195539 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an attempt to leave despite not joining the OCB state, which could lead to driver obfuscation...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity...
Microsoft Exchange Server 输入验证错误漏洞
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A spoofing vulnerability exists in Microsoft Exchange Server, which can be exploited by attackers...
SafeDep 安全漏洞
SafeDep is an open source package from SafeDep that prevents malicious open source. A security vulnerability exists in SafeDep version 1.12.4 and earlier, which stems from a lack of HTTP Host and Origin header validation and could lead to a DNS rebinding attack...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly releasing the kobject reference count when device registration fails, which could lead to a memory...
mcp-kubernetes-server 安全漏洞
mcp-kubernetes-server is a Model Context Protocol server for Pengfei Ni Personal Developer. A security vulnerability exists in mcp-kubernetes-server version 0.1.11 and earlier, which stems from the use of the shell=True parameter and could lead to an OS command injection attack...
CampCodes Courier Management System 安全漏洞
CampCodes Courier Management System is a courier management system from CampCodes Philippines. A security vulnerability exists in CampCodes Courier Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter lastname in file/ajax.php...
PCMan FTP Server 安全漏洞
PCMan FTP Server is PCMan open source set of FTP server software. PCMan FTP Server suffers from a buffer overflow vulnerability that originates from the RMDIR command handler failing to properly validate the length of input data, which can be exploited by an attacker to cause a denial of service...
WordPress plugin Buddypress Humanity 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site request...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect WARNONONCE check in j1939sessiondeactivate...
AutomationDirect C-More EA9 Programming Software 安全漏洞
AutomationDirect C-More EA9 Programming Software is a programming software from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect C-More EA9 Programming Software that stems from a lack of proper validation of the length of user-supplied data when parsing an EAP9 file,...
GitLab CE/EE 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE, which stems from the ability of...
Foxit PDF Reader 资源管理错误漏洞
Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A resource management error vulnerability exists in Foxit PDF Reader, which stems from the Annotation feature that contains a reuse-after-release, leading to an information disclosure vulnerability...
Intel DSA 访问控制错误漏洞
Intel DSA is a driver update tool from Intel Intel. It can detect user drivers, update the installed drivers to the latest version, support intel series of graphics cards, audio, network cards and chipset drivers, i-card users must have. An Access Control Error vulnerability exists in Intel DSA...
ARM Compiler 安全漏洞
ARM Compiler is a tool from ARM UK for compiling and generating applications for the ARM architecture. A security vulnerability exists in ARM Compiler versions 6.6 through 6.22, which arises from the fact that if a secure-to-non-secure function call is executed and returns a floating-point value,...
Dozzle 安全漏洞
Dozzle is a small, lightweight application by the individual developer Amir Raminfar. A security vulnerability exists in Dozzle versions prior to 8.5.3 that stems from the use of sha-256 as a password hash, which makes it vulnerable to rainbow table attacks...
WordPress plugin Bulk NoIndex & NoFollow Toolkit 跨站脚本漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Bulk...
Agnaistic 安全漏洞
Agnaistic is a chatbot from Agnaistic Open Source. A security vulnerability exists in Agnaistic version 1.0.330 and earlier versions. An attacker could exploit the vulnerability to upload an image file anywhere on the server...
WordPress plugin Contact Form to Any API 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
CamaleonCMS 信息泄露漏洞
CamaleonCMS is an advanced RubyonRails-based dynamic content management system CMS from the CamaleonCMS team. An information disclosure vulnerability exists in CamaleonCMS version 2.8.0, which stems from the presence of a path traversal vulnerability that allows an authenticated user to download...
Siemens Solid Edge 安全漏洞
Siemens Solid Edge is a 3D CAD software from Siemens Germany. The software can be used for part design, assembly design, sheet metal design, welding design and other industries. Siemens Solid Edge suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute co...
Mitsubishi Electric MELSEC iQ-R series 安全漏洞
The Mitsubishi Electric MELSEC iQ-R series is a programmable logic controller from Mitsubishi Electric Japan. The Mitsubishi Electric MELSEC iQ-R series suffers from an information disclosure vulnerability that can be exploited by an authenticated, remote attacker to log in to the product and...
WordPress Plugin Track The Click Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...
WordPress Plugin ProfileGrid Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CouchAuth Security Breach
CouchAuth is an authentication API. A security vulnerability exists in CouchAuth version 0.20.0 and prior versions, which stems from a password reset link that can be sent to a user by sending a specially crafted host header in a forgotten password request, which, if clicked, could allow an...
Hewlett Packard Enterprise Integrated Lights-Out Security Vulnerability
Hewlett Packard Enterprise Integrated Lights-Out is a remote control solution from Hewlett Packard Enterprise. The solution enables remote monitoring and operation of IT assets such as servers. Hewlett Packard Enterprise Integrated Lights-Out suffers from a security vulnerability that originates...
Zoom Client Security Vulnerability
Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A security vulnerability exists in Zoom Client versions prior to 5.16.5 that stems from incorrect authentication. An attacker could exploit this vulnerability to conduct a denial of service via...
WordPress plugin User Activity Tracking and Log 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...
GitPython 路径遍历漏洞
GitPython is a Python library open-sourced by gitpython-developers for interacting with Git repositories. A path traversal vulnerability exists in GitPython 3.1.32 and earlier versions, which stems from the fact that in order to resolve some git references, GitPython reads the file .git from a...
Siemens 多款产品 资源管理错误漏洞
JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML with available JT, VFZ, CGM, and TIF data.Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing, and design management.Teamcente...
WordPress plugin Gravity Forms Google Sheet Connector 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
Nextcloud 代码问题漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Mail that originates from an SSRF attack that could allow GET requests to be sent to services running in the...
Square Pig FusionInvoice 跨站脚本漏洞
Square Pig FusionInvoice is a self-service online invoicing application for freelancers and small businesses from Square Pig. A security vulnerability exists in Square Pig FusionInvoice version 2023-1.0 that stems from the presence of a stored cross-site scripting XSS vulnerability...
File Tracker Manager System SQL注入漏洞
File Tracker Manager System is a file tracker manager system. File Tracker Manager System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the parameter newpassword in the file register/updatepassword.php against externally entered SQL statements. A...
tss-lib 安全漏洞
tss-lib is an open source IO FinNet implementation of the multi-party t,n- threshold ECDSA Elliptic Curve Digital Signature Algorithm based on Gennaro and Goldfeder 20201 and EdDSA Edwards Curve Digital Signature Algorithm. A security vulnerability exists in IO FinNet tss-lib versions prior to...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates in the toUriInner obfuscation agent of the Intent.java component, which can be exploited by an attacker to elevate privileges...
XWiki Commons 代码注入漏洞
XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from the fact that any user with view permissions to normally accessible documents, including legacy notification activity macros, can execute arbitrary...
HashiCorp Vault SQL注入漏洞
HashiCorp Vault is a private key access management tool from HashiCorp Inc. in the United States. A SQL injection vulnerability exists in HashiCorp Vault versions 0.8.0 through 1.13.1, which stems from the fact that when configuring the MSSQL plugin locally, certain parameters are not cleaned up...
WordPress Plugin Usersnap 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Microsoft PostScript Printer Driver 安全漏洞
Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft USA. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft Corporation. Microsoft PostScript and PCL6 Class Printer Driver contains a remote code execution...
WordPress Plugin Japanized For WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
ARRIS TG2482A 安全漏洞
The ARRIS TG2482A is a high performance, high quality home gateway from ARRIS, Inc. for delivering high-speed broadband, VoIP telephony, and whole-home Wi-Fi. A security vulnerability exists in the ARRIS TG2482A version 9.1.103GEM9. An attacker could exploit this vulnerability to conduct Remote...
Checkmk 代码问题漏洞
Checkmk is an editor. Checkmk Agent has a security vulnerability. An attacker can elevate privileges by manipulating unixcat...
Jenkins Plugin TestQuality Updater 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugin TestComplete support 代码问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
kapetan DNS 安全漏洞
kapetan DNS is a DNS library. A security vulnerability exists in kapetan DNS 6.1.0 and earlier, which stems from some unknown functionality in its DNS/Protocol/Request.cs file that results in insufficient entropy in prng...
Apache Dubbo 代码问题漏洞
Apache Dubbo is a microservice development framework that provides two key capabilities for RPC communication and microservice governance.Apache Dubbo Hession is vulnerable to deserialization, which can be exploited by attackers to execute arbitrary code on the target server...
MyBB 注入漏洞
MyBB MyBulletinBoard is a free and web-based forum software developed by MYBB team using PHP and MySQL. The software is easy to use, supports multiple languages, and is extensible.MyBB is vulnerable to a command injection vulnerability that originates from the additional parameter Mail Settings ?...
Sensio Labs Twig 路径遍历漏洞
Sensio Labs Twig is a PHP templating engine from Sensio Labs, France, which supports custom tags and filters and creates DSLs. A path traversal vulnerability exists in Sensio Labs Twig 1.0.0 and later, versions prior to 1.44.7, 2.0.0 and later, versions prior to 2.15.3, and 3.0.0 and later,...
Rocket.Chat SQL注入漏洞
Rocket.Chat, an open source team chat software, is vulnerable to SQL injection, which stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit the vulnerability to retrieve a reset password token via 2fa secret or 2fa secret...