195539 matches found
Backdrop CMS 跨站脚本漏洞
Backdrop CMS is an open source content management system CMS. A security vulnerability exists in Backdrop CMS versions prior to 1.24.2. An attacker can exploit this vulnerability to inject arbitrary web script or html code via the name parameter...
Microsoft .NET Core 安全漏洞
Microsoft .NET Core is a free open source development platform from Microsoft USA. The platform features multi-language support and cross-platform. NET has a DLL hijacking remote code execution vulnerability that can be exploited by an attacker to remotely execute code...
HashiCorp Vault 安全漏洞
HashiCorp Vault is a private key access management tool from the US-based HashiCorp. HashiCorp Vault suffers from a security vulnerability that stems from vulnerability to a cache timing attack, where an attacker who is able to observe a large number of unblocking operations on a host through a...
answer 安全漏洞
answer is an open source knowledge-based community software. A security vulnerability exists in versions of answer prior to 1.0.6 that stems from bypassing authentication...
Microsoft PostScript Printer Driver 安全漏洞
Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft USA. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft Corporation. Microsoft PostScript and PCL6 Class Printer Driver contains an information disclosure...
OpenMage Magento Lts 代码问题漏洞
OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A code issue vulnerability exists in OpenMage LTS versions 19.4.22 through 20.0.19, which originates from an administrator who has the right to upload files and create products via DataFlow, and can execute arbitrary code...
memos 授权问题漏洞
memos is an open source hosted meme center with knowledge management and social features. A vulnerability exists in memos prior to version 0.9.1 due to an authorization issue, which can be exploited by an attacker to archive any private memos, delete any shortcuts, and edit any shortcuts from oth...
Fortinet FortiMail 安全漏洞
Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides email security and data protection features. A security vulnerability exists in Fortinet FortiMail versions 7.2.0, 7.0.0 through 7.0.3, 6.4, 6.2, 6.0, and 6.0, which stems from improper...
WordPress plugin Easy WP SMTP 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
php uploader 代码问题漏洞
CreativeDream php uploader is an easy-to-use, high-performance file upload script for CreativeDream personal developers. CreativeDream php uploader version 0.3 is vulnerable to arbitrary file uploads, which stem from a lack of valid validation of uploaded files by the application. An attacker cou...
Discourse 安全漏洞
Discourse is an open source community discussion platform. An access control error vulnerability exists in versions of Discourse prior to 2.8.9 and prior to 2.9.0.beta10. The vulnerability stems from improper access control of the API, which could be exploited to create new topics and edit existi...
lighttpd 安全漏洞
lighttpd is an open source web server developed by Jan Kneschke in Germany. A security vulnerability exists in lighttpd that originates from a denial-of-service attack that can be triggered via CLOSEWAIT / CONSTATEREADPOST...
Google TensorFlow 安全漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A security vulnerability exists in Google TensorFlow, which stems from an assertion failure in the GPU kernel when MaxPool receives a window-sized input array ksize with a...
NodeBB Forum Software 跨站请求伪造漏洞
NodeBB is a forum system from the Design Create Play team built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. A cross-site request forgery vulnerability exists in NodeBB Forum Software versions prior to 1.17.1, which stems from an unwanted condition in t...
Exment SQL注入漏洞
Exment is simple, easy, lightweight and free web database. A security vulnerability exists in Exment PHP8 v5.0.2 and earlier, laravel-admin v3.0.0 and earlier, and exment PHP7 v4.4.2 and earlier, which can be exploited by attackers to execute arbitrary SQL commands...
Supersmart 安全漏洞
Supersmart is an artificially intelligent automated checkout for brick-and-mortar retail from Israel's Supersmart. Supersmart Walk suffers from a security vulnerability that stems from the presence of unauthorized actions performed on other customers, which can be exploited by an attacker to rese...
SQUIRREL 缓冲区错误漏洞
SQUIRREL is a stable version of the programming language SQUIRREL 3.2. A buffer error vulnerability exists in SQUIRREL 2.2.5 and earlier and 3.1 and earlier 3.x. The vulnerability stems from sqclass.cpp allowing out-of-bounds reads in the kernel interpreter, which can lead to code execution that,...
hestiacp 操作系统命令注入漏洞
hestiacp is a lightweight and powerful control panel for the modern web. An operating system command injection vulnerability exists in hestiacp versions prior to 1.6.5, which stems from the ability to inject arbitrary commands when installing DokuWiki...
Moodle 跨站脚本漏洞
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. a cross-site scripting vulnerability exists in the LTI module of Moodle, which stems from a lack of data validation filtering of...
Foxit PDF Reader 资源管理错误漏洞
Foxit PDF Reader is a PDF reader from Foxit China.A remote code execution vulnerability exists in Foxit PDF Reader Annotation, which can be exploited by attackers to execute code in the context of the current process...
git-clone 参数注入漏洞
git-clone is a repository for cloning git repositories developed by Jason Frame in the UK. A parameter injection vulnerability exists in git-clone, which stems from an unsafe use of git's --upload-pack feature, which makes all versions of the package git-clone vulnerable to command injection...
WordPress plugin Amazon Link 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Amazon Link plugin 3.2.10 and earlier versions have a cross-site scripting vulnerability th...
HashiCorp go-getter 命令注入漏洞
HashiCorp go-getter is a library for HashiCorp's Go golang for downloading files or directories from various sources using URLs as the primary form of input. A command injection vulnerability exists in HashiCorp go-getter version 2.0.2 and prior versions, which stems from the presence of a comman...
ArgoCD 安全漏洞
ArgoCD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...
Hashicorp go-getter 日志信息泄露漏洞
Hashicorp go-getter is a library for Go golang that is used to download files or directories from various sources using URLs as the primary form of input. A log information disclosure vulnerability exists in Hashicorp go-getter version 1.5.11, which stems from the ability of the go-getter library...
WordPress plugin RRatingg SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...
PSR-7 Message Implementation 输入验证错误漏洞
PSR-7 Message Implementation is a complete PSR-7 message implementation. An input validation error vulnerability exists in PSR-7 Message Implementation version 1.8.3 and earlier and in psr7 from version 2.0.0 through 2.1.0. An attacker can add a new line of characters and pass untrusted values...
Shopware 代码问题漏洞
Shopware is a German Shopware company's open source e-commerce software. A code issue vulnerability exists in Shopware that stems from the fact that in the affected version, a user session is not logged off if the password is reset via password recovery. An attacker could exploit the vulnerabilit...
PHPMailer 代码问题漏洞
PHPMailer is a PHP class library for sending e-mail. A security vulnerability exists in PHPMailer that originates from untrusted data in a path with a UNC pathname, which can be exploited by an attacker to remotely execute code...
Ubuntu Apport 后置链接漏洞
Canonical Ubuntu is a GNU/Linux operating system from the British company Canonical that focuses on desktop applications. A security vulnerability exists in Ubuntu Apport that stems from the incorrect handling of certain information gathering operations, which can be exploited by an attacker who...
Typebot 安全漏洞
Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained a security vulnerability. This vulnerability stemmed from the lack of cleanup for configuration file upload forms or the absence of restrictions on SVG/XML uploads, which coul...
Kilo Code 路径遍历漏洞
Kilo Code is an open-source AI coding assistant developed by Kilo Code. Versions of Kilo Code 7.0.47 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of parameters File in the Bun.file function within the File Diff API Endpoint component...
Traefik 访问控制错误漏洞
Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.46, 3.6.17, and 3.7.1 contained a access control vulnerability. This vulnerability stemmed from the Kubernetes Gateway API provider, which allowed tenants with permission to create...
i18next-fs-backend 路径遍历漏洞
i18next-fs-backend is an open-source backend layer developed by i18next for Node.js and Deno environments. It is used to load translation resources from the file system. Versions of i18next-fs-backend prior to 2.6.4 contained a path traversal vulnerability. This vulnerability arises from directly...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error in the doprocmapquery function, potentially leading to a double mmput operation due to an...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the release of resources after an initstream failure, which could lead to post-release reuse...
SOCA Access Control System 安全漏洞
SOCA Access Control System is an access control system from China's Sunchem SOCA. A security vulnerability exists in SOCA Access Control System version 180612, which stems from an unvalidated POST parameter and could lead to a SQL injection attack...
Liferay Portal和Liferay DXP 跨站脚本漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
WordPress plugin AP Background 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary file upload vulnerability exists in the WordPress AP Background plugin, which stems from a lack of authorization and insufficient file validation in the...
Microsoft SQL Server 竞争条件问题漏洞
Microsoft SQL Server is a large commercial database system from Microsoft Corporation that is used under Microsoft Windows. A competitive condition issue vulnerability exists in Microsoft SQL Server. An attacker exploiting this vulnerability could gain access to sensitive information. The followi...
Microsoft Office 安全漏洞
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a deadlock in the sa1100settermios function...
NVIDIA CUDA toolkit 安全漏洞
The NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. A security vulnerability exists in the NVIDIA CUDA toolkit, which stems from a crash in the cuobjdump binary that could lead to a partial denial...
Astro 跨站请求伪造漏洞
Astro is an Astro open source web framework for content-driven websites. A cross-site request forgery vulnerability exists in Astro version 4.16.16 and earlier, which stems from a flaw in the cross-site request forgery protection middleware that allows requests to bypass CSRF checks, leaving them...
ZOHO ManageEngine ADManager Plus 安全漏洞
ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO, Inc. designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...
Beckhoff TwinCAT 操作系统命令注入漏洞
Beckhoff TwinCAT is a software system from Beckhoff, Germany, consisting of a real-time environment and a real-time system for executing control programs in a development environment. The system is mainly used for PLC Programmable Logic Controller programming, diagnostics and system configuration...
LevelOne WBR-6012 安全漏洞
The LevelOne WBR-6012 is a wireless router from LevelOne. A security vulnerability exists in the LevelOne WBR-6012 that stems from a reliance on client IP addresses for authentication, resulting in an authentication bypass vulnerability in the web application...
HTMLDOC 安全漏洞
HTMLDOC is an open source program by Michael R Sweet, an individual developer, that converts HTML and Markdown files into EPUB, Indexed HTML, PostScript and PDF format files. A security vulnerability exists in HTMLDOC version v1.9.18, which stems from the discovery of a buffer overflow...
WordPress plugin Author Avatars List/Block 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Author Avatars...
Devise-Two-Factor 安全漏洞
Devise-Two-Factor is a minimalist extension of Devise to the Devise-Two-Factor open source. It is used to provide support for two-factor authentication via TOTP schemes. A security vulnerability exists in Devise-Two-Factor versions 2.2.0 and earlier and 6.0.0 and earlier, which stems from an...