195539 matches found
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser from Google, Inc. in the United States. A security vulnerability exists in Google Chrome Mac and Linux versions prior to 108.0.5359.124, and Windows versions prior to 108.0.5359.125, which stems from a post-release reuse in Blink Frames...
WordPress plugin Contact Form 7 Database Addon 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...
WordPress plugin Follow Me Plugin 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Follow Me Plugin 3.1.1 and...
HashiCorp Nomad 代码问题漏洞
HashiCorp Nomad is a simple and flexible scheduler and orchestrator from HashiCorp USA. for managing containerized and non-containerized applications at scale, both locally and in the cloud. A code issue vulnerability exists in HashiCorp Nomad and Nomad Enterprise versions 1.4.0 through 1.4.1,...
Google Android 资源管理错误漏洞
Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...
YetiForceCrm 跨站脚本漏洞
YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site scripting vulnerability exists in versions of YetiForceCrm prior to 6.4.0, which stems from the undefined and unvalidated workflowModel-summary parameter on the Workflow module in Settings and is used direct...
Matrix matrix-appservice-irc 资源管理错误漏洞
matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. A resource management error vulnerability exists in Matrix matrix-appservice-irc prior to version 0.35.0, which stems from an error in the underlying matrix-org/node-irc...
OpenEMR 跨站脚本漏洞
OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A cross-site scripting vulnerability exists in OpenEMR versions prior to 7.0.0.1,...
Jenkins CLIF Performance Testing Plugin 路径遍历漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A path traversal...
Git for Windows 代码问题漏洞
Git for Windows is the Git groups' Git for Windows. A code issue vulnerability exists in versions prior to Git for Windows v2.37.1, which stems from the possibility that the installer can be tricked into executing untrusted binaries...
Jenkins Plugin RocketChat Notifier 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...
WordPress plugin WP Ultimate CSV Importer 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A server cross-site request...
Xwiki Platform 跨站脚本漏洞
Xwiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company Xwiki. A security vulnerability exists in XWiki Platform Flamingo Theme UI versions after 6.2.4, 6.3-rc-1, which stems from the presence of a cross-site scripting vector in the...
WordPress plugin WPCargo Track & Trace 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress WPCargo Track...
Shopware 授权问题漏洞
Shopware is a suite of open source e-commerce software from the German company Shopware. There is a security vulnerability in Shopware, there is no information about the vulnerability at the moment, please stay tuned to CNNVD or the vendor's announcement...
WordPress plugin MapPress Maps代码问题漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress MapPress Maps plugin has an authorization problem vulnerability that stems from a lack of authentication measures or...
Gitea 输入验证错误漏洞
Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in Gitea versions prior to 1.16.5, which stems from opening a redirect during login in Gitea versions prior to 1.16.5...
iRZ Mobile Routers 跨站请求伪造漏洞
iRZ Mobile Routers is a series of mobile routers from the Russian company iRZ. A security vulnerability exists in /api/crontab of iRZ Mobile Routers, which can be exploited by an attacker to create a crontab entry in the router's administration panel, which will be executed by a cronjob at an...
Microsoft Defender 代码注入漏洞
Microsoft Defender for IoT is an asset discovery, vulnerability management, and threat monitoring solution for IoT/OT environments.Microsoft Defender for IoT suffers from a remote code execution vulnerability. An attacker could exploit this vulnerability to execute code on the target host...
Oracle VM VirtualBox 安全漏洞
Oracle VM VirtualBox is a virtual machine management software from Oracle. A denial of service vulnerability exists in the Core component of Oracle VM VirtualBox versions prior to 6.1.28, which can be exploited by an attacker to cause Oracle VM VirtualBox to hang or crash frequently and repeatedl...
IR615 Router 跨站脚本漏洞
The IR615 Router is a 4G industrial router from Rimu Technologies, China. IR615 Router has a cross-site scripting vulnerability that could be exploited to hijack user sessions connected to the system...
Http4s访问控制错误漏洞
http4s is an open source streaming HTTP server for Scala. An access control error vulnerability exists in Http4s that stems from the default CORS configuration being vulnerable to source reflection attacks. The following products and versions are affected: 0.21.26 and earlier, 0.22.0 through...
merge-change 软件包安全漏洞
merge-change is an open source simple library for deep merging of objects and other types, also for patching and immutable new. The merge-change package has a security vulnerability that makes the package susceptible to prototype contamination via the utils.set function...
RabbitMQ跨站脚本漏洞
Pivotal Software RabbitMQ is a suite of open source message broker software from Pivotal Software, USA, that implements the Advanced Message Queuing Protocol AMQP. A cross-site scripting vulnerability exists in RabbitMQ versions prior to 3.8.17, which stems from a cross-site scripting vulnerabili...
Ubuntu Apport 后置链接漏洞
Apport is a toolkit for collecting and giving feedback on error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Ubuntu Apport that stems from incorrect handling of certain information gathering operations, which can be...
dify 安全漏洞
dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.13.3 have security vulnerabilities. These vulnerabilities stem from improper handling of parameters in the parseopenaipluginjsontotoolbundle function of the ApiBasedToolSchemaParser...
Frigate 安全漏洞
Frigate is a complete native NVR designed by Blake Blackshear for home assistants with AI object detection capabilities. Version 0.17.0 of Frigate contains a security vulnerability caused by improper access control, which may lead to the exposure of sensitive configuration information...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the IdentityBrokerService.performLogin endpoint allowing authentication with disabled identity providers, potentially leading to bypass of access...
vichan 授权问题漏洞
Vichan is an open-source PHP image panel developed by vichan-devel. Versions of Vichan 5.1.5 and earlier have a vulnerability related to authorization issues. This vulnerability stems from the handling of the Password parameter by the Password Change Handler component in the inc/mod/pages.php fil...
Microsoft Windows Network Driver Interface Specification 缓冲区错误漏洞
The Microsoft Windows Network Driver Interface Specification is one of the core components of a Windows network architecture from Microsoft Corporation. A buffer error vulnerability exists in the Microsoft Windows Network Driver Interface Specification. An attacker could exploit this vulnerabilit...
WordPress plugin TempTool 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly freeing the node pointer returned by ofgetchildbyname, which could lead to a reference count leak...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from canaan k230 not completing DT resolution before registering pinctrl, which could lead to the use of...
Microsoft Office 资源管理错误漏洞
Microsoft Office is an office software suite product from the U.S.-based Microsoft Corporation Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and others. A resource management error vulnerability exists in Microsoft Office. An attacker...
Siemens多款产品 安全漏洞
Siemens SmartClient modules Opcenter QL Home is a client module from Siemens Germany. A security vulnerability exists in various Siemens products, which stems from mishandling of errors and could lead to the exposure of system applications. The following products and versions are affected:...
Autodesk Navisworks 缓冲区错误漏洞
Autodesk Navisworks is a 3D model review software for architecture, engineering, and construction by Autodesk, Inc. A security vulnerability exists in Autodesk Navisworks that originates from parsing a specially crafted DWFX file resulting in an out-of-bounds read, which could trigger a crash or...
VMware Tools for Windows 安全漏洞
VMware Tools for Windows is a suite of Windows-based enhancement tools from VMware that come with VMWare virtual machines, and it is a driver provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of the virtual machine with th...
Apache Camel 安全漏洞
Apache Camel is an open source integration framework based on the Enterprise Integration Pattern EIP from the Apache Foundation in the United States. The framework provides an implementation of the Enterprise Integration Pattern's Java Objects POJOs and configures rules for routing and brokering...
Fortinet FortiWeb SQL注入漏洞
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A SQL injection vulnerability exists in...
Hanwha Vision NVR 安全漏洞
Hanwha Vision NVR is a series of network video recorder devices from Hanwha Vision, a South Korean company. A security vulnerability exists in Hanwha Vision NVR that stems from a hard-coded seed string for an encryption key, which can lead to remote code execution...
Xen 安全漏洞
Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen that stems from a...
AirTies Air4443 跨站脚本漏洞
AirTies Air4443 is a firmware from AirTies, Inc. A cross-site scripting vulnerability exists in AirTies Air4443 that stems from improper input neutralization during web page generation, resulting in a cross-site scripting vulnerability...
Cisco 多款产品安全漏洞
Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliances Software ASA Software are both products of Cisco Corporation.Cisco Firepower Threat Defense is a set of unified software to provide next-generation firewall services. Cisco Adaptive Security Appliances Software is a set of...
Intel Extreme Tuning Utility 安全漏洞
Intel Extreme Tuning Utility is a software from Intel Corporation USA that can increase CPU frequency. In addition to supporting overclocking of CPUs and graphics cards, the program also features system hardware information detection and real-time monitoring of the current system status to ensure...
SaltStack Salt 安全漏洞
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt that stems from an attacker being able to traverse a directory in order to...
WordPress Plugin GoCardless Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Plugin flowpaper Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Broadcom Symantec SiteMinder 跨站脚本漏洞
Broadcom Symantec SiteMinder is an identity provider and federation system from Broadcom, Inc. It provides access to web applications and portals. A security vulnerability exists in Broadcom Symantec SiteMinder version 12.52. An attacker could exploit this vulnerability to execute malicious HTML...
WordPress plugin Essential Addons for Elementor 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An authorization issue vulnerabilit...
Lost and Found Information System SQL注入漏洞
Lost and Found Information System is a lost and found information system by oretnom23 Individual Developer. A SQL injection vulnerability exists in Lost and Found Information System version 1.0, which stems from an incorrect manipulation of the parameter id resulting in sql injection...