195539 matches found
Liferay Portal和Liferay DXP 跨站请求伪造漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DX...
Next.js 安全漏洞
Next.js is a React framework open-sourced by Vercel. A security vulnerability exists in Next.js versions 13.5.1 through 14.2.10 and earlier. An attacker exploits the vulnerability to poison the caches of non-dynamic server-side rendering routes in the page router by sending specially crafted HTTP...
Red Hat Keycloak 授权问题漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. An authorization issue vulnerability exists in Red Hat Keycloak that stems from a session fixation issue discovered in the SAML adapter. Even i...
Weave 安全漏洞
Weave is a toolkit for developing generative AI applications open-sourced by Weights & Biases. Weave has a security vulnerability that stems from an API that allows a remote user to fetch files from a specific directory, leading to remote traversal and disclosure of arbitrary files...
OPC UA.NET Standard 安全漏洞
OPC UA.NET Standard is a set of Unified Architecture standards from the OPC Foundation of America for the development of OPC UA applications. A security vulnerability exists in OPC UA .NET Standard. An attacker exploiting the vulnerability could consume all available resources on the server...
WordPress Plugin Wholesale for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in...
Red Hat JBoss Enterprise Application Platform 安全漏洞
Red Hat JBoss Enterprise Application Platform EAP is an open source, J2EE-based middleware platform from Red Hat, Inc. The platform is primarily used to build, deploy and host Java applications and services. A security vulnerability exists in Red Hat JBoss Enterprise Application Platform, which...
WordPress Plugin Photo Gallery by 10Web 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin ElementsKit Elementor addons 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin Simple Ajax Chat 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
RiteCMS 跨站脚本漏洞
RiteCMS is an open source content management system based on PHP and SQLite. RiteCMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the component mainmenu/editsection, which can be exploited by an attacker to...
Hazelcast Security Breach
Hazelcast Hazelcast IMDG is a set of scalable open source data distribution platform of the U.S. Hazelcast company . The platform supports a variety of distributed data structures, supports distributed caching and other features. Hazelcast has a security vulnerability that stems from the inabilit...
WordPress Plugin Corsa Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
Adobe InDesign 代码问题漏洞
Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign has a security vulnerability that can be exploited by attackers to cause a denial of service...
WordPress Plugin Horizontal scrolling announcement SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
JustSystems Ichitaro Buffer Error Vulnerability
JustSystems Ichitaro is a Japanese word processing software from JustSystems. A buffer error vulnerability exists in JustSystems Ichitaro version 2023 1.0.1.59372, which stems from an out-of-bounds write in the Ichitaro's DocumentViewStyles and DocumentEditStyles stream parsers, an out-of-bounds...
WireMock Code Issue Vulnerability
WireMock is a popular open source tool for API simulation testing from WireMock Open Source. WireMock has a code issue vulnerability that stems from Filtering target addresses from proxy mode does not work for Webhooks...
WordPress plugin WP SMS 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
Jupyter Server 访问控制错误漏洞
Jupyter Server is an application from the Jupyter organization used to provide back-end services for Jupyter Web applications. An access control error vulnerability exists in versions of Jupyter Server prior to 2.7.2 that stems from incorrect cross-site credential checking of URLs, which could le...
Puma 环境问题漏洞
Puma is a web server for highly concurrent applications by Evan Phoenix, an individual developer in the United States. An environmental issue vulnerability exists in Puma that stems from a security issue when parsing trailing fields and zero-length Content-Length headers in the body of the chunke...
Mattermost Security Vulnerabilities
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that arises from the deletion of a message in a thread without the attachment being deleted, allowing normal users to still access and download the...
WordPress Plugin Catalyst Connect Catalyst Connect Zoho CRM Client Portal Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
mRemoteNG 安全漏洞
mRemoteNG is mRemoteNG open source an open source, tabbed, multi-protocol remote connection manager for Windows. A security vulnerability exists in mRemoteNG v1.76.20 and earlier, 1.77.3-dev and earlier, which stems from the fact that configuration files can be stored on disk in an encrypted stat...
Keeper Security Keeper Password Manager 安全漏洞
Keeper Security Keeper Password Manager is a password management system from Keeper Security. A security vulnerability exists in Keeper Security Keeper Password Manager version 16.10.2, which originates from a vulnerability that allows a local attacker to gain access to sensitive information via...
MediaTek Chipsets 安全漏洞
MediaTek Chipsets are a variety of chips from MediaTek, a Chinese company called MediaTek. A security vulnerability exists in MediaTek Chipsets that stems from misrepresentation of critical information in Wi-Fi, with potentially low throughput, which could lead to a remote denial of service...
WordPress plugin WP ERP SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
TYPO3 跨站脚本漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from TYPO3 Association in Switzerland. A cross-site scripting vulnerability exists in TYPO3 versions 4.0.2 and earlier, 4.1.0 through 4.6.5, and 5.0.0 through 5.0.1, which stems from the kesearch extension that allows...
Schneider Electric EcoStruxure Operator Terminal Expert 代码注入漏洞
Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software branch is primarily used to create and edit touch applications. A code injection vulnerability exists in Schneider Electric EcoStruxure Operator Terminal...
Xpdf 安全漏洞
Glyph & Cog Xpdf is an open source PDF file viewer from Glyph & Cog. A security vulnerability exists in Xpdf 4.04 and earlier versions, which stems from a loop of PDF objects embedded in the file tree that can lead to infinite recursion and a stack overflow...
Vyper 缓冲区错误漏洞
Vyper is the Pythonic smart contract language for EVM. A buffer error vulnerability exists in Vyper versions prior to 0.3.8. An attacker exploited the vulnerability to cause an array access out-of-bounds...
WordPress plugin WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...
markdown-pdf 跨站脚本漏洞
npm markdown-pdf is the United States npm a Markdown file will be converted to PDF node module. A security vulnerability exists in markdown-pdf version 11.0.0, which stems from an application that does not validate user-entered Markdown content, resulting in an attacker being able to obtain local...
Ivanti Avalanche 安全漏洞
Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche version 6.3.2.3490, which stems from a lack of proper locking...
IBM App Connect Enterprise 跨站脚本漏洞
IBM App Connect Enterprise is an operating system from International Business Machines IBM, Inc. that combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native IBM App Connect Enterprise combines existing industry-trusted IBM...
VMware vRealize Orchestrator 代码问题漏洞
VMware vRealize Orchestrator is a workflow automation solution from VMware. It is designed to simplify the automation of complex IT tasks. A security vulnerability exists in VMware vRealize Orchestrator that originated when a malicious actor with unmanaged access to vRealize Orchestrator was able...
ArgoCD 安全漏洞
ArgoCD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...
Siemens SiPass Integrated 输入验证错误漏洞
ACC-AP Advanced Central Controller is a door controller for up to two Internet/Intranet-connected doors used to communicate with the SiPass integrated access control system. AC5102 / ACC-G2 Advanced Central Controller is the central controller for the SiPass integrated The central controller for...
Velocidex Velociraptor 安全漏洞
Velocidex Velociraptor is a tool from Velocidex Australia that uses Velociraptor Query Language VQL queries to gather host-based status information. A security vulnerability exists in Velocidex Velociraptor that stems from the fact that Rapid7 Velociraptor allows the creation of users with...
Apache ShardingSphere 安全漏洞
Apache ShardingSphere is an open source distributed database middleware solution from the Apache Foundation. A security vulnerability exists in Apache ShardingSphere-Proxy versions prior to 5.3.0, which stems from the fact that when using MySQL as a database backend, the database session is not...
OpenImageIO 缓冲区错误漏洞
OpenImageIO is an image read and write library that also provides several tools and applications. A stack buffer overflow vulnerability exists in the TGA file format parser in OpenImageIO v2.3.19.0. An attacker could exploit this vulnerability to cause out-of-bounds writes and arbitrary code...
Apiman 安全漏洞
Apiman is Apiman Open Source, a flexible open source API management platform for enterprise users. A security vulnerability exists in Apiman versions 1.5.7 through 2.2.3.Final, which stems from insufficient checking of read permissions in the Apiman Manager REST API...
NVIDIA GPU Display Driver 代码问题漏洞
NVIDIA GPU Display Driver is a driver from NVIDIA Corporation that is used for interactive support of graphics card display modules in operating systems. A security vulnerability exists in NVIDIA GPU Display Driver that stems from a null pointer dereference issue at the kernel schema level, which...
F5 BIG-IP 命令注入漏洞
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A security vulnerability exists in F5 BIG-IP. An attacker can bypass the restrictions of F5 BIG-IP via iControl REST to elevat...
PortlandLabs Concrete CMS 资源管理错误漏洞
PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A security vulnerability exists in Concrete CMS formerly concrete5 versions prior to 8.5.10 and versions 9.0.0 through 9.1.2, which stems from the fact that its...
WordPress plugin Retain Live Chat 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ghost is a plugin used to import/export WordPress data. wordpress plugin is an...
SAP Customer Data Cloud 加密问题漏洞
SAP Customer Data Cloud is a tool from SAP Germany that provides digital customer identity and access management. It enables companies to collect, aggregate and manage customer data across multiple touch points and applications. An encryption issue vulnerability exists in SAP Customer Data Cloud...
Google TensorFlow 安全漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A security vulnerability exists in Google TensorFlow that stems from TensorListScatter and TensorListScatterV2 failing to give an assertion when they receive an elementsha...
Poetry 代码问题漏洞
Poetry is a tool for dependency management and packaging in Python. It allows you to declare the libraries on which your project depends and will manage install/update them for you. A code issue vulnerability exists in Poetry versions prior to 1.1.9 and prior to 1.2.0b1 that stems from the...
Intel Ethernet Controllers 安全漏洞
Intel Ethernet Controllers is an Ethernet controller from Intel Corporation. A security vulnerability exists in IntelR 700 Series Ethernet Controllers and Adapters prior to version 8.5 and IntelR 722 Series Ethernet Controllers and Adapters prior to version 1.5.5, which stems from improper access...
Arm Mali GPU Kernel Driver 安全漏洞
The Arm Mali GPU Kernel Driver is a driver for a graphics processor unit from Arm UK. A security vulnerability exists in the Arm Mali GPU Kernel Driver Valhall versions r29p0 through r38p0, which arises from incorrect processing operations on the GPU...