195539 matches found
NLnet Labs Routinator 安全漏洞
NLnet Labs Routinator is an RPKI Resource Public Key Infrastructure validator from NLnet Labs in the Netherlands written in the Rust language. A security vulnerability exists in NLnet Labs Routinator versions 0.9.0 through 0.11.2, which stems from an error in error handling, where data in RRDP...
Cisco Identity Services Engine 安全漏洞
Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform oversees networks by collecting real-time information from networks, users, and devices to develop and implement appropriate policies.The Cisco Identity Services Engine is...
WordPress plugin Newsletter 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Neos 跨站脚本漏洞
Neos/forms is an open source framework for building web forms. A security vulnerability exists in Neos CMS versions 3.3.29 and 8.0.1, which stems from the presence of multiple cross-site scripting vulnerabilities...
Microsoft .NET Framework 输入验证错误漏洞
Microsoft .NET Framework is a comprehensive and consistent programming model from Microsoft Corporation USA and a development platform. The platform includes the C and Visual Basic programming languages, a public language runtime library, and an extensive class library. An input validation error...
SchedMD Slurm 安全漏洞
SchedMD Slurm is an open source and highly scalable cluster management and job scheduling system for large and small Linux clusters from SchedMD, Inc. SchedMD Slurm versions 21.08.x through 21.08.8 A security vulnerability exists in versions 20.11.x through 20.11.9, which stems from information...
F5 BIG-IP 多款产品跨站脚本漏洞
F5 BIG-IP and F5 BIG-IP Guided Configuration GC are both products of F5, Inc. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IP Guided Configuration is a configuration template. cross-site...
WordPress plugin Ad Invalid Click Protector 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Ad Invalid Click Protector plugin versions prior to 1.2.7 are vulnerable to cross-site...
ZOHO ManageEngine ADSelfService Plus 信任管理问题漏洞
ZOHO ManageEngine ADSelfService Plus is an integrated self-service password management and single sign-on solution for Active Directory and cloud applications from ZOHO, Inc. version 6122, a remote code execution vulnerability exists that can be exploited by remote and partially authenticated...
Microsoft Skype for Business Server 信息泄露漏洞
Microsoft Skype for Business Server is a secure, unified communications platform from Microsoft that provides instant messaging IM, audio and video calling, online conferencing, online status messages, and sharing capabilities. An information disclosure vulnerability exists in Microsoft Skype for...
WordPress plugin 跨站请求伪造漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress eRoom-Zoom Meetings & Webinar plugin 1.3.7 an...
WordPress plugin Blackhole for Bad Bots 安全漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plugin...
Autodesk AutoCAD 缓冲区错误漏洞
Autodesk AutoCAD is a suite of professional 3D drawing software from Autodesk, Inc. A buffer error vulnerability exists in Autodesk AutoCAD that stems from a lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer...
Apache Apisix 访问控制错误漏洞
Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation in the United States. The software is based on OpenResty and etcd for dynamic routing and plug-in hot-loading, and is suitable for API management in microservice systems. an authorization issue...
NumPy 安全漏洞
NumPy is a Python scientific computing package. The product supports a large number of dimensional array and matrix calculations, as well as providing a large library of mathematical functions for data operations. A security vulnerability exists in NumPy prior to 1.19, which stems from a buffer...
Reprise License Manager 安全漏洞
Reprise Software Reprise License Manager is a software licensing toolkit from Reprise Software, Inc. that provides local and cloud-based license management, license enforcement and product activation solutions for publishers of commercial software applications.Reprise Software Reprise License...
Parse Server 授权问题漏洞
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An authorization issue vulnerability exists in versions of Parse Server prior to 4.5.1 that stems from the server incorrectly creating a session when an anonymous user registers with REST for t...
Google TensorFlow 安全漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow, which could be exploited by an attacker to cause a denial of service in "boostedtreescreatequantilestream resource" using the negation parameter...
Apache jUDDI 代码问题漏洞
Apache jUDDI is a java implementation of UDDI open source package that serves WebServices. jUDDI versions prior to Apache jUDDI 3.3.10 have a code issue vulnerability that can be exploited by attackers to remotely run arbitrary code...
FortiMail操作系统命令注入漏洞
Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides e-mail security and data protection features. A security vulnerability exists in the FortiMail management interface before 6.4.4, which can be exploited by an attacker to execute...
Quassel 安全漏洞
Quassel Quassel IRC is a graphical, distributed, cross-platform IRC client. A security vulnerability exists in Quassel 0.13.1, which stems from launching without SSL or TLS support when --require-ssl is enabled, if an available X.509 certificate cannot be found on the local system...
TianoCore EDK2 加密问题漏洞
EDK2 is a set of cross-platform firmware development environments from the TianoCore Tianocore community based on the UEFI and PI specifications. EDK2 suffers from a cryptographic issue vulnerability that stems from a potential security risk in the example EDK2 encrypted private key in IpSecDxe.e...
Ubuntu Apport 后置链接漏洞
Apport is a toolkit for collecting and feeding back error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Ubuntu Apport that stems from Apport incorrectly handling certain information-gathering operations, which can be...
Sensorweb ScadaBR 代码问题漏洞
Sensorweb ScadaBR is a suite of open source software for developing automated data acquisition and monitoring applications from Sensorweb, Inc. A code issue vulnerability exists in ScadaBR 1.0 / 1.1CE. The vulnerability stems from a lack of effective privilege licensing and access control measure...
Envoy 输入验证错误漏洞
Envoy is an open source distributed proxy server. versions prior to Envoy 1.71.1 are vulnerable to integer overflow, which can be exploited by an attacker with an excessive grpc-timeout value to cause an unexpected timeout calculation...
MongoDB Authorization Issues Vulnerability
MongoDB is a document-oriented database management system from the U.S.-based MongoDB, Inc. An authorization issue vulnerability exists in MongoDB that allows an unauthenticated client to trigger a denial of service by issuing a specially crafted wired protocol message, which could cause the...
Apple多款产品 访问控制错误漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
Jenkins 代码问题漏洞
Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have code vulnerabilities...
VMware Spring Security 代码问题漏洞
VMware Spring Security is a security framework provided by the American company VMware, designed to provide descriptive security protection for Spring-based applications. Versions of VMware Spring Security from 7.0.0 to 7.0.5 have code vulnerabilities. These vulnerabilities stem from attackers wh...
WordPress plugin LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
Angular 代码问题漏洞
Angular is an open-source development platform created by Angular. It is used to build mobile and desktop web applications using TypeScript/JavaScript and other languages. There were code-related vulnerabilities in versions prior to Angular 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8. These...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of a key size check in Bluetooth L2CAP. This vulnerability may lead to unexpected...
mchange-commons-java 注入漏洞
mchange-commons-java is a software developed by Steve Waldman. Versions of mchange-commons-java prior to 0.4.0 had a injection vulnerability. This vulnerability stemmed from the library’s inclusion of an independently implemented JNDI dereferencing function, which could allow attackers to trigger...
Tattile Smart+ 代码问题漏洞
Tattile Smart+ is a smart license plate recognition camera developed by the Italian company Tattile. There are code-related vulnerabilities in Tattile Smart+, Vega, and Basic 1.181.5 and earlier versions. These vulnerabilities stem from an inadequate mechanism for handling expired authentication...
Apache Linkis security vulnerabilities
Apache Linkis is a middleware product developed by the Apache Foundation in the United States. It enables effective connections between upper-level applications and underlying data engines. Versions of Apache Linkis 1.7.0 and earlier contain security vulnerabilities. These vulnerabilities stem fr...
Microsoft Windows Kerberos 安全漏洞
Microsoft Windows Kerberos is a software for authentication in network clusters from Microsoft Corporation.Kerberos also serves as a network authentication protocol designed to provide strong authentication services to client/server applications via a key system. A security vulnerability exists i...
WordPress plugin TempTool 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to free untracked internal buffers, which could lead to a memory leak...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly handling reference counting, which could lead to a resource leak...
Unitree多款产品 安全漏洞
Unitree Go2 is a robot dog, Unitree G1 is a humanoid robot, Unitree H1 is a humanoid robot, Unitree Go2 is a robot dog, Unitree G1 is a humanoid robot, Unitree H1 is a humanoid robot, Unitree H1 is a humanoid robot. A security vulnerability exists in several Unitree products that stems from the u...
Qualcomm Chipsets 输入验证错误漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. An input validation error vulnerability exists in Qualcomm Chipsets that stems from a memory corruption when a PLMN is selected...
SourceCodester Student Grading System SQL注入漏洞
SourceCodester Student Grading System is a SourceCodester open source student grading system. A SQL injection vulnerability exists in SourceCodester Student Grading System version 1.0, which stems from incorrect manipulation of the parameter ID in the file /edituser.php, which could lead to a SQL...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unrestricted id mapping change that could lead to elevation of privilege...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from unreleased node references in xivegetmaxprio, which could lead to a reference count leak...
Microsoft Windows SMB Server 访问控制错误漏洞
Microsoft Windows SMB Server is a network file sharing protocol from Microsoft USA. It allows applications on a computer to read and write files and request services from server programs on a computer network. An access control error vulnerability exists in Microsoft Windows SMB Server. An attack...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to release a buffer during a synthetic event test, which could lead to a memory leak...
Fortinet多款产品 安全漏洞
Fortinet FortiOS and others are products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiManager is a centralized network security management platform.Fortinet FortiProxy is a secure network proxy that protects...
WordPress plugin BookingPress SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. The WordPress plugi...
SiYuan 安全漏洞
SiYuan is a privacy-first personal knowledge management system from SiYuan open source. A security vulnerability exists in SiYuan version 3.1.11, which stems from the ids array parameter of the /batchGetBlockAttrs file containing a SQL injection vulnerability...
Symfony 信息泄露漏洞
Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. An information disclosure vulnerability exists in Symfony that originates from some internal information being disclosed during host resolution, which could lead to IP/port...