195539 matches found
Apiman 安全漏洞
Apiman is Apiman Open Source, a flexible open source API management platform for enterprise users. A security vulnerability exists in Apiman versions 1.5.7 through 2.2.3.Final, which stems from insufficient checking of read permissions in the Apiman Manager REST API...
NVIDIA GPU Display Driver 代码问题漏洞
NVIDIA GPU Display Driver is a driver from NVIDIA Corporation that is used for interactive support of graphics card display modules in operating systems. A security vulnerability exists in NVIDIA GPU Display Driver that stems from a null pointer dereference issue at the kernel schema level, which...
F5 BIG-IP 命令注入漏洞
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A security vulnerability exists in F5 BIG-IP. An attacker can bypass the restrictions of F5 BIG-IP via iControl REST to elevat...
PortlandLabs Concrete CMS 资源管理错误漏洞
PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A security vulnerability exists in Concrete CMS formerly concrete5 versions prior to 8.5.10 and versions 9.0.0 through 9.1.2, which stems from the fact that its...
WordPress plugin Retain Live Chat 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ghost is a plugin used to import/export WordPress data. wordpress plugin is an...
SAP Customer Data Cloud 加密问题漏洞
SAP Customer Data Cloud is a tool from SAP Germany that provides digital customer identity and access management. It enables companies to collect, aggregate and manage customer data across multiple touch points and applications. An encryption issue vulnerability exists in SAP Customer Data Cloud...
Google TensorFlow 安全漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A security vulnerability exists in Google TensorFlow that stems from TensorListScatter and TensorListScatterV2 failing to give an assertion when they receive an elementsha...
Poetry 代码问题漏洞
Poetry is a tool for dependency management and packaging in Python. It allows you to declare the libraries on which your project depends and will manage install/update them for you. A code issue vulnerability exists in Poetry versions prior to 1.1.9 and prior to 1.2.0b1 that stems from the...
Intel Ethernet Controllers 安全漏洞
Intel Ethernet Controllers is an Ethernet controller from Intel Corporation. A security vulnerability exists in IntelR 700 Series Ethernet Controllers and Adapters prior to version 8.5 and IntelR 722 Series Ethernet Controllers and Adapters prior to version 1.5.5, which stems from improper access...
Arm Mali GPU Kernel Driver 安全漏洞
The Arm Mali GPU Kernel Driver is a driver for a graphics processor unit from Arm UK. A security vulnerability exists in the Arm Mali GPU Kernel Driver Valhall versions r29p0 through r38p0, which arises from incorrect processing operations on the GPU...
Jenkins Openstack Heat Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Ambit Technologies Itech Movie Portal Script SQL注入漏洞
Ambit Technologies Itech Movie Portal Script is a movie portal script from Ambit Technologies, Inc. Ambit Technologies Itech Movie Portal Script 7.36 suffers from a SQL injection vulnerability that stems from some unknown handling of film-rating.php, where manipulation of the parameter v can lead...
Laminas Project diactoros 环境问题漏洞
Laminas Project diactoros is a PSR HTTP message implementation of Laminas Project. An environment issue vulnerability exists in Laminas Project diactoros, which can be exploited by an attacker to add a new header to laminas-dictoros via Security/x Forwarded Header...
Adobe InCopy 安全漏洞
Adobe Incopy 2021 is a powerful document article editing software. A heap overflow vulnerability exists in Adobe InCopy Font parsing, which can be exploited by a remote attacker to submit a special file request and trick the user into parsing it, which can crash the application or execute arbitra...
WordPress plugin Google Maps 跨站请求伪造漏洞
WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Google Maps 1.2.1 and previous versions have a cross-site request forgery vulnerability, which can be exploited by attacke...
Xen 安全漏洞
Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in all...
elitecms SQL注入漏洞
Elitecms is a web content management from elitecms India. elitecms version 1.01 is vulnerable to SQL injection, which originates from admin/editsidebar.php?page=2 & sidebar The page sidebar parameter lacks validation for external input SQL statements, and an attacker could exploit the vulnerabili...
Nextcloud Android app 信息泄露漏洞
Nextcloud Android app is an Android-based mobile application for accessing Nextcloud servers from the German company Nextcloud. nextcloud Android app versions prior to 3.19.0 are vulnerable to an information disclosure vulnerability that stems from insufficient privilege restrictions. An attacker...
Pimcore SQL注入漏洞
Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications.A SQL injection vulnerability exists in...
WordPress plugin Narnoo Distributor 路径遍历漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A path traversal vulnerability exists in WordPress Narnoo...
libcaca 数字错误漏洞
libcaca is an open source software library that converts images to color ASCII artwork. libcaca suffers from a denial of service vulnerability that stems from not properly handling incoming error messages, which can be exploited by remote attackers to cause a denial of service...
WordPress plugin CP Blocks 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. A cross-site scripting vulnerability exists in versions of the WordPress CP Blocks plugin prior to 1.0.15, which stems from the plugin's failu...
Rust actix-web crate 缓冲区错误漏洞
Rust actix-web crate is a Rust web framework. a security vulnerability exists in versions of Rust actix-web crate prior to 0.7.15, which stems from the fact that it can unreasonably prolong the life cycle of a string, which can be exploited by an attacker to cause memory corruption...
Rust actix-web crate 缓冲区错误漏洞
Rust actix-web crate is a Rust web framework. security vulnerability exists in Mozilla Rust actix-web crate versions prior to 0.7.15, which can be exploited by attackers to cause memory corruption...
ARM mbed TLS 资源管理错误漏洞
ARM mbed TLS is a product from ARM UK that provides secure communication and encryption capabilities for mbed products. A resource management error vulnerability exists in mbed TLS, which can be exploited by a remote attacker to send a specially crafted request to an application to trigger a doub...
Oracle Virtualization和Oracle VM VirtualBox 安全漏洞
Oracle VM VirtualBox is a virtual machine management software from Oracle. An unspecified vulnerability in the Core component of Oracle VM VirtualBox versions prior to 6.1.28 can be exploited by an attacker to compromise Oracle VM VirtualBox by logging on to the Oracle VM VirtualBox execution...
Best Practical Request Tracker 信息泄露漏洞
Best Practical Request Tracker is an event tracking system written in Perl. An information disclosure vulnerability exists in Best Practical Request Tracker because the product does not securely manage the lib/RT/REST2/Middleware/Auth.pm file. An attacker can cause sensitive information to be...
Foxit PDF Editor 缓冲区错误漏洞
Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A buffer error vulnerability exists in Foxit PDF Reader because the product's printing method does not properly validate user-entered formatting descriptors. The vulnerability can be exploited to cause malicious code to be executed ...
SINEMA Server 访问控制错误漏洞
Siemens SINEMA Server is a software developed for industrial applications by Siemens, Germany. It enables you to fully visualize and monitor your network. Siemens SINEMA Server has a security vulnerability that could be exploited by an attacker to obtain encoded system configuration backup files...
WordPress 插件安全漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in WordPress...
OpenEMR 日志信息泄露漏洞
OpenEMR is an open source medical management system from the OpenEMR Openemr community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing requests. A security vulnerability exists in OpenEMR 6.0.0 that originates from an...
ThroughTek Kalay Platform 访问控制错误漏洞
throughtek ThroughTek Kalay Platform is an application from China IOT Intelligence Corporation throughtek Inc. The Kalay Cloud Platform service is enabled using P2P technology. An Access Control Error vulnerability exists in ThroughTek Kalay Platform that originates in the product network that...
Ubuntu Apport 后置链接漏洞
Canonical Ubuntu is a GNU/Linux operating system from the British company Canonical that focuses on desktop applications. A security vulnerability exists in Ubuntu Apport that stems from the incorrect handling of certain information gathering operations, which can be exploited by an attacker who...
Ubuntu Apport 后置链接漏洞
Apport is a toolkit for collecting and giving feedback on error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Ubuntu Apport that stems from Apport incorrectly handling certain information-gathering operations, which can...
SaltStack Salt 操作系统命令注入漏洞
Saltstack SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions 2016.9 through 3002.6, which stems from a comma...
Apache Tapestry 代码问题漏洞
Apache Tapestry is the United States Apache Apache Foundation of a Web application framework written in the Java language . Apache Tapestry has a security vulnerability that can be exploited by an attacker to download the file "AppModule.class" by requesting the URL "http: localhost: 8080 assets...
Microsoft Office 代码注入漏洞
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code injection vulnerability exists in Microsoft Office. The following products and edition...
Advanced Comment System Path Traversal Vulnerability
Advanced Comment System is an advanced comment system. ACS Advanced Comment System 1.0 suffers from a path traversal vulnerability that originates in index.php, an advanced component system...
VMware Spring Web Services 代码问题漏洞
VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are code vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the defaul...
Oracle REST Data Services 安全漏洞
Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a security vulnerability caused by an ANGLE component heap buffer overflow. This vulnerability could allow remote attackers to exploit a compromised rendering process through a...
libsolv 安全漏洞
Libsolv is a library in OpenSUSE that is used for checking software package dependencies. Libsolv has a security vulnerability, which stems from insufficient input validation when decompressing compressed data controlled by an attacker. This leads to a heap buffer overflow, potentially causing...
TP-Link多款产品 安全漏洞
TP-Link Archer RE650, among others, are products of the Chinese company TP-Link. The TP-Link Archer RE650 is a dual-band Gigabit wireless signal extender. The TP-Link Archer RE305 is also a dual-band Gigabit wireless signal extender. The TP-Link Archer RE360 is a wireless repeater that supports...
FeehiCMS 安全漏洞
FeehiCMS is a PHP-based CMS website building system developed by Liufee’s individual developers. The FeehiCMS v2.1.1 version contains a security vulnerability. This vulnerability stems from a storage-type cross-site scripting issue with the Group, Category, or Description parameters in the...
Salesforce Marketing Cloud Engagement 安全漏洞
Salesforce Marketing Cloud Engagement is a digital marketing automation platform offered by the American company Salesforce. A security vulnerability exists in versions of Salesforce Marketing Cloud Engagement prior to January 30, 2026. This vulnerability stems from improper parameter separators ...
Xlinesoft ASPRunner.NET 安全漏洞
XLineSoft Xlinesoft ASPRunner.NET is a web application development tool provided by the American company XLineSoft. Version 10.1 of Xlinesoft ASPRunner.NET contains a security vulnerability. This vulnerability stems from a denial-of-service vulnerability in table name fields, which could allow...
Delinea Secret Server On-Prem Security Vulnerability
Delinea Secret Server On-Prem is a privileged access management platform provided by the American company Delinea. Versions 11.8.1, 11.9.6, and 11.9.25 of Delinea Secret Server On-Prem contain security vulnerabilities. These vulnerabilities stem from improper authentication procedures, which may...
WordPress plugin Advanced Custom Fields Extended 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...
Linux kernel 安全漏洞
Linux kernel is a product of the Linux Foundation of the United States, etc. Linux kernel is the kernel used by the open-source operating system Linux. aaron update, etc. is a product of the Aaron Individual Developer. update is a library. clickHouse ch, etc. is an open-source product of...
Redis 代码注入漏洞
Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis, Inc. that provides APIs in multiple languages. A code injection vulnerability exists in Redis 8.2.1 and earlier versions, which originates from allowing an...