195539 matches found
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from inconsistent fsck operations during the block migration of f2fs FGGC nodes. This vulnerability ma...
IBM Db2 安全漏洞
IBM Db2 is a relational database management system developed by IBM. Versions 11.5.0 to 11.5.9 and 12.1.0 to 12.1.4 of IBM Db2 contain security vulnerabilities. These vulnerabilities arise from specially crafted queries when autonomous transactions are enabled, which may lead to denial-of-service...
dssrf 安全漏洞
DSSRF is a URL and network verification library developed by RelunSec’s individual developers, designed for defending against SSRF vulnerabilities. Versions of DSSRF prior to 1.3.0 contained security vulnerabilities, which stemmed from the ability to bypass the isurlsafe check for each IPv6...
WordPress plugin Voyage Plus 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition between the driveroverrideshow function and the driveroverridestore function in...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.6 contained a security vulnerability. This vulnerability stems from the/api/v1/retrieval/query/collection endpoint, which allows access to other users’ private...
Backstage 代码问题漏洞
Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 0.27.1 contained code-related vulnerabilities. These vulnerabilities stemmed from server-side request forgeing when the experimental client ...
Navtor NavBox 安全漏洞
Navtor NavBox is a shipping information system device developed by the Norwegian company Navtor. It is used for electronic nautical chart management and synchronization of navigation data. There is a security vulnerability in Navtor NavBox, which stems from the lack of authentication in the HTTP...
GIMP 安全漏洞
GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability that can lead to a denial-of-service attack due to specially crafted PSP image files...
pearweb 安全漏洞
PearWeb is a PHP extension and application repository developed by PEAR. Versions of PearWeb prior to 1.33.0 contained a security vulnerability. This vulnerability stemmed from the use of the pregReplace function with the / modifier in incorrectly updated email processing, potentially allowing PH...
Sonatype Nexus Repository 安全漏洞
Sonatype Nexus Repository is a repository manager from Sonatype, Inc. that is used for managing, storing, and distributing software, among other things. A security vulnerability exists in Sonatype Nexus Repository 3 3.0.0 and later versions, which stems from improper validation of proxy repositor...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from multiple post-release reuse vulnerabilities when physically removing a USB device...
hpke-js 安全漏洞
hpke-js is a hybrid public key cryptographic module from the individual developer Ajitomi Daisuke. A security vulnerability exists in hpke-js versions prior to 1.7.5, which stems from a race condition in the SenderContext Seal API that could lead to a loss of message confidentiality and integrity...
Windu CMS 安全漏洞
Windu CMS Windu CMS is a lightweight web content management system CMS from Windu. A security vulnerability exists in Windu CMS version 4.1, which stems from insufficient client-side brute force protection and could lead to brute force attacks...
Abilis CPX 安全漏洞
Abilis CPX is a software platform for a range of, voice and data network management equipment from Abilis, Italy. A security vulnerability exists in Abilis CPX that originates from the ability to log into a restricted shell after three failed SSH authentication attempts, which could lead to a...
Oracle Database Server 安全漏洞
Oracle Database Server is a relational database management system from Oracle Corporation USA. This database management system provides data management, distributed processing, and other functions. A security vulnerability exists in Portable Clusterware versions 19.3 through 19.28, 21.3 through...
esm.sh 安全漏洞
esm.sh is a content delivery network open-sourced by esm.sh. A security vulnerability exists in esm.sh version 136 and earlier, which stems from improper handling of the X-Zone-Id HTTP header and could lead to a path traversal attack...
Tautulli 安全漏洞
Tautulli is a Tautulli open source application for monitoring Plex Media Server media server. A security vulnerability exists in Tautulli 2.15.3 and earlier versions, which stems from the presence of path traversal in the realpmsimageproxy endpoint, which could lead to arbitrary file reads...
Google Pixel 安全漏洞
Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that can be exploited by an attacker that may lead to physical elevation of privileges...
XXL-JOB 安全漏洞
XXL-JOB is a distributed task scheduling platform by the individual developer Xu Xueli xuxueli. A security vulnerability exists in XXL-JOB 3.1.1 and earlier versions, which stems from incorrect manipulation of parameter IDs, resulting in improper control of resource identifiers...
Shaarli 安全漏洞
Shaarli is a suite of website cloning tools. A security vulnerability exists in Shaarli versions prior to 0.15.0, which stems from an input string that is not properly cleaned and is susceptible to reflective cross-site scripting attacks...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from rpmsgregisterdeviceoverride not releasing a device reference, which could lead to a resource leak...
Fuji Electric V-SFT 缓冲区错误漏洞
Fuji Electric V-SFT is a screen configuration software from Fuji Electric Japan. Fuji Electric V-SFT suffers from a buffer overflow vulnerability that originates in the settemptypedefault function in VS6MemInIF, which can be exploited by an attacker to cause a crash, information disclosure, and...
WordPress plugin Theme File Duplicator 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...
Microsoft Office 资源管理错误漏洞
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...
Adobe Illustrator 缓冲区错误漏洞
Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds read vulnerability exists in Adobe Illustrator, which can be exploited by attackers to obtain sensitive information...
Salesforce Tableau 安全漏洞
Salesforce Tableau is a data visualization and analytics platform from Salesforce, Inc. A security vulnerability exists in Salesforce Tableau that stems from a plaintext storage of sensitive information vulnerability that could result in personal access tokens being logged...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a contention condition issue when concurrently stopping garbage collection in the f2fs file system...
WordPress plugin WPLMS 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A code issue...
WordPress plugin Media Downloader 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
IrfanView 安全漏洞
IrfanView is an image viewer by the individual developer Irfan Skiljan. It supports image browsing, image editing, image format conversion and more. IrfanView suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute code in the context of the current proce...
7-Zip 数字错误漏洞
7-Zip is a compression software from the 7-Zip open source. A numeric error vulnerability exists in 7-Zip that stems from improper validation of user-supplied data during the Zstandard decompression process, which could result in an integer overflow and execution of arbitrary code before writing ...
OpenAirInterface CN5G AMF 安全漏洞
OpenAirInterface CN5G AMF is an OpenAirInterface open source application. A security vulnerability exists in OpenAirInterface CN5G AMF v2.0.0 and earlier versions, which stems from the presence of a stack-based buffer overflow that allows a remote attacker to execute code by sending a response wi...
Moodle 安全漏洞
Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle that stems from a possible risk in local files when restoring block backups...
Jamf Pro 安全漏洞
Jamf Pro is an Apple device management solution from Jamf USA. A security vulnerability exists in Jamf Pro that stems from a flaw in the Jamf Remote Assist tool that allows a local, unprivileged user to elevate their privileges to root privileges on MacOS systems...
openSUSE Leap 安全漏洞
openSUSE Leap is a new openSUSE build and a new hybrid Linux distribution from SUSE Germany. A security vulnerability exists in openSUSE Leap that stems from an attacker's ability to place special files into the actual package source, allowing the attacker to change the victim's osc configuration...
Adobe Commerce 访问控制错误漏洞
Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. An improper access control vulnerability exists in Adobe Commerce, which can be exploited by an attacker to cause a security feature bypass...
Siemens JT2GO 安全漏洞
JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML with available JT, VFZ, CGM and TIF data. Siemens JT2Go suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute code in the context of the current process...
Cisco IOS XE Software 安全漏洞
Cisco IOS XE Software is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software that originates from...
Solara Security Breach
Solara is a pure Python, React style framework open sourced by widgetti. It is used to extend Jupyter and web applications. A security vulnerability exists in Solara versions prior to 1.35.1, which stems from a failure to properly validate a URI fragment for a directory traversal sequence, which...
Red Hat Keycloak Information Disclosure Vulnerability
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. An information disclosure vulnerability exists in Red Hat Keycloak. An attacker could exploit the vulnerability to cause a data leak or system...
Microsoft SharePoint 代码问题漏洞
Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code...
Submariner Operator 安全漏洞
Submariner Operator is a Submariner open source for installing Submariner components on Kubernetes clusters. A security vulnerability exists in Submariner Operator, which stems from unnecessary role-based access control privileges that allow a privileged attacker to steal service account tokens a...
Red Hat Keycloak 路径遍历漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A path traversal vulnerability exists in Red Hat Keycloak that stems from an inability to properly validate the inclusion of a URL in a redirec...
Microsoft OLE DB Provider for SQL Server 安全漏洞
Microsoft OLE DB Driver for SQL Server is a standalone data access application programming interface API for OLE DB. A remote code execution vulnerability exists in Microsoft OLE DB Driver for SQL Server, which can be exploited by an attacker to execute arbitrary code on the system...
Microsoft ODBC Driver 安全漏洞
Microsoft ODBC Driver is a driver from Microsoft Corporation USA. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in the Microsoft ODBC Driver. The following products and editions are...
Esri Portal For ArcGIS 跨站脚本漏洞
Esri Portal For ArcGIS is a component from Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS 11.1 and prior versions that stems from vulnerability to...
Microsoft Open Management Infrastructure Security Vulnerability
Microsoft Open Management Infrastructure is a free, open source Common Information Model CIM management server from Microsoft. A security vulnerability exists in Microsoft Open Management Infrastructure. An attacker could exploit the vulnerability to remotely execute code. The following products...
F5 Nginx Code Issues Vulnerabilities
F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 Inc. distributed under the BSD-like protocol. A security vulnerability exists in F5 Nginx Plus version R31, which stems from an undisclosed request that could cause an NGINX worker process to...
Drupal Security Vulnerabilities
Drupal is an open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal version 9.3.6, which stems from the presence of a Denial of Service DoS vulnerability...