195539 matches found
LibreNMS 跨站脚本漏洞
LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. LibreNMS suffers from a cross-site scripting vulnerability that originates from a stored...
Linux kernel 信息泄露漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. An information disclosure vulnerability exists in the Linux kernel. An attacker exploits this vulnerability to read memory segments of the Linux kernel to obtain sensitive...
GitHub argo-cd 信息泄露漏洞
GitHub argo-cd is an open source application from Github. A declarative GitOps continuous delivery tool for Kubernetes. GitHub argo-cd suffers from an information disclosure vulnerability that stems from incorrect access control leading to administrator privilege escalation. All unpatched version...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Oct-2025 Release 1, which originates from an out-of-bounds write in th...
GraphQL 安全漏洞
GraphQL is an open source, API-oriented data query manipulation language and corresponding runtime environment created by GraphQL Open Source. A security vulnerability exists in GraphQL that stems from loading a malicious schema definition that could lead to remote code execution...
New API 授权问题漏洞
The New API is an interface software developed by QuantumNous. Versions of the New API starting from 0.10.0 have a vulnerability related to authorization. This vulnerability stems from logical flaws in the general security verification process, allowing authenticated users with registered...
TOTOLINK EX1200T 安全漏洞
The TOTOLINK EX1200T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The TOTOLINK EX1200T suffers from a buffer overflow vulnerability that originates from the parameter LangType in the file /cgi-bin/cstecgi.cgi that fails to correctly validate the length and size of the input...
Raisecom MSG1200、MSG2100E、MSG2200和MSG2300 操作系统命令注入漏洞
The Raisecom MSG1200 and others are a Gigabit converged gateway from Raisecom China. An OS command injection vulnerability exists in the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300, which stems from the fact that incorrect operation of the parameter template can lead to OS command injection...
node-red-dashboard 跨站脚本漏洞
node-red-dashboard is a package for quickly creating real-time data dashboards. A security vulnerability exists in node-red-dashboard that stems from some unknown processing in the components/ui-component/ui-component-ctrl.js file in the component uitext Format Handler being affected, which could...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper initialization of arrays, which could lead to reuse after release...
OpenStack Designate Security Vulnerability
OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA in the U.S. Designate is one of the components used to provide DNSaaS DNS-as-a-Service services for OpenStack. A security vulnerability exists in OpenStack Designate that stems from an acces...
Elastic Kibana Log Information Disclosure Vulnerability
Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A log message disclosure vulnerability exists in Elastic Kibana versions 8.0.0 through 8.11.1, which...
Editor.js 跨站脚本漏洞
Editor.js is a CodeX open source block style editor with clean JSON output. A cross-site scripting vulnerability exists in Editor.js versions prior to 2.26.0, which stems from easy code injection via pasted input, where the processHTML method passes pasted input to the innerHTML of the wrapper...
Biscuit 数据伪造问题漏洞
Biscuit is delegated, decentralized, capability-based authorization tokens. A data forgery issue vulnerability exists in the v1 version of Biscuit that stems from allowing an attacker to create tokens with any access level...
Technitium DNS Server 安全漏洞
Technitium DNS Server is an open source authoritative and recursive DNS server from the Technitium team. It can be used to self-host DNS servers for privacy and security. A security vulnerability exists in Technitium DNS Server version 8.0.2, which stems from variant V2 that allows accidental...
coreos-installer 数据伪造问题漏洞
CoreOs-Installer is a program. It is used to assist in the installation of Fedora CoreOs Fcos and CoreOs for Red Hat Enterprise Linux Rhcos. A security vulnerability exists in coreos-installer that allows an attacker to spoof victims by Gzip-compressing images and using malicious data on...
Red Hat build of Keycloak 安全漏洞
Red Hat build of Keycloak is a web application for single sign-on from Red Hat, Inc. A security vulnerability exists in Red Hat build of Keycloak version 26.4 that stems from debug mode insecurely binding the JDWP port to all network interfaces, which could lead to remote code execution...
WordPress plugin Simple-File-List 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
WordPress plugin TI WooCommerce Wishlist 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
WordPress plugin WP Data Access SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
WordPress plugin Revive Old Posts 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...
Google TensorFlow 输入验证错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google Tensorflow suffers from an input validation error vulnerability, which can be exploited by an attacker to cause a CHECK failure denial-of-service based assertion failure and result in a denial of...
Apache Solr 路径遍历漏洞
Apache Solr is the United States Apache Apache Foundation of a search server based on Lucene a full-text search engine. The product supports level search , vertical search , highlighting search results and so on. Apache Solr has a security vulnerability that can be exploited by an attacker to gai...
D-Link DIR-823G 安全漏洞
The D-Link DIR-823G is a wireless router from China's AUO D-Link. The D-Link DIR-823G suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the device...
Argo Events 安全漏洞
Argo Events is an event-driven workflow automation framework for Kubernetes open-sourced by Argo Project. A security vulnerability exists in versions prior to Argo Events v1.9.6 that stems from a user with the permission to create or modify EventSource and Sensor can gain privileged access to the...
GeoServer Code Issues Vulnerabilities
GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer versions 2.22.x prior to 2.22.5 and 2.23.x prior to 2.23.2 that originates from allowing users to share and edit geospatial data...
Graphite-Web 跨站脚本漏洞
Graphite-Web is a highly scalable real-time drawing system open-sourced by Graphite Project. A security vulnerability exists in Graphite-Web, which stems from a problem with an unknown function of the component Absolute Time Range Handler that can lead to cross-site scripting...
npm libpq 后置链接漏洞
npm libpq is a node-native binding to the PostgreSQL libpq C client library from npm USA. A backlink vulnerability exists in versions of libpq prior to 1.7.1, which stems from the fact that Read calls to g GitArtifactReader.readFromRepository do not check for files containing trigger resource...
NestJS Proxy 信息泄露漏洞
NestJS Proxy is a Finastra open source NestJS module for decorating and proxying calls. An information disclosure vulnerability exists in NestJS Proxy versions prior to 0.7.0 that stems from the nestjs-proxy library's inability to prevent the forwarding of sensitive cookies e.g., session cookies ...
WordPress Plugin DethemeKit For Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
Parse Server 安全漏洞
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 4.10.19 or 5.3.2, which stems from an attacker's ability to contaminate prototypes via cloud code web hooks or cloud code...
deep-object-diff 安全漏洞
deep-object-diff is a small library by Matt Phillips, a personal developer, that can deeply differentiate between two JavaScript objects, including arrays and nested structures of objects. A security vulnerability exists in deep-object-diff version 1.1.0 that stems from an application's inability...
Cisco IOS XE 安全漏洞
Cisco IOS XE is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE that stems from improper package...
Trix 安全漏洞
Trix is a Basecamp open source rich text editor for everyday writing. A security vulnerability exists in versions prior to Trix 2.1.1 that stems from improper cleanup of pasted content...
Gentics Software Gentics CMS 跨站脚本漏洞
Gentics Software Gentics CMS is a digital publishing and content management system from the Austrian company Gentics Software. A cross-site scripting vulnerability exists in Gentics CMS version 5.36.29. An attacker can exploit this vulnerability to store malicious JavaScript code in user names an...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from iommufd not properly calculating pfn lists when processing batch operations, which could lead to page metada...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from cxl ras CPER handler device obfuscation...
synchrony security vulnerability
synchrony is a javascript-obfuscator cleaner and anti-obfuscator by the relative personal developer. A security vulnerability exists in synchrony versions prior to v2.4.4, which stems from the presence of a prototype contamination vulnerability. The vulnerability can be exploited to execute...
Microsoft ODBC Driver Security Vulnerability
Microsoft ODBC Driver is a driver from Microsoft. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in Microsoft ODBC Driver. An attacker could exploit the vulnerability to remotely execute code...
WordPress plugin article-directory-redux cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
GoUtils 安全特征问题漏洞
GoUtils is Masterminds open source a library . It provides users with utility functions that manipulate strings in various ways. A security vulnerability exists in Masterminds goutils that stems from the fact that randomly generated alphanumeric strings contain much less entropy than expected, an...
NodeBB 跨站请求伪造漏洞
NodeBB is a forum system from the Design Create Play team built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability exists in NodeBB 2.5.7 and earlier versions, which stems from an unknown part of the file /register/abort being affecte...
Nortek Control Linear eMerge E3-Series 信任管理问题漏洞
The Nortek Control Linear eMerge E3-Series is an access control from Nortek Control USA. It allows you to specify which doors a person can use to enter and exit a specified location at a specified time. A security vulnerability exists in the Nortek Control Linear eMerge E3-Series, which stems fro...
ZEIT Next.js 代码问题漏洞
ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. NextAuth.js is the authentication for Next.js. A code issue vulnerability exists in Next.js NextAuth.js versions prior to 3.29.5 and prior to 4.5.0 that stems from a lack of validati...
Leo-Editor 安全漏洞
Leo-Editor is an open source Ide, Outline, and Pim from Edward K. Ream, an individual developer in the U.S. It is used to speed up the workflow of programmers, authors, and web designers. A security vulnerability exists in Leo-Editor version 6.2.1 due to a regular expression denial of service...
elFinder 代码问题漏洞
elFinder is a set of open source AJAX file managers based on the Drupal platform. The product provides multiple file uploads, image scaling, and other features. elFinder has a security vulnerability that could be exploited by attackers to execute arbitrary code and commands on the server hosting...
ZOHO多款产品 安全漏洞
ZOHO ManageEngine ServiceDesk Plus and others are products of ZOHO, Inc. ZOHO ManageEngine ServiceDesk Plus is a suite of IT service management software based on the ITIL architecture.ZOHO ManageEngine ZOHO ManageEngine ServiceDesk Plus is a set of IT service management software based on ITIL...
Code-Projects Product Inventory System 注入漏洞
Code-Projects Product Inventory System is a Code-Projects open source product inventory system. Code-Projects Product Inventory System version 1.0 suffers from an injection vulnerability, which stems from an incorrect manipulation of the parameter Username in the file /index.php resulting in SQL...
WAVLINK AC3000 安全漏洞
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the login.cgi Gotochidx function failing to correctly validate the length of the input data, and can be exploited by a remo...
LLaMA-Factory 操作系统命令注入漏洞
LLaMA-Factory is a fine-tuned large-scale language model by a Chinese hoshi-hiyouga individual developer. A cross-site scripting vulnerability exists in LLaMA-Factory version 0.9.0 and earlier, which stems from improper handling of user input and allows malicious actors to execute arbitrary...