195539 matches found
CyberPanel 安全漏洞
CyberPanel is a web hosting control panel with built-in DNS and email servers by Usman Nasir, an individual developer. CyberPanel has a security vulnerability that originates from upgrademysqlstatus in databases/views.py that allows remote attackers to bypass authentication and execute arbitrary...
Juniper Networks Junos OS and Juniper Networks Junos OS Evolved Security Vulnerabilities
Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, Inc.Juniper Networks Junos OS is a network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper...
WordPress Plugin JetElements Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site request forge...
Jenkins Plugin Associated Files 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site scripting...
Broadcom Brocade SANnav 安全漏洞
Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A security vulnerability exists in Broadcom Brocade SANnav versions v2.2.0.2 and v2.1.1.8, which originates from logging the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.l...
BACnet Stack 缓冲区错误漏洞
BACnet Stack is an open-source protocol stack for BACnet, designed to work on embedded systems, Linux, MacOS, BSD, and Windows. Versions prior to BACnet Stack 1.4.3 contained a buffer error vulnerability. This vulnerability stems from a out-of-bounds read vulnerability in the ReadPropertyMultiple...
Mastodon 代码问题漏洞
Mastodon is an open-source social networking server based on ActivityPub, developed by Mastodon. There are code vulnerabilities in versions 4.4.0 to 4.4.13 and 4.5.0 to 4.5.6 of Mastodon. These vulnerabilities allow unverified attackers to register a FASP with a baseurl pointing to a local intern...
WordPress plugin WP Attachments 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
Rocketsoft Rocket LMS 跨站脚本漏洞
RocketSoft Rocket LMS is a full-featured Learning Management System from RocketSoft, Inc. A security vulnerability exists in Rocketsoft Rocket LMS version 1.9 that stems from the presence of a cross-site scripting XSS vulnerability that allows administrators to store JavaScript payloads using the...
Quarkus 代码注入漏洞
Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus versions prior to 2.13.5, 2.14.0 and later, and prior to 2.14.2. An attacker can exploit the vulnerability to remotely execute code...
ruby-arr-pm 操作系统命令注入漏洞
ruby-arr-fpm is an RPM read/write library written in Ruby by the individual developer Jordan Sissel. It is intended to provide a way for fpm to read and write RPMs. A security vulnerability exists in ruby-arr-pm version 0.0.11 and earlier. An attacker could use this vulnerability to execute shell...
Rocket.Chat 信息泄露漏洞
Rocket.Chat is an open source team chat software. Chat suffers from an information disclosure vulnerability that can lead to the disclosure of email addresses...
WordPress plugin Nutrie 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
valkey-bloom 输入验证错误漏洞
Valkey-Bloom is a Valkey open-source module. Valkey-Bloom has a vulnerability related to input validation errors. This vulnerability arises from the lack of a flag to handle RDB parsing errors, which may allow a specially crafted RESTORE command to trigger an assertion that causes the server to...
webfinger.js 代码问题漏洞
webfinger.js is a client-side library for querying WebFinger records by the individual developer Nick Jennings. A code issue vulnerability exists in webfinger.js version 2.8.0 and earlier, which stems from not blocking localhost access and could lead to a blind SSRF attack...
Microsoft Windows Kernel 信息泄露漏洞
Microsoft Windows Kernel is the kernel of the Windows operating system from Microsoft Corporation USA. An information disclosure vulnerability exists in Microsoft Windows Kernel. An attacker could exploit this vulnerability to obtain sensitive information. The following products and versions are...
Progress Software MOVEit Transfer Security Vulnerability
Progress Software MOVEit Transfer is a suite of automated file transfer software from Progress Software, USA. The software supports file transfer and provides file transfer activity monitoring. A security vulnerability exists in Progress Software MOVEit Transfer that stems from an incorrect...
WordPress Plugin Element Pack Elementor Addons 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
rust-libp2p 资源管理错误漏洞
rust-libp2p is a Rust implementation of the libp2p network stack from the libp2p open source. A security vulnerability exists in versions prior to rust-libp2p v0.45.1 , which can be exploited by an attacker to cause a victim node to allocate a large number of small memory blocks , eventually...
CRI-O 安全漏洞
CRI-O is a lightweight container runtime environment for the Kubernetes system. CRI-O suffers from a security vulnerability that stems from the fact that if an attacker has direct access to an affected container where a supplemental group is used to set access permissions and is able to execute...
Canonical Apport 安全漏洞
Canonical Apport is a toolkit from Canonical UK for collecting and feeding back error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Canonical Apport that stems from a system where Apport does not disable the python cras...
Matrix matrix-appservice-irc 注入漏洞
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. An injection vulnerability exists in Matrix matrix-appservice-irc version 0.33.1 and...
WordPress和WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Loco Translate plugin version prior to 2.6.1 has a cross-site scripting vulnerability, which can be exploited by attackers t...
Reolink devices information disclosure vulnerability
An information disclosure vulnerability exists in Reolink devices, which can be exploited by attackers to access sensitive information...
Multiple Cisco Products Security Vulnerabilities
The Cisco RV110W, among others, is a router from Cisco USA. A security vulnerability exists in a number of Cisco products and stems from a flaw in the detection algorithm. The vulnerability can be exploited by an attacker to bypass configured policies. The following products and versions are...
free5gc UDM 安全漏洞
free5gc UDM is a core network element of the open-source 5G mobile core network developed by free5GC. Versions of free5gc UDM prior to 1.4.1 contain security vulnerabilities. These vulnerabilities stem from the possibility for remote attackers to inject control characters into the ueId parameter,...
Snuffleupagus 安全漏洞
Snuffleupagus is a security module by Julien Voisin Personal Developer. A security vulnerability exists in Snuffleupagus versions prior to 0.13.0, which stems from a misconfiguration of the upload validation feature that could result in files in multipart POST requests being evaluated as PHP code...
Selea多款产品 安全漏洞
Selea Targa iZero and others are an optical character recognition camera for automatic license plate recognition from Selea, Italy. A security vulnerability exists in several Selea products, which stems from the /common/getfile.php script that does not validate the file parameter, potentially...
IBM i 代码问题漏洞
IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A code issue vulnerability exists in IBM i that stems from an unqualified library call that could lead to elevation of privilege. The following versions are affected:...
Microsoft Windows 后置链接漏洞
Microsoft Windows is a suite of operating systems used by Microsoft Corporation USA for personal devices. A backlink vulnerability exists in Microsoft Windows Recovery Driver. An attacker could exploit the vulnerability to elevate privileges. The following products and editions are affected:Windo...
Vitess 安全漏洞
Vitess is a database clustering system for horizontally scaling MySQL from Vitess. A security vulnerability exists in Vitess versions prior to 19.0.4, prior to 18.0.5, and prior to 17.0.7, which stems from a simple query that causes unlimited memory consumption when executed...
Nextcloud Authorization Issues Vulnerability
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An authorization issue vulnerability exists in versions prior to Nextcloud 4.9.2, which stems from a 4-digit PIN that does not need to be provided to allow...
CIRCL 安全漏洞
CIRCL is an open source collection of cryptographic primitives written in Go by Cloudflare. CIRCL has a security vulnerability that stems from the fact that the tkn20 and blindrsa components do not check whether a user-supplied random source returns sufficient randomness...
Siemens SCALANCE 安全漏洞
SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs. An OSPF packet handling vulnerability exists in the SIEMENS SCALANCE XM-400 and XR-500, which stems from the implementation of the OSPF protocol in the devic...
Canonical Apport 安全特征问题漏洞
Canonical Apport is a toolkit from Canonical UK for collecting and feeding back error messages information that the operating system finds useful when an application crashes. A security signature issue vulnerability exists in Canonical Apport that stems from incorrectly handling connections to...
Canonical Apport 竞争条件问题漏洞
Canonical Apport is a toolkit from Canonical UK that collects and feeds error messages information that the operating system considers useful when an application crashes. Canonical Apport suffers from a Competing Conditions Issue vulnerability that arises from Apport incorrectly detecting whether...
Canonical Apport 安全漏洞
Canonical Apport is a toolkit from Canonical UK that is used to collect and provide feedback on error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Canonical Apport that stems from not limiting the number of log entries...
Autodesk AutoCAD 缓冲区错误漏洞
Autodesk AutoCAD is a suite of professional 3D drawing software from Autodesk, Inc. Autodesk AutoCAD suffers from a buffer error vulnerability that stems from an arbitrary address write issue in the Autodesk DWG application. The vulnerability could allow a malicious attacker to exploit the...
WordPress plugin Triton Lite 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin Login rebuilder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Siemens Teamcenter Visualization 和 JT2Go 缓冲区错误漏洞
Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. Siemens JT2GO is a JT file viewer. Siemens Teamcenter Visualization and JT2Go are vulnerable to a stack buffer overflow vulnerability that could be exploited by an attacker...
WordPress Plugin Discy 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...
Distributed Data Systems WebHmi 跨站脚本漏洞
Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used to monitor and control any automation system on a local network and over the Internet from computers and mobile devices. A cross-site scripting vulnerability exists in...
Gentics Software Gentics CMS 代码问题漏洞
Gentics Software Gentics CMS is a digital publishing and content management system from the Austrian company Gentics Software. A code issue vulnerability exists in Gentics CMS version 5.36.29, which can be exploited by an attacker to gain access to the RCE chain...
Canonical Apport 安全特征问题漏洞
Canonical Apport is a toolkit from Canonical UK for collecting and feeding back error messages information that the operating system finds useful when an application crashes. Canonical Apport suffers from a security signature issue vulnerability that stems from a system where Apport does not...
Spacewalk 代码注入漏洞
spacewalk is an open source Linux system administration solution. Spacewalk 2.10 suffers from a code injection vulnerability, no information about this vulnerability is available at this time, please stay tuned to CNNVD or vendor announcements...
ZTE MF971R LTE router 授权问题漏洞
The ZTE MF971R is a Cat 6 LTE mobile Wi-Fi router with download speeds up to 300mbps and upload speeds up to 50mbps.The ZTE MF971R is vulnerable to a Referer authentication bypass. An attacker can exploit the vulnerability by sending a click request to the user to perform an illegal authorized...
OpenSSL 安全漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables the implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure has...
systemd 安全漏洞
Systemd is a Linux-based system and service manager developed by Lennart Poettering of Germany. This product is compatible with SysV and LSB startup scripts, and it provides a framework for representing dependencies between system services. Prior to version 260, there was a security vulnerability...
Suricata security vulnerabilities
Suricata is a network IDS, IPS, and NSM engine developed by the Open Information Security Foundation. Vulnerabilities exist in versions of Suricata prior to 8.0.3 and 7.0.14. These vulnerabilities stem from the use of a stack buffer for storing data sets; if the data size is too large, it may lea...