195539 matches found
Microsoft OLE DB Provider for SQL Server Security Vulnerability
Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation USA that allows access to data from a variety of sources in a unified way. A security vulnerability exists in Microsoft OLE DB Provider for SQL Server. An attacker could exploit the vulnerability to remotely execute cod...
Mitel MiContact Center Business 跨站脚本漏洞
Mitel MiContact Center Business is an all-media contact center platform from Canadian company Mitel. The platform is used in customer communication, production management and other scenarios. A cross-site scripting vulnerability exists in Mitel MiContact Center Business version 10.0.0.4, which is...
Microsoft Windows Common Log File System Driver 缓冲区错误漏洞
The Microsoft Windows Common Log File System Driver is Microsoft's Common Log File System CLFS API provides a high-performance, common log file subsystem that can be used by dedicated client applications and shared by multiple clients to optimize logging and access. access. A buffer error...
1Panel 命令注入漏洞
1Panel is an open source Linux server operations and management panel for the Chinese 1panel community. A command injection vulnerability exists in versions prior to 1Panel v1.10.3-lts. The vulnerability stems from the presence of a command injection issue that can lead to arbitrary file writing...
PyTorch 安全漏洞
PyTorch is a Python package open-sourced by PyTorch. A security vulnerability exists in PyTorch versions prior to v2.2.0 that stems from the inclusion of a heap buffer overflow vulnerability that allows an attacker to cause a denial of service DoS via crafted input...
ELECOM wireless LAN routers security vulnerability
ELECOM wireless LAN routers are a series of routers from ELECOM Japan. A security vulnerability exists in ELECOM wireless LAN routers that stems from the presence of a cross-site scripting XSS vulnerability that could execute arbitrary script on a web browser...
Grafana Security Vulnerabilities
Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. Grafana has a security vulnerability that stems from a security flaw in the PUT /api/user handler...
Vyper Code Issue Vulnerability
Vyper is the Pythonic smart contract language for EVM. A code issue vulnerability exists in Vyper version 0.3.10 and prior versions that stems from not disabling static and delegate calls...
AsyncSSH Data Forgery Issue Vulnerability
AsyncSSH is a Python package that provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. A data forgery issue vulnerability exists in AsyncSSH v2.14.0 and earlier versions, which stems from a vulnerability that allows an attacker to...
Matrix Synapse Security Vulnerability
Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. A security vulnerability exists in Matrix Synapse versions prior to 1.94.0 that stems from a malicious server ACL event that can impact server performance and lead to a denial of service DOS...
WordPress plugin User Registration 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...
libredwg 缓冲区错误漏洞
libredwg is a free implementation of the DWG file format. A buffer error vulnerability exists in libredwg version 0.12.5, which stems from the bitwriteTF function containing a heap buffer overflow vulnerability...
WordPress Plugin Float menu 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Float men...
giturlparse 安全漏洞
giturlparse is a simple GIT URL parser similar to giturlparse.py. A security vulnerability exists in giturlparse prior to version 1.2.2, which stems from vulnerability to ReDoS attacks when parsing untrusted URLs...
Froxlor 安全漏洞
Froxlor is a set of lightweight server management software from the Froxlor team. A resource management error vulnerability exists in versions of Froxlor prior to 2.0.16 that stems from a failure to properly allocate resources. An attacker can exploit this vulnerability to cause a denial of servi...
WordPress Plugin Simple Tooltips 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin Visual CSS Style Editor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Microsoft PostScript Printer Driver 安全漏洞
Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft USA. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft Corporation. Microsoft PostScript and PCL6 Class Printer Driver contains an information disclosure...
SAP NetWeaver AS 授权问题漏洞
SAP NetWeaver AS is a SAP Web Application Server from SAP Germany. It not only provides network services, but also is the basic platform for SAP software. SAP NetWeaver AS version 7.50 has an authorization problem vulnerability, which stems from the lack of authentication checks and can be...
ASUS ASMB8-iKVM 命令注入漏洞
ASUS ASMB8-iKVM is an effective remote server management chip from Asus China. A security vulnerability exists in ASUS ASMB8-iKVM version 1.14.51 and earlier, which originated from a vulnerability that allows remote attackers to execute arbitrary code by creating an extension using SNMP...
SAP Bank Account Management 信息泄露漏洞
SAP Bank Account Management is a bank account management system from SAP. An information disclosure vulnerability exists in the SAP Bank Account Management application, which stems from the fact that when a user clicks on a smart link to navigate to another application, personal data is displayed...
Keystone 授权问题漏洞
Keystone is a powerful CMS designed to help you build and scale faster than any other Cms or application framework. An authorization issue vulnerability exists in versions of Keystone prior to 2.3.1, which stems from the fact that users who use field-level access controls are vulnerable to not...
Cisco Identity Services Engine 跨站脚本漏洞
Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users, and devices to develop and implement policies to monitor the network. A cross-site scripting vulnerability exists in th...
Istio 资源管理错误漏洞
Istio is a set of open platforms for connecting, managing, and securing microservices. Istio suffers from a resource management error vulnerability that stems from susceptibility to request handling errors, which can be exploited by an attacker to send specially crafted or oversized messages that...
Fastify 代码问题漏洞
Fastify is an open source Web framework for Node.js from the Openjs Foundation.A denial-of-service vulnerability exists in versions of Fastify prior to 4.8.1, which stems from the fact that Content-Type headers can be used maliciously and can be exploited by attackers to send invalid Content-Type...
Rails 代码问题漏洞
Rails is a set of open source web application frameworks based on the Ruby language by the American Rails team. Rails has a security vulnerability that stems from the fact that when serialized columns using YAML the default are deserialized, Rails uses YAML.unsafeload to transform the YAML data...
F5 BIG-IP 注入漏洞
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An elevation of privilege vulnerability exists in the F5 BIG-IP health check configuration, which can be exploited by an...
rpc.py 代码问题漏洞
rpc.py is a fast and powerful ASGI/WSGI-based RPC framework for individual developers in Aber, China. A security vulnerability exists in rpc.py version 0.6.0 and earlier. An attacker exploited the vulnerability to process data using unpickle...
WordPress plugin Easy SVG Support 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress Easy SVG Support plugin 3.3....
ArgoCD 输入验证错误漏洞
ArgoCD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...
Avast Antivirus和AVG Antivirus 资源管理错误漏洞
Avast Antivirus is a suite of antivirus software from the Czech company Avast. A vulnerability exists in Avast Antivirus prior to version 22.1 and AVG Antivirus prior to version 22.1 due to a security restriction not being properly applied by the application in the "Anti Rootkit" driver in...
Sqlite3 安全漏洞
Sqlite is a lightweight database and ACID-compliant relational database management system. A security vulnerability exists in Sqlite3 versions prior to 5.0.3, which can be exploited by attackers to cause a denial of service DoS attack...
Lenovo Notebook 安全漏洞
Lenovo Notebook is a laptop computer from Lenovo, a Chinese company. A security vulnerability exists in Lenovo Notebook that originates from the use of an incorrect driver that is incorrectly not deactivated. A local privileged user can modify the secure boot settings and bypass the implemented...
Elementor安全漏洞
Elementor is a website builder from Israeli company Elementor that allows WordPress users to create and edit websites. There is a security vulnerability in Elementor versions 3.6.0 to 3.6.2. There is no information about the vulnerability at this time, so please stay tuned to CNNVD or the vendor'...
PKP Open Journals System 跨站脚本漏洞
PKP Open Journals System is a journal system. A security vulnerability exists in PKP Open Journals System versions prior to 3.3 to 2.4.8, which allows an attacker to inject arbitrary code via the X-Forwarded-Host header...
WordPress plugin FormCraft 代码问题漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A code issue vulnerability previously existed in the WordPres...
Autodesk AutoCAD 缓冲区错误漏洞
Autodesk AutoCAD is a suite of professional 3D drawing software from Autodesk, Inc. A buffer error vulnerability exists in Autodesk AutoCAD because the product does not fully check the security of a DWF file during parsing. The vulnerability can be exploited to cause memory corruption and code...
WordPress和WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress SpiderCalendar plugin is vulnerable to a cross-site scripting vulnerability that stems from the...
WordPress和WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress NewStatPress plugin prior to 1.3.6. The vulnerabili...
SAFARI Montage 跨站脚本漏洞
SAFARI Montage is a formative assessment tool from safarimontage that enables teachers to check students' understanding of topics or concepts during the course. A cross-site scripting vulnerability exists in SAFARI Montage versions 8.3 and 8.5, which can be exploited by an attacker to execute...
Lychee 跨站脚本漏洞
Lychee is a beautiful and easy to use photo management system open sourced by The Lychee Organisation. Lychee has a cross-site scripting vulnerability, and no details of the vulnerability are available...
Autodesk Navisworks 缓冲区错误漏洞
Autodesk Navisworks is a 3D model review software for architecture, engineering and construction from Autodesk, Inc. Autodesk Navisworks is vulnerable to a buffer overflow vulnerability that could be exploited by attackers to execute arbitrary code...
WordPress 插件 访问控制错误漏洞
WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plugin PostX, which stems from Gutenberg Blocks in the Post Grid WordPress plugin prior to PostX - version 2.4.10 allows any logged in user to perform error checking before...
PowerISO 缓冲区错误漏洞
PowerISO is a powerful CD/DVD/BD image file processing tool from PowerISO that can open, extract, burn, create, edit, compress, encrypt, split and convert ISO files, and mount ISO files using internal virtual drives. PowerISO suffers from a buffer overflow vulnerability that originates from a...
CLICK PLC CPU Modules 安全漏洞
CLICK PLC CPU Modules are Automation Direct's network devices A single CLICK CPU Module can be connected to up to eight I/O modules to expand the amount of system I/O and meet the needs of a specific application. A security vulnerability exists in Automation Direct CLICK PLC CPU Modules that allo...
Ubuntu Apport 后置链接漏洞
Apport is a toolkit for collecting and feeding back error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Ubuntu Apport that stems from incorrect handling of certain information gathering operations, which can be exploite...
Huawei 多款产品 注入漏洞
Huawei P30 is a smartphone from Huawei China.The Huawei P30 is vulnerable to JavaScript injection, which can be exploited by attackers to launch JavaScript injection by sending malicious application requests...
Jenkins CloudBees AWS Credentials 安全漏洞
Jenkins CloudBees AWS Credentials is Jenkins open source an application plugin . The plugin allows storing Amazon IAM credentials in the Jenkins Credentials API. A security vulnerability exists in Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier, which stems from not performing permissio...
Roundcube Webmail SQL注入漏洞
Roundcube Webmail is Roundcube open source a browser-based open source IMAP client, which supports address book management, message search, spell checking and so on. Roundcube Webmail 1.6.x versions prior to 1.6.16 and 1.7.x versions prior to 1.7.1 SQL injection vulnerability , the vulnerability...
ZOHO多款产品 安全漏洞
ZOHO Password Manager Pro PMP and so on are products of ZOHO USA company.ZOHO Password Manager Pro is a password manager.ZOHO ManageEngine Access Manager Plus is the ZOHO ManageEngine PAM360 is a complete PAM software. A security vulnerability exists in several ZOHO products, which stems from an...