195539 matches found
Qualcomm 芯片安全漏洞
A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and often fabricated on the surface of semiconductor wafers. A security vulnerability exists in the Qualcomm chip wlan driver, which stems fro...
WordPress plugin Icon Widget 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Dust.js 安全漏洞
Dust.js is a LinkedIn open source asynchronous Javascript template for browsers and servers. A security vulnerability exists in Dust.js version 3.0.0, which stems from some unknown functionality that manipulates to cause improperly controlled modification of object prototype properties "prototype...
Appsmith 代码问题漏洞
Appsmith is an open source platform for building, deploying and maintaining in-house applications from Appsmith Open Source. A server-side request forgery vulnerability exists in Appsmith versions prior to 1.8.2, which can be exploited by an attacker to perform authenticated server-side request...
Apache Jena 代码问题漏洞
Apache Jena is the United States Apache Apache Foundation of a Java Semantic Web framework. It is used to build semantic Web and linked data applications. A code issue vulnerability exists in Apache Jena SDB 3.17.0 and earlier versions, which stems from vulnerability to JDBC deserialization attac...
Apache Airflow 输入验证错误漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An input validation error vulnerability exists in Apache Airflow versions prior to...
Feathers SQL注入漏洞
Feathers is Feathers open source a lightweight Web framework. Used to create APIs and real-time applications using TypeScript or JavaScript . Feathers has a security vulnerability , the vulnerability stems from incorrect validation of user input...
Socket.IO SQL注入漏洞
Socket.IO is a JavaScript library for real-time web applications from Socket.IO. A security vulnerability exists in Socket.IO that stems from incorrect type validation when an attachment parses the Socket.io js library...
Jenkins Compuware Topaz Utilities Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
WordPress Plugin WP Custom Cursors SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists i...
WordPress Plugin WP Custom Cursors 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Nextcloud 代码问题漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platforms from Nextcloud, Germany. A code issue vulnerability exists in Nextcloud server and Nextcloud Enterprise Server that stems from a locally running web service that can be discovered...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a security vulnerability that stems from a flaw in its netrdsallocsgs that allows unprivileged local users to crash their computers...
Froxlor 跨站请求伪造漏洞
Froxlor is a lightweight server management software from the Froxlor team. A cross-site request forgery vulnerability exists in Froxlor versions prior to 0.10.38. An attacker could exploit this vulnerability to perform cross-site request forgery attacks...
WordPress plugin Web Application Firewall 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress plugin WP DS Blog Map 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
shescape 注入漏洞
shescape is open source a simple shell escaping program package for JavaScript . Use it to escape user-controlled input to shell commands to prevent shell injection. An injection vulnerability exists in versions prior to Shescape 1.5.8, which can be exploited by an attacker to omit all arguments...
GitLab CE/EE 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE that originates from an email...
Ping Identity Windows PingId 安全漏洞
Ping Identity Windows PingId is a software from Ping Identity USA that provides security for applications. A security vulnerability exists in Ping Identity Windows PingId versions prior to 2.8 that stems from an offline security key being used as part of authentication...
Intel Processors 输入验证错误漏洞
Intel Processors Intel processors are American Intel Intel companies that provide interpretation of computer instructions and processing of data in computer software. A denial of service vulnerability exists in Intel Processors that originates from incorrect input authentication. An authenticated...
Adobe InDesign 缓冲区错误漏洞
Adobe InDesign is a set of typesetting and editing applications from Adobe, Inc. An out-of-bounds write vulnerability exists in Adobe InDesign, which could be exploited by an attacker to execute arbitrary code in the context of the current user...
WordPress plugin Useful Banner Manager 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Useful Banner Manager plugin version 1.6.1 and earlier versions are vulnerable to cross-site reques...
IBM Spectrum Copy Data Management 授权问题漏洞
IBM Spectrum Copy Data Management, an IBM company that modernizes, simplifies, and automates data center copy management processes, has an access control error in IBM Spectrum Copy Data Management Admin versions 2.2.0.0 through 2.2.15.0. vulnerability, which stems from a lack of proper session...
Illumina Local Run Manager 访问控制错误漏洞
Illumina Local Run Manager is an integrated solution from Illumina, Inc. Designed to create sequencing runs, monitor run status, analyze sequencing data, and view results, Illumina Local Run Manager is vulnerable to an access control error that could be exploited by remote attackers to gain...
Mattermost 资源管理错误漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. A resource management error vulnerability exists in Mattermost 6.4.1 and earlier versions, which stems from an image proxy component that allocates memory for multiple copies of a proxy image and can be exploited by an...
Strapi 代码问题漏洞
Strapi is an open source headless content management system CMS. A security vulnerability exists in Strapi v4.1.5 that allows an attacker to execute arbitrary code via a crafted file...
Digital Bazaar Forge 数据伪造问题漏洞
Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. A data forgery issue vulnerability exists in versions prior to Digital Bazaar Forge 1.3.0, which originated in...
node-ipc 安全漏洞
node-ipc is a node.js module from the individual developer Brandon Nozaki Miller in the United States. It is used for local and remote inter-process communication and fully supports Linux, Mac and Windows. A security vulnerability exists in node-ipc version 10.1.1 up to and including 10.1.3. The...
Yokogawa Exaopc 安全漏洞
Yokogawa Electric is a server of Yokogawa Electric Yokogawa, Japan. A security vulnerability exists in CAMS for HIS Log Server in Yokogawa Electric. The vulnerability stems from CAMS for HIS Log Server not properly enabling log output. The following products and versions are affected: CENTUM CS...
Shopware 跨站脚本漏洞
Shopware is a set of open source e-commerce software from the German company Shopware.Shopware suffers from a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied and output data. An attacker could exploit this vulnerability to inject...
Tp-link Archer C2 操作系统命令注入漏洞
TP-Link Archer C2 is a wireless router from Tp-link.TP-Link Archer C20i version 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n is vulnerable due to a security flaw in the device's HTTP parameter XTP ExternalIPv6Address. ExternalIPv6Address in the device lacks filtering and escaping of user data, which...
microweber 安全漏洞
Microweber is an online store management system from the US Microweber community that provides drag-and-drop functionality. The system includes modules for adding products, images, etc. Microweber has a security vulnerability, and no details of the vulnerability are available at this time...
XWiki Platform 安全漏洞
Xwiki Platform is a Wiki platform used to create Web collaboration applications from the French company Xwiki. XWiki Platform has an access control error vulnerability that stems from the application not properly restricting access to resources from unauthorized roles, which could be exploited by...
stb 安全漏洞
stb is a single-file public domain library for C/C. stbimage.h is one of the image loaders. stb stbimage.h is vulnerable, and an attacker could use stbimage to crash the service or read up to 1024 bytes of non-contiguous heap data without controlling where it is read...
ZOOM Zoom Client 后置链接漏洞
ZOOM Zoom Client is a video conferencing client application from Zoom ZOOM USA that supports multiple platforms. A security vulnerability exists in Zoom Client for Meetings for Windows, which stems from the fact that all versions of the Zoom for Meetings for Windows client prior to version 5.3.2...
Google TensorFlow数字错误漏洞
Google TensorFlow is an end-to-end open source machine learning platform. A denial of service vulnerability exists in Google TensorFlow. A local attacker could exploit this vulnerability to cause a denial of service condition...
Microsoft Office 代码注入漏洞
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and others. A code injection vulnerability exists in Microsoft Microsoft Office. The following products...
CLICK PLC CPU Modules 安全漏洞
CLICK PLC CPU Modules are Automation Direct's network devices A single CLICK CPU Module can be connected to up to eight I/O modules to expand the amount of system I/O and meet the needs of a specific application. Automation Direct CLICK PLC CPU Modules have a security vulnerability that allows an...
Auth0 跨站脚本漏洞
Auth0 is is an authentication agent that supports social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. Auth0-lock suffers from a cross-site scripting vulnerability in versions prior to 11.30.0 that can be exploited by an attacker to execute...
Cisco Finesse 输入验证错误漏洞
Cisco Finesse is a next-generation seat and supervisor desktop designed to provide a collaborative experience for the diverse communities that interact with your customer service organization. An open redirection vulnerability exists in the Web management interface of Cisco Finesse 12.61 and...
Moodle 输入验证错误漏洞
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. Moodle suffers from an input validation error vulnerability that stems from insufficient innocent handling of user-supplied data in th...
MediaWiki 信息泄露漏洞
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. An information disclosure vulnerability exists in versions of MediaWiki prior...
Cloud Foundry UAA和CloudFoundry CF Deployment 数据伪造问题漏洞
Cloud Foundry UAA is an identity verification and management service terminal developed by the Cloud Foundry Foundation in the United States, and it is used on the CloudFoundry platform. CloudFoundry CF Deployment is a code deployment component provided by the Cloud Foundry Foundation. Versions o...
dracut project dracut 命令注入漏洞
Dracut is an event-driven initramfs generation tool developed by Dracutdevs. Dracut has a vulnerability related to operating system command injection. This vulnerability arises when remote attackers provide custom DHCP options, which are improperly processed and written into temporary shell...
Splunk Enterprise 权限许可和访问控制问题漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an access control...
VMware Spring Data MongoDB 安全漏洞
VMware Spring Data MongoDB is a MongoDB data access framework developed by the American company VMware. There is a security vulnerability in VMware Spring Data MongoDB, which stems from insufficient validation of bound parameters in repository query methods using the @Query annotation and regular...
Broadcom Symantec Endpoint Protection CleanWipe Removal Tool 权限许可和访问控制问题漏洞
The Broadcom CleanWipe Removal Tool is an enterprise-level security software uninstallation tool developed by Broadcom Corporation. Versions of the Broadcom CleanWipe Removal Tool prior to version 16.0.0.65 contained security vulnerabilities. These vulnerabilities could allow attackers with limit...
SolarWinds Observability Self-Hosted 输入验证错误漏洞
SolarWinds Observability Self-Hosted is an observability platform developed by the American company SolarWinds. SolarWinds Observability Self-Hosted has a vulnerability related to input validation errors. This vulnerability arises when attackers can provide a specially crafted external URL,...
Microsoft Windows Telephony Server 竞争条件问题漏洞
Microsoft Windows Telephony Server is a component of the American company Microsoft. It supports the Telephone Application Programming Interface TAPI, allowing computer programs to communicate with shared telephone services. There are vulnerabilities related to competition conditions in Microsoft...
md-fileserver 安全漏洞
md-fileserver is a local Markdown file browser and rendering server developed by Commenthol as an individual project. Versions of md-fileserver prior to 1.10.3 contained security vulnerabilities. These vulnerabilities stemmed from the Markdown rendering logic’s failure to clean up the embedded...