195539 matches found
LibreNMS 跨站脚本漏洞
LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. LibreNMS suffers from a cross-site scripting vulnerability that stems from a reflected...
Intel DSA 安全漏洞
Intel DSA is a driver update tool from Intel Intel. It can detect user drivers, update the installed drivers to the latest version, support intel series of graphics cards, audio, network cards and chipset drivers, a must for i-card users. A security vulnerability exists in versions prior to Intel...
WordPress plugin Advanced Custom Fields PRO 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...
Microsoft Windows Update Stack 访问控制错误漏洞
Microsoft Windows Update Stack is part of Microsoft Corporation USA for managing updates. An access control error vulnerability exists in Microsoft Windows Update Stack. An attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected:Windows...
WordPress plugin Redux Framework 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
IPWorks SSH Security Vulnerability
IPWorks SSH is a library from nsoftware that integrates SSH Secure Shell security features, allowing developers to easily integrate SSH security into Internet applications. A security vulnerability exists in IPWorks SSH that stems from the possibility of being induced to issue unintended file...
Pytorch-Lightning Security Vulnerability
Pytorch-Lightning is an open source lightweight PyTorch wrapper. It is used for high performance Ai research. A security vulnerability exists in Pytorch-Lightning version 2.2.1, which stems from mishandling of deserialized user input and mismanagement of the dunder attribute, leading to a remote...
NVIDIA ChatRTX 安全漏洞
NVIDIA ChatRTX is a content personalization chatbot from NVIDIA, USA. A security vulnerability exists in NVIDIA ChatRTX. An attacker exploited the vulnerability to alter the execution process by sending user input, which could lead to mismanagement of privileges issues...
NVIDIA ChatRTX 安全漏洞
NVIDIA ChatRTX is a content personalization chatbot from NVIDIA Corporation. A security vulnerability exists in NVIDIA ChatRTX that stems from sensitive information being transmitted in clear text...
D-Link DAP-1325 安全漏洞
D-Link DAP-1325 is a wireless network extender made by D-Link, which is mainly used to extend the wireless network coverage, support the conversion of wired network and wireless network or connect to different wireless networks. The D-Link DAP-1325 suffers from a command injection remote code...
Microsoft ODBC Driver 安全漏洞
Microsoft ODBC Driver is a driver from Microsoft Corporation USA. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in Microsoft ODBC Driver. An attacker could exploit the vulnerability to...
Apache Zeppelin 跨站请求伪造漏洞
Apache Zeppelin is an open source web-based laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. A cross-site request forgery vulnerability exists in Apache Zeppelin version 0.9.0 and earlier, which stems from a...
pyload injection vulnerability
pyload is a free and open source download manager written in Python, designed to be extremely lightweight, easily extensible and fully manageable over the Web. An injection vulnerability exists in versions prior to pyLoad 0.5.0b3.dev76, which stems from the presence of a log injection vulnerabili...
JBoss Enterprise Application Platform Security Vulnerability
Red Hat JBoss Enterprise Application Platform JBoss Eap is a subscription-based/open source Java Ee-based application server runtime platform from Red Hat, Inc. It is used to build, deploy, and host highly transactional Java applications and services developed and maintained by Red Hat. A securit...
WordPress Plugin Templately Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Atlassian Sourcetree Remote Code Execution Vulnerability
Atlassian Sourcetree is a free Git and Mercurial client tool from Atlassian Australia that manages repositories using a visual interface. A remote code execution vulnerability exists in Atlassian Sourcetree version 3.4.14, which stems from a security flaw in a component or feature that allows an...
QPDF Command Injection Vulnerability
QPDF is a software application. A C++ library and a set of programs to inspect and manipulate the structure of PDF files. A security vulnerability exists in all versions of QPDF, which stems from the inability of the encrypt method to filter parameters, resulting in a command injection...
libcue buffer error vulnerability
libcue is a CUE table parser library by the individual developer Ilya Lipnitskiy. A buffer error vulnerability exists in libcue version 2.2.1 and earlier. An attacker can exploit this vulnerability to execute arbitrary code...
WordPress plugin make-paths-relative cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
ArgoCD Path Traversal Vulnerability
ArgoCD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...
Apache Airflow 代码问题漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow has a code issue vulnerability that can be exploited by an attacker ...
WordPress Plugin YARPP 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
WordPress Plugin SMTP Mail 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Acronis Cyber Backup和Acronis Cyber Protect 安全漏洞
Acronis Cyber Backup and Acronis Cyber Protect are both products of Singapore Acronis Acronis.Acronis Cyber Backup is a data backup product. You can backup virtual machines and hosts, support for windows, linux backup, using AcronisInstantRestore to provide extremely fast recovery performance, an...
Drupal core 输入验证错误漏洞
Drupal core is a free, open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal core that stems from incorrect input validation. An attacker exploiting the vulnerability could alter sensitive data...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that originates from obtaining...
Siemens SICAM A8000 命令注入漏洞
The Siemens SICAM A8000 is a protection and interval control unit device for relay protection and substation environments from Siemens, Germany. A command injection vulnerability exists in the Siemens SICAM A8000. The vulnerability stems from the device's failure to properly filter constructed...
Nextcloud 安全漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud iOS versions prior to 4.7.0, which stems from the ability to bypass the app password of an iOS app...
Rocket Software UniData 和 UniVerse 安全漏洞
Rocket Software UniVerse and Rocket Software UniData are both products of Rocket Software, Inc. Rocket Software UniVerse is a suite of database management and support software now owned by Rocket Software. Software UniData is a MultiValue application platform. Rocket Software UniData is a...
Smarty 跨站脚本漏洞
Smarty is a PHP-based template engine that facilitates the separation of representation HTML/CSS from application logic. A cross-site scripting vulnerability exists in Smarty versions prior to 4.3.1 and 3.1.48, which stems from not properly escaping javascript code. An attacker can exploit this...
WordPress plugin Calculated Fields Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...
Aruba Networks AOS-CX Network Analytics Engine 安全漏洞
The Aruba Networks AOS-CX is a modern programmable network from Aruba Networks. A security vulnerability exists in the Aruba Networks AOS-CX Network Analytics Engine that can be exploited by an attacker to execute arbitrary code on the underlying operating system as a privileged user, resulting i...
Simple Food Ordering System 跨站脚本漏洞
Simple Food Ordering System is a simple food ordering system by the individual developer Carlo Montero. A cross-site scripting vulnerability exists in Simple Food Ordering System version 1.0, which stems from cross-site scripting due to misuse of the parameter order...
F5 BIG-IP 格式化字符串错误漏洞
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An elevation of privilege vulnerability exists in F5 iControl SOAP, which can be exploited by an authenticated attacker to...
SCS Library Client 安全漏洞
SCS Library Client is a Golang client for Singularity Container Services SCS. A security vulnerability exists in SCS Library Client. An attacker can exploit the vulnerability to perform a multi-part concurrent download...
phpMyFAQ 跨站脚本漏洞
phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.1.10, which stems from the presence of stored cross-site scripting XSS. No details of the vulnerability are provided at this time...
Cisco TelePresence Collaboration Endpoint Software 安全漏洞
Cisco TelePresence Collaboration Endpoint Software is a suite of collaboration endpoint software from Cisco USA. A security vulnerability exists in Cisco TelePresence Collaboration Endpoint and RoomOS Software. An attacker could exploit the vulnerability to overwrite arbitrary files on the system...
ansible-ntp 安全漏洞
ansible-ntp is managing time synchronization, NTP servers and time zones. A security vulnerability exists in ansible-ntp that stems from insufficient control over the amount of network messages...
Amazon efs-utils 竞争条件问题漏洞
Amazon efs-utils is an EFS tool for Amazon by Amazon.com. A competing conditions vulnerability exists in Amazon efs-utils prior to v1.34.4, which stems from a potential competing conditions issue where concurrent mount operations may allocate the same local port, resulting in a failed mount...
Rdiffweb 输入验证错误漏洞
Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. Provides quick access to your archives through an efficient web interface. An input validation error vulnerability exists in rdiffweb versions prior to 2.5.4, which stems from redirection...
Apache Airflow 命令注入漏洞
Apache Airflow is an open source platform for creating, managing and monitoring workflows from the Apache Foundation. Apache Airflow is vulnerable to a command injection vulnerability that could be exploited by remote attackers to submit ad hoc requests that could execute arbitrary commands in th...
Jenkins Custom Build Properties Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site scripting...
PortlandLabs Concrete CMS 跨站请求伪造漏洞
PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. Concrete CMS suffers from a security vulnerability that stems from a lack of state parameters in the external authentication service, which makes it susceptible to CSRF...
Secuever reverseWall-MDS 授权问题漏洞
Secuever reverseWall-MDS is a device that connects to the reverseWall-MDS flow product from Secuever Korea. It is used to relay packets between other non-secure areas and existing secure areas. A security vulnerability exists in Secuever reverseWall-MDS that stems from insufficient user privilege...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel. An attacker exploiting this vulnerability could cause a memory leak...
Bytebase 安全漏洞
Bytebase is an open source web-based, zero-configuration, dependency-free database schema change and version control management tool for DevOps teams.Bytebase versions 0.1.0 through 1.0.4 are vulnerable to an access control error that stems from unrestricted low privilege user access, which can b...
Apache Pulsar 输入验证错误漏洞
Apache Pulsar is an Apache Foundation distributed messaging platform for cloud environments that integrates messaging, storage, and lightweight functional computing. The software supports multi-tenancy, persistent storage, multi-room cross-regional data replication, with strong consistency, high...
WordPress plugin Max Button 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin Migration, Backup, Staging 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in th...