195539 matches found
InHand Networks InRouter302 输入验证错误漏洞
InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version V3.5.4 is vulnerable to an input validation error that originates in the libnvram.so nvramimport function userdefineinit function in the userdefinetimeoutnvram variable has...
Adobe InDesign 缓冲区错误漏洞
Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. A code execution vulnerability exists in Adobe InDesign. The vulnerability arises from a networked system or product that does not properly validate data boundaries when performing operations in...
Fortinet FortiOS 安全漏洞
Fortinet FortiOS is a dedicated security operating system for the FortiGate network security platform from Fortinet, Inc. Fortinet FortiOS versions 6.4.8 and earlier and 7.0.3 and earlier are vulnerable to an access control error that could be exploited by an authenticated attacker with a...
Google Android 安全漏洞
Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android has an elevation of privilege vulnerability that could be exploited by attackers to cause a local privilege escalation that requires the user to execute the privilege...
FANUC ROBOGUIDE 访问控制错误漏洞
FANUC ROBOGUIDE is a robot simulation software from FANUC Japan.ROBOGUIDE v9.40083.00.05 and earlier versions have an access control error vulnerability that stems from not limiting or incorrectly restricting access to resources by unauthorized participants. An attacker could use this vulnerabili...
VMware Cloud Director 输入验证错误漏洞
VMware Cloud Director is a cloud service delivery platform from VMware. The platform supports virtual datacenter creation, multi-site management, datacenter scaling and cloud migration, and cloud-native application development. A security vulnerability exists in VMware Cloud Director that...
AeroCMS 跨站脚本漏洞
AeroCMS is a content management system from AeroCMS, Inc. A cross-site scripting vulnerability exists in AeroCMS v0.0.1, which can be exploited by attackers to execute arbitrary Web script or HTML by injecting a specially crafted payload into the post title text field...
simple-git-hooks 参数注入漏洞
simple-git-hooks is an application. A simple git hooks manager for small projects. simple-git-hooks versions prior to 3.5.0 have security vulnerabilities that attackers exploit for command injection...
snapd 安全漏洞
Snapd is an open source, cross-platform package management tool. A security vulnerability exists in snapd 2.54.2 and earlier versions, which stems from the software creating the snap directory in a user's home directory without specifying owner-only permissions. This may allow a local attacker to...
Wecon Technologies LeviStudioU 缓冲区错误漏洞
Wecon Technologies LeviStudioU is a suite of HMI programming software from China's Wecon Technologies. A security vulnerability exists in WECON LeviStudioU, which can be exploited by attackers to remotely execute code...
Schneider Electric Rack PDU 信息泄露漏洞
Schneider Electric Rack PDUs are APC switched rack power distribution units PDUs from Schneider-electric in France that support advanced, user-customizable power control and active monitoring. An information disclosure vulnerability exists in the Schneider Electric Rack PDU, which can be exploite...
Microsoft Windows 权限许可和访问控制问题漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A vulnerability exists in Microsoft Windows Encrypting File System EFS with privilege permission and access control issues. The following products and editions are affected:Windows Server...
WordPress 插件 安全漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress WPS Hide Login plugin has an authorization issue vulnerability in versions prior to 1.9.1, which ste...
Adobe XMP Toolkit SDK 缓冲区错误漏洞
Adobe XMP Toolkit SDK is a tagging technology from Adobe that allows you to embed data about a file called metadata into the file itself.Adobe XMP Toolkit SDK 2021.07 and earlier versions are vulnerable to a stack buffer overflow. An attacker could exploit this vulnerability to execute arbitrary...
Solarwinds Orion Platform SQL注入漏洞
SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and profiling of network devices and supports custom web interfaces, multiple user opinions, and map-based browsing of the entire network. The...
ZOHO ManageEngine Log360 跨站请求伪造漏洞
ZOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. The solution helps you mitigate security threats, detect persistent attack attempts, detect suspicious user activity and comply with regulatory requirements.A code injection...
Netgear NETGEAR 安全漏洞
Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. NETGEAR has a security vulnerability that stems from some NETGEAR devices being affected by privilege escalation...
gitlogplus 命令注入漏洞
gitlogplus is a package that displays commit logs. A command injection vulnerability exists in gitlogplus that stems from option attributes being appended to commands to be executed without processing...
Japan Total System GroupSession 跨站脚本漏洞
Japan Total System GroupSession is a groupware project from Japan Total System, Inc. that facilitates business and organizational communication and is designed to promote information sharing. A cross-site scripting vulnerability exists in Total System GroupSession, which can be triggered by an...
Pivotal Software RabbitMQ 跨站脚本漏洞
RabbitMQ is a multi-protocol message broker. A cross-site scripting vulnerability exists in RabbitMQ versions prior to RabbitMQ 3.8.18 for rabbitmq-server. The vulnerability stems from the program not properly filtering the tag. An attacker can exploit this vulnerability to execute JavaScript cod...
Ubuntu Apport 后置链接漏洞
Apport is a toolkit for collecting and feeding back error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Ubuntu Apport that stems from incorrect handling of certain information gathering operations, which can be exploite...
Ubuntu Apport 后置链接漏洞
Apport is a toolkit for collecting and feeding back error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Ubuntu Apport that stems from Apport incorrectly handling certain information-gathering operations, which can be...
Grav 安全漏洞
Grav is a scalable CMS Content Management System for personal blogs, small content publishing platforms, and one-page product displays. A security vulnerability exists in Grav that stems from the fact that an unauthenticated user can execute some methods of the administrator controller without...
Michael Stepankin OpenID-Connect-Java-Spring-Server 代码问题漏洞
Michael Stepankin OpenID-Connect-Java-Spring-Server is a GlobalMichael Stepankin open source application system provides OpenID Connect identity provider and generic OAuth 2.0 authorization server Michael Stepankin OpenID-Connect-Java-Spring-Server suffers from a server-side request forgery...
Esri 多款产品缓冲区错误漏洞
ESRI ArcGIS Enterprise and others are products of Environmental Systems Research Institute ESRI, Inc.ArcGIS Enterprise is a GIS Geographic Information System base software system.Esri Arcgis Server is a Web-oriented enterprise software platform that can be used to provide geolocation services. Es...
HugoMario swagger-codegen 信息泄露漏洞
HugoMario swagger-codegen is an application from HugoMario. It is used to automatically generate API client libraries generate SDKs, server stubs and documentation given an OpenAPI Spec. An information disclosure vulnerability exists in Swagger-codegen version 2.4.19. The vulnerability stems from...
GLPI 安全漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a resource management vulnerability. This vulnerability stemmed from a problem with the reuse of resources after their release, which could allow remote attackers to execute a sandb...
QNAP qts 缓冲区错误漏洞
QNAP Systems QTS and QNAP Systems QuTS are both products of QNAP Systems Corporation. QNAP Systems QTS is an entry-level operating system. QNAP Systems QuTS hero is a software with data storage and management capabilities. Both QNAP Systems QTS and QNAP Systems QuTS hero have security...
ConnectWise ScreenConnect 安全漏洞
ConnectWise ScreenConnect is a self-hosted remote desktop software application developed by ConnectWise. Versions of ConnectWise ScreenConnect prior to version 26.2 contained a security vulnerability. This vulnerability stemmed from the lack of input validation for the token expiration duration...
ImageMagick 安全漏洞
ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-50 and 7.1.2-25 contained security vulnerabilities. These vulnerabilities stemmed...
NVIDIA DALI 输入验证错误漏洞
NVIDIA DALI is a data loading and preprocessing library developed by NVIDIA Corporation in the United States. NVIDIA DALI has a vulnerability related to input validation errors. This vulnerability stems from improper index validation in the components of the library, which can lead to code...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability caused by the exposure of Media channel information. This vulnerability could allow remote attackers to exploit the vulnerability through specially crafted...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which arises from the issue of excessive out-of-bounds read accesses when the number of dentryhashtable buckets is...
ILM Informatique OpenConcerto 安全漏洞
ILM Informatique OpenConcerto is a business management software suite developed by the French company ILM Informatique. Version 1.7.5 of ILM Informatique OpenConcerto contains a security vulnerability, which stems from improper allocation of permissions for critical resources, potentially leading...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.1 contained security vulnerabilities. These vulnerabilities stemmed from an issue with the endpoint where administrator...
Parse Server 安全漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.13 and 9.5.1-alpha.2. These vulnerabilities stemmed from using prototype property...
OpenSIPS SQL注入漏洞
OpenSIPS is an SIP server implementation licensed under the GPL for individual OpenSIPS developers. Versions of OpenSIPS prior to 3.6.4 contained a SQL injection vulnerability. This vulnerability stems from the jwtdbauthorize function in the authjwt module, which allows for SQL injections,...
Sz-Admin 安全漏洞
Sz-Admin is a mid-backend management software developed by INS6+ individuals. Versions of Sz-Admin such as 1.3.2-beta and earlier contained security vulnerabilities. These vulnerabilities were caused by incorrect handling of the parameter messageId in files/api/admin/sys-message/, which could lea...
free5GC 代码问题漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC such as 1.4.1 and earlier contained code vulnerabilities. These vulnerabilities resulted from the risk of leaking detailed internal error messages when processing invalid pduSessionId inputs. This...
LibreNMS 跨站脚本漏洞
LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 26.1.1 contained a cross-site scripting vulnerability. This...
Markdown Preview Enhanced 安全漏洞
Markdown Preview Enhanced is a highly powerful markup extension developed by Yiyi Wang. Version 0.8.18 of Markdown Preview Enhanced contains a security vulnerability; this vulnerability arises from uploading specially crafted .md files, potentially allowing for the execution of arbitrary code...
WordPress plugin Vireo 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
Beward N100 安全漏洞
Beward N100 is an IP video codec from the Russian open source Beward. A security vulnerability exists in Beward N100 H.264 VGA IP Camera version M2.1.6, which stems from insufficient validation of the READ.filePath parameter and could lead to the disclosure of arbitrary files...
Mitrastar GPT-2741GNAC-N2 安全漏洞
Mitrastar GPT-2741GNAC-N2 is a home gateway device from China-based Allied Technology Mitrastar. A security vulnerability exists in the Mitrastar GPT-2741GNAC-N2 that originates from a root shell that can be obtained via specific command parameters...
Microsoft Office 资源管理错误漏洞
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which is caused due to a post-release usage...
Juniper Networks Junos OS和Juniper Networks Junos OS Evolved 资源管理错误漏洞
Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, Inc.Juniper Networks Junos OS is a set of network operating systems dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK...
VMware ESXi和VMware vCenter Server 安全漏洞
VMware ESXi and VMware vCenter Server are both products of VMware, Inc.VMware ESXi is a server virtualization platform that can be installed directly on physical servers.VMware vCenter Server is a suite of server and virtualization management software. The software provides a centralized platform...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not cleaning up the cxlregion target, which could lead to a memory leak...
Growatt Cloud Applications 安全漏洞
Growatt Cloud Applications is a monitoring platform from Growatt, a Chinese company. A security vulnerability exists in Growatt Cloud Applications version 3.6.0 and earlier, which stems from a verified attacker being able to obtain arbitrary plant names via plant IDs...