195539 matches found
Secuever reverseWall-MDS 授权问题漏洞
Secuever reverseWall-MDS is a device that connects to the reverseWall-MDS flow product from Secuever Korea. It is used to relay packets between other non-secure areas and existing secure areas. A security vulnerability exists in Secuever reverseWall-MDS that stems from insufficient user privilege...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel. An attacker exploiting this vulnerability could cause a memory leak...
Bytebase 安全漏洞
Bytebase is an open source web-based, zero-configuration, dependency-free database schema change and version control management tool for DevOps teams.Bytebase versions 0.1.0 through 1.0.4 are vulnerable to an access control error that stems from unrestricted low privilege user access, which can b...
WordPress plugin Max Button 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin Migration, Backup, Staging 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in th...
Pagekit 跨站脚本漏洞
Pagekit is a modular, lightweight CMS Content Management System. A security vulnerability exists in Pagekit CMS v1.0.18. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the Markdown text box under /blog/post/edit...
VTK 代码问题漏洞
VTK is an open source software system for image processing, 3D graphics, body drawing and visualization. VTK suffers from a code issue vulnerability that stems from its IO/Infovis/vtkXMLTreeReader.cxx component not checking the return value of the libxml2 API "xmlDocGetRootElement" and attempting...
InventoryManagementSystem SQL注入漏洞
InventoryManagementSystem is an inventory management system by Sajan Rajbhandari, an individual developer. It provides an easy way to track products, suppliers, customers, and purchasing and sales information. A SQL injection vulnerability exists in InventoryManagementSystem version 1.0, which...
Automation Broker apb 安全漏洞
apb is an Automation Broker open source CLI tool for listing and deploying service packs. A security vulnerability exists in Automation Broker apb container version 2.0.4-1, which stems from the container granting sudoer privileges to all users, allowing unauthorized users with access to the...
F5 BIG-IP 代码问题漏洞
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial-of-service vulnerability exists in the F5 BIG-IP DNS TMUI, which can be exploited by an authenticated attacker with ...
Google Android 竞争条件问题漏洞
Google Android is a Linux-based open source operating system from the American company Google Google. A security vulnerability exists in Google Android 10, 11, 12, 12L. An attacker exploiting the vulnerability could result in local elevation of privilege...
Foxit PDF Reader 资源管理错误漏洞
Foxit PDF Reader is China Foxit Foxit company a PDF reader. Foxit PDF Reader suffers from a resource management error vulnerability that stems from a specific flaw in the handling of Doc objects, which can be exploited by an attacker to execute code in the context of the current process...
Known 跨站脚本漏洞
Known is a social publishing platform open-sourced by Known in the United States. A security vulnerability exists in Known v1.3.1 and below, which stems from an issue with the isSVG function that allows an attacker to execute arbitrary code via a crafted SVG file...
UltraJSON 资源管理错误漏洞
UltraJSON is an open source, ultra-fast JSON encoder and decoder written in pure C and bundled with Python 3.7+. A resource management error vulnerability exists in versions of UltraJSON prior to 5.4.0, which stems from an error when reallocating a buffer for string decoding, which could cause th...
TrueConf Server 跨站脚本漏洞
TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server is vulnerable to a cross-site scripting vulnerability that originates from unknown code in the file /admin/conferences/get-all-status/, with the parameter...
SialWeb CMS SQL注入漏洞
SialWeb CMS is a content management system from SialWeb Pakistan. SQL injection vulnerability exists in SialWeb CMS, which can be exploited by attackers to manipulate the parameter Id to cause sql injection...
Hashicorp Vault 安全漏洞
Hashicorp HashiCorp Vault is a private key access management tool from Hashicorp USA. A security vulnerability exists in HashiCorp Vault and Vault Enterprise versions 1.10.0 through 1.10.2, which stems from a misconfiguration and a forced MFA login after a server reboot...
WordPress plugin Fusion Builder 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Fusion Builders plugin versions prior to 3.6.2 contain an access control error vulnerability that...
Gogs 跨站脚本漏洞
Gogs Go Git Service is a Go-based self-service Git hosting service from the GOGS team that supports creating and migrating public/private repositories, adding and removing repository collaborators, and more. A security vulnerability exists in Gogs versions prior to 0.12.7, which stems from the la...
Fortinet FortiOS 信息泄露漏洞
Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, Inc. Fortinet FortiOS is vulnerable to an information leakage vulnerability that results from excessive data output in server-generated error messages, which can be exploited by...
WordPress plugin Tatsu 访问控制错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A file upload vulnerability...
PHPSHE 安全漏洞
PHPSHE is a set of online shopping mall system of Lingbao Jane Good Network Technology Co. The system supports express tracking, online chat, order evaluation and statistics and other functions. A denial-of-service vulnerability exists in PHPSHE version V1.8, which originates from mishandling a...
Kofax Printix Secure Cloud Print Management 竞争条件问题漏洞
Kofax Printix Secure Cloud Print Management is a cloud-based print management software from Kofax USA that is flexible, scalable and easy to use. Manage and maintain complex print environments anytime, anywhere with all the modern printing features users and organizations need. A security...
GitLab Enterprise Edition和GitLab Community Edition 授权问题漏洞
GitLab Enterprise Edition is a content management system, and GitLab Community Edition is a community edition of GitLab from GitLab, Inc. GitLab Enterprise Edition and GitLab Community Edition have an authorization issue vulnerability that arises from an application exporting too much data in the...
Elgg 跨站脚本漏洞
Elgg is a set of open source social networking engine. The product blogs, file sharing, groups and other features. elgg has a cross-site scripting vulnerability, there are no details of the vulnerability provided...
Wecon Technologies LeviStudioU 缓冲区错误漏洞
Wecon Technologies LeviStudioU is a set of human-machine interface programming software from Wecon Technologies China. A security vulnerability exists in Wecon Technologies LeviStudioU, which can be exploited by attackers to execute code...
Distributed Data Systems WebHmi 代码问题漏洞
Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. A file upload vulnerability...
Oracle MySQL Cluster 输入验证错误漏洞
MySQL Cluster is a write-scalable, real-time, ACID-compatible transactional database designed to guarantee 99.999% availability. A security vulnerability exists in the Cluster: General component of MySQL Cluster 7.4.33, 7.5.23, 7.6.19, 8.0.26 and earlier versions. An attacker could exploit this...
Siemens Ruggedcom Rox Mx5000 资源管理错误漏洞
ROX-based VPN endpoints and firewall appliances are used to connect devices that operate in harsh environments, such as electric utility substations and transportation control cabinets. A denial of service vulnerability exists in the Siemens RUGGEDCOM ROX devices, which originates from a dump cra...
Microsoft Word 代码注入漏洞
Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...
Autodesk Design Review 缓冲区错误漏洞
Autodesk Design Review ADR is a suite of AutoCAD drawing software assist software from Autodesk, Inc. The software supports viewing, marking, measuring, printing, and tracking changes to 2D and 3D design files.Autodesk Design Review is vulnerable to a buffer overflow vulnerability, which could be...
Citrix Systems Workspace App 安全漏洞
Citrix Systems Workspace App formerly known as Receiver is an application from Citrix Systems, Inc. that is used to provide secure access to applications, desktops and data. A security vulnerability exists in Citrix Workspace. The vulnerability could cause a local user to escalate their privilege...
MyBB 跨站脚本漏洞
MyBB is a free open source forum software. A cross-site scripting vulnerability exists in the parsing of messages in Nested Auto URLs in versions of MyBB prior to 1.8.26. No details of the vulnerability are provided at this time...
Google Asylo Buffer Error Vulnerability
Google Asylo is a framework for developing trusted applications from Google Inc. in the United States. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation. A buffer error vulnerability exists in Google Asylo version 0.6.0 and...
fastadmin SQL Injection Vulnerability
fastadmin is a set of website backend development framework based on ThinkPHP and Bootstrap. A SQL injection vulnerability exists in fastadmin V1.0.0.20191212 beta, which stems from a malicious parameter that can be passed in the URL admin ajax for SQL injection when a user with administrator...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability caused by an improper implementation in the Headless component. This vulnerability could allow remote attackers to execute a sandbox escape by exploiting a...
VMware Spring for GraphQL 访问控制错误漏洞
VMware Spring for GraphQL is a GraphQL application development framework provided by the American company VMware. Versions of VMware Spring for GraphQL such as 2.0.0 and earlier, 1.4.0 and earlier, 1.3.0 and earlier, as well as 1.0.0 and earlier, contain an access control vulnerability. This...
IBM Langflow 安全漏洞
IBM Langflow is a visual process orchestration tool developed by the American multinational company International Business Machines IBM. Versions 1.0.0 to 1.9.1 of IBM Langflow contain security vulnerabilities. These vulnerabilities stem from insecure direct object references, which could allow...
Pipecat 路径遍历漏洞
Pipecat is an open-source development framework developed by Pipecat that supports real-time audio and video stream processing as well as AI-powered dialogue interactions. Versions of Pipecat from 0.0.90 to 1.2.0 contained a path traversal vulnerability. This vulnerability stemmed from path...
End-to-End Encryption App 安全漏洞
End-to-End Encryption App is an open-source end-to-end encryption client implementation by Nextcloud. Vulnerabilities exist in versions of End-to-End Encryption App between 1.15.0 and 1.15.4, 1.16.0 and 1.16.3, 1.17.0 and 1.17.1, and 1.18.0 and 1.18.1. These vulnerabilities stem from improper...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after they were released in the network, which could allow remote attackers to execute...
Netatalk 安全漏洞
Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.1.0 to 4.4.2 of Netatalk contain security vulnerabilities. These vulnerabilities stem from the use of bitwise OR operations...
WordPress plugin Slider Revolution 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
EDK2 安全漏洞
EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from a memory corruption when loading invalid firmware in the bootloader...
Microsoft Exchange Server 安全漏洞
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A spoofing vulnerability exists in Microsoft Exchange Server, which can be exploited by an attack...
Microsoft Exchange Server 输入验证错误漏洞
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A security vulnerability exists in Microsoft Exchange Server. An attacker could exploit the...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a remote device sending an invalid connection request during a BT connectable LE scan, which could result in a transient denial of service...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unchecked codairamalloc return value that could lead to a null pointer dereference...
WordPress plugin RestroPress 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...
IBM InfoSphere Information Server 操作系统命令注入漏洞
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An operating system command injection vulnerability exists in IBM InfoSphere Information Server...