prior to 6.1.1.0, which stems from the ability to remotely run system commands via the subprocessexecute function...
WordPress plugin Limit Login Attempts 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. versions of the WordPress Limit Login Attempts plugin prior to 4.0.72 have a cross-site scripting...
Rails 跨站脚本漏洞
Rails is a set of Rails team based on the Ruby language open source web application framework. Rails suffers from a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker can exploit the vulnerability to...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform, HANA Database from SAP startservice. An attacker exploited the vulnerability to escalate privileges, which...
多款Siemens产品代码问题漏洞
Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...
Microweber 安全漏洞
Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber versions prior to 1.2.15 that stems from a...
git-interface 操作系统命令注入漏洞
git-interface is an interface for using git repositories in node.js by the Russian individual developer Yarkeev Denis. A security vulnerability exists in yarkeev git-interface versions prior to 2.1.1, which stems from a lack of filtering of the git clone and git --upload-pack command line...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. An authorization issue vulnerability exists in Mattermost 6.4.1 and earlier versions, which stems from an API that fails to properly protect permissions and can be exploited by an authenticated attacker to bypass restrictio...
NETGEAR R6260 安全漏洞
NETGEAR R6260 is a router device. A security vulnerability exists in NETGEAR R6260 routers, which stems from the device's failure to properly validate the length of user-supplied data before copying it to a fixed-length buffer, which could be exploited by an attacker to execute code in the root...
Brave 安全漏洞
Brave is a fast, private and secure web browser from Brave USA. A security vulnerability exists in Brave Desktop versions 1.17 - 1.26.60 that could lead to information disclosure...
Microsoft Office SharePoint 代码问题漏洞
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...
node-mpv 格式化字符串错误漏洞
node-mpv is a Node.js based MPV player module. A security vulnerability exists in mpv version 0.33.0 and earlier versions, which can be exploited by an attacker to achieve code execution via a crafted m3u playlist file...
Webmin 安全漏洞
Webmin is a set of web-based system management tools for Unix-like operating systems, developed by the Webmin community. Versions of Webmin prior to 2.640 contained a security vulnerability, which stemmed from the insecure construction of the attachment save file name in the mailboxes/detachall.c...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a failure in the spisetup function during spi device registration, resulting in the controller...
HPE Aruba Networking Wireless Operating System 安全漏洞
HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from stack buffer overflows in several underlying...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.2 contained security vulnerabilities. These vulnerabilities were caused by race conditions in ZIP extraction, which could allow local attackers to write files outside of the...
V-SOL GPON/EPON OLT Platform 输入验证错误漏洞
V-SOL GPON/EPON OLT Platform is an optical line terminal management platform from China Semiconductor V-SOL. An input validation error vulnerability exists in V-SOL GPON/EPON OLT Platform version v2.03, which stems from improper validation of the parent parameter input and could lead to an open...
SOCA Access Control System 安全漏洞
SOCA Access Control System is an access control system from China's Sunchem SOCA. A security vulnerability exists in SOCA Access Control System version 180612, which stems from a lack of request validation and could lead to cross-site request forgery attacks...
Hoverfly 授权问题漏洞
Hoverfly is a lightweight open source API emulation tool open-sourced by SpectoLabs. An authorization issue vulnerability exists in Hoverfly 1.11.3 and earlier versions that originates from an unprotected WebSocket endpoint and could lead to information disclosure...
Microsoft Windows Kernel 输入验证错误漏洞
Microsoft Windows Kernel is the kernel of the Windows operating system from Microsoft Corporation USA. An input validation error vulnerability exists in Microsoft Windows Kernel. An attacker can exploit the vulnerability to elevate privileges. The following products and versions are...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from rxrpc calling localbhenable when IRQ is disabled, which may result in a warning...
Debian devscripts 安全漏洞
Debian devscripts is a Debian community package that contains a collection of packages for system maintenance and scripting. A security vulnerability exists in Debian devscripts that stems from the uscan tool skipping OpenPGP authentication when verifying upstream sources...
MediaWiki Security Breach
MediaWiki is a set of free and freely available web-based Wiki engines from the American Wikimedia Wikimedia Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki has a security vulnerability that stems from the fact that MediaWiki i...
ABB RMC-100 安全漏洞
The ABB RMC-100 is a remote modular controller from ABB Switzerland. Capable of managing automation, liquid and gas measurements, asset data centralization for large production and transmission facilities. A security vulnerability exists in the ABB RMC-100 that stems from the use of hard-coded...
QuickJS 安全漏洞
QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS 0.9.0 and earlier versions, which stems from a lack of length checking in JSReadString, and may result in a heap buffer overflow...
REDCap 安全漏洞
REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap 15.0.0 and earlier versions, which stems from a lack of cross-site request forgery protection in the logout functionality, which allows an attacker to trigger a logout...
SAP Adobe Document Service 代码问题漏洞
Adobe Document Service is a service provided by Adobe for processing documents, supporting PDF creation, editing and other functions. A code issue exists in Adobe Document Service that originates from a vulnerability that allows an attacker with administrator privileges to send a specially crafte...
WordPress plugin WP Job Manager – Company Profiles 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exis...
Microsoft GroupMe 代码问题漏洞
Microsoft GroupMe is a confidential group messaging service from Microsoft. Users can conduct and manage SMS group chat via cell phone SMS or client. Microsoft GroupMe suffers from an Access Control Error vulnerability that stems from improper access control. An attacker could exploit the...
JupyterLab 安全漏洞
JupyterLab is a JupyterLab open source extensible environment for interactive and repeatable computation, based on the Jupyter Notebook and architecture. A security vulnerability exists in JupyterLab that originates from opening a malicious notebook or Markdown file with Markdown cells using the...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unhandled soft interrupt causing a fix to hang...
HDF Group HDF5 安全漏洞
HDF Group HDF5 is a suite of tools for managing and storing different types of data from the American company HDF Group. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF5 version 1.13.3 and pri...
WordPress plugin Prime Slider 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin iPanorama 360 WordPress Virtual Tour Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
ArgoCD Security Vulnerabilities
ArgoCD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...
Cisco Firepower Threat Defense Security Vulnerability
Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services. A security vulnerability exists in the Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense that stems from a vulnerability in the Remote Access VPN featur...
Apache Airflow 输入验证错误漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An information disclosure vulnerability exists in Apache Airflow Spark Provider...
Carel Boss Mini 安全漏洞
Carel Boss Mini is a locally supervised solution for small, medium and large systems from Carel Italia. A security vulnerability exists in Carel Boss Mini version 1.4.0 Build 6221, which stems from the parameter path of the file boss/servlet/document can lead to file inclusion...
XWiki Platform 跨站脚本漏洞
XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A cross-site scripting vulnerability exists in xwiki-platform-web versions 2.2.1 through 14.4.8, xwiki-platform-web-templates versions prior to 14.4.8, 14.5 through 14.10.5...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from an inability to clean up temporary error messages, which can be exploited by an attacker to obtain the content of arbitrary messages via...
Joomla! 输入验证错误漏洞
Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! versions 4.2.0 through 4.3.1, which stems from a lack of input validation and can lead to open redirects and cross-site scripting XSS...
Google Android 缓冲区错误漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates from incorrect boundary checking of avdtscbhdlpktnofrag in the avdtscbact.cc component, which can be exploited by an attacker to elevate...
Microsoft Snipping Tool 安全漏洞
Microsoft Snipping Tool is a screenshot tool from Microsoft Corporation USA. A security vulnerability exists in Microsoft Snipping Tool, which stems from the presence of an information disclosure vulnerability...
Razer Synapse 代码问题漏洞
Razer Synapse is an application from Razer, Inc. designed to configure and customize Razer's line of hardware. A security vulnerability exists in versions prior to Razer Synapse 3.7.0830.081906 that stems from its insecure installation path, improper privilege management, and improper certificate...
Jenkins Plugin TestQuality Updater 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Deno 竞争条件问题漏洞
Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. Deno suffers from a Competing Conditions Issue vulnerability that arises when a multi-threaded program can spoof an interactive permission prompt by rewriting the...
Apache Sling 跨站脚本漏洞
Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. It is designed to create content-centric applications on JSR-170 compliant content repositories such as Apache Jackrabbit. A cross-site scripting vulnerability exists in Sling App CMS...
Concourse 安全漏洞
Concourse is an automated system written in Go by Concourse Open Source. A security vulnerability exists in Concourse versions prior to 7.x.y through 7.8.3 and versions prior to 6.x.y through 6.7.9, which stems from the ability of its users to send a request with a request body...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser from Google, Inc. in the United States. A security vulnerability exists in Google Chrome Mac and Linux versions prior to 108.0.5359.124, and Windows versions prior to 108.0.5359.125, which stems from a post-release reuse in Blink Frames...