195539 matches found
Cisco IOS XE Software 安全漏洞
Cisco IOS XE Software is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software that originates from...
Solara Security Breach
Solara is a pure Python, React style framework open sourced by widgetti. It is used to extend Jupyter and web applications. A security vulnerability exists in Solara versions prior to 1.35.1, which stems from a failure to properly validate a URI fragment for a directory traversal sequence, which...
Red Hat Keycloak Information Disclosure Vulnerability
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. An information disclosure vulnerability exists in Red Hat Keycloak. An attacker could exploit the vulnerability to cause a data leak or system...
Microsoft SharePoint 代码问题漏洞
Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code...
WordPress plugin MainWP UpdraftPlus Extension Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Submariner Operator 安全漏洞
Submariner Operator is a Submariner open source for installing Submariner components on Kubernetes clusters. A security vulnerability exists in Submariner Operator, which stems from unnecessary role-based access control privileges that allow a privileged attacker to steal service account tokens a...
Red Hat Keycloak 路径遍历漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A path traversal vulnerability exists in Red Hat Keycloak that stems from an inability to properly validate the inclusion of a URL in a redirec...
Microsoft OLE DB Provider for SQL Server 安全漏洞
Microsoft OLE DB Driver for SQL Server is a standalone data access application programming interface API for OLE DB. A remote code execution vulnerability exists in Microsoft OLE DB Driver for SQL Server, which can be exploited by an attacker to execute arbitrary code on the system...
Microsoft ODBC Driver 安全漏洞
Microsoft ODBC Driver is a driver from Microsoft Corporation USA. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in the Microsoft ODBC Driver. The following products and editions are...
Esri Portal For ArcGIS 跨站脚本漏洞
Esri Portal For ArcGIS is a component from Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS 11.1 and prior versions that stems from vulnerability to...
Microsoft Open Management Infrastructure Security Vulnerability
Microsoft Open Management Infrastructure is a free, open source Common Information Model CIM management server from Microsoft. A security vulnerability exists in Microsoft Open Management Infrastructure. An attacker could exploit the vulnerability to remotely execute code. The following products...
F5 Nginx Code Issues Vulnerabilities
F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 Inc. distributed under the BSD-like protocol. A security vulnerability exists in F5 Nginx Plus version R31, which stems from an undisclosed request that could cause an NGINX worker process to...
Drupal Security Vulnerabilities
Drupal is an open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal version 9.3.6, which stems from the presence of a Denial of Service DoS vulnerability...
WordPress Plugin Wholesale Suite Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
XWiki Platform Security Vulnerability
XWiki Platform is the XWiki Foundation's suite of wiki platforms for creating collaborative web applications. A security vulnerability exists in XWiki Platform that stems from the fact that in the administration interface, anyone who can edit any wiki page in an XWiki installation can gain...
quiche security breach
quiche is a Cloudflare open source implementation of the IETF-designated QUIC transport protocol and HTTP/3. A security vulnerability exists in quiche versions v0.15.0 through 0.19.0, which stems from a QUIC path authentication requirement that the recipient of a PATHCHALLENGE frame responds by...
Google Chrome Security Vulnerability
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome version 119.0.6045.199 and prior versions, which stems from a memory reuse after release issue in the libavif module...
Mobileiron Sentry Security Vulnerability
Mobileiron Sentry is a Smart Gateway product from Mobileiron, Inc. A security vulnerability exists in Mobileiron Sentry Sentry-javascript prior to version 7.77.0, which arises from unpurified input that allows HTTP requests to be sent to arbitrary URLs and responses to be reflected back to the us...
light-oauth2 Trust Management Issue Vulnerability
light-oauth2 is networknt open source a light-4j based fast , lightweight cloud-native OAuth 2.0 authorization microservice . light-oauth2 version 2.1.27 before the existence of a security vulnerability , the vulnerability stems from obtaining the public key without any validation , allowing an...
Number withdrawn
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. This CVE number has been withdrawn...
WordPress plugin Contact Form by Supsystic Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress Plugin authLdap Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
Mganss HtmlSanitizer Cross-Site Scripting Vulnerability
Mganss HtmlSanitizer is a C, AngleSharp based software from Mganss Individual Developers for use in clearing HTML code and documents from source code that could lead to XSS attacks. Mganss HtmlSanitizer suffers from a cross-site scripting vulnerability that stems from the presence of a cross-site...
free5GC Cross-Site Request Forgery Vulnerability
free5GC is a 5th Generation 5G mobile core network open source project by free5GC open source. free5GC suffers from a cross-site request forgery vulnerability that stems from the presence of a cross-site request forgery CSRF vulnerability. An attacker can exploit this vulnerability to create,...
Snappy Code Issue Vulnerability
Snappy is a PHP library from KNP Labs Individual Developers that allows thumbnails, snapshots, or PDFs to be generated from url or html pages. Snappy is vulnerable to a code issue. An attacker can exploit this vulnerability to remotely execute code...
QEMU 代码问题漏洞
QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A code issue vulnerability exists in QEMU rocker device model 7.0.0 and earlier versions, which stems from a null pointer dereference issue in...
WordPress plugin WOLF 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Matthäus G. Chajdas pygments 代码问题漏洞
Matthäus G. Chajdas pygments is a Matthäus G. Chajdas open source application. It provides generic syntax highlighting tool functionality. A security vulnerability exists in pygments 2.15.0 and earlier versions, which stems from a regular expression denial of service ReDoS vulnerability in...
WordPress Plugin Smart YouTube PRO 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
Apache Airflow 路径遍历漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A path traversal vulnerability exists in Apache Airflow versions prior to 2.6.3,...
WordPress Plugin PHP Compatibility Checker 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress plugin WP Custom Cursors SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...
KylinSoft youker-assistant 安全漏洞
KylinSoft youker-assistant is a system management and configuration tool from China's Kylin Software KylinSoft. A security vulnerability exists in KylinSoft youker-assistant versions prior to 3.0.2-0kylin6k70-23, which stems from incorrect access control...
Yank Note 安全漏洞
Yank Note is a highly extensible Markdown editor by purocean individual developers in China. A security vulnerability exists in Yank Note v3.52.1, which allows users to execute arbitrary code by opening a specially crafted file...
Jenkins Plugin Ansible 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Wordpress plugin Surbma | GDPR Proof Cookie Consent & Notice Bar 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
Campcodes Advanced Online Voting System SQL注入漏洞
Campcodes Advanced Online Voting System is an online voting system. Campcodes Advanced Online Voting System v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of external input SQL statements in the parameter voter of the file login.php, which can be exploite...
WordPress plugin WP Data Access 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Microsoft PostScript Printer Driver安全漏洞
Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft.Microsoft PCL6 Class Printer Driver is a printer driver from Microsoft. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft. A remote code execution...
Jeecg-Boot 授权问题漏洞
Jeecg-Boot is a code generator based low-code platform from the JeecgBoot community. An authorization issue vulnerability exists in Jeecg-Boot version 3.5.0 that stems from incorrect authentication...
3s-smart Software Solutions CODESYS 路径遍历漏洞
3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. A path traversal vulnerability exists in 3s-smart Software Solutions CODESYS that could be exploited by a remote, low-privilege attacker to access and modify all system files and...
Cloudflare cloudflared 后置链接漏洞
Cloudflare cloudflared is a cloud server security management platform from American company Cloudflare. The platform provides firewall analysis, cache control, role-based access, and more. A security vulnerability exists in Cloudflare cloudflared Windows 32-bit version 2023.3.0 and earlier, which...
Miniflux 跨站脚本漏洞
Miniflux is a minimalist synopsis reader. A cross-site scripting vulnerability exists in Miniflux version v2.0.25 and later. An attacker exploits this vulnerability to force a victim to open a corrupted image, which could result in JavaScript being executed on an instance of Miniflux...
dot-lens 安全漏洞
dot-lens is a JavaScript library. A security vulnerability exists in dot-lens that stems from prototype contamination of the set function in the index.js file...
WordPress plugin GN Publisher 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
Gogs 操作系统命令注入漏洞
Gogs Go Git Service is a Go-based self-service Git hosting service from the GOGS team that supports creating and migrating public/private repositories, adding and removing repository collaborators, and more. An operating system command injection vulnerability exists in Gogs versions prior to...
Intel QATzip softwar 安全漏洞
Intel QATzip is a userspace library from Intel Corporation USA. Built on top of the Intel QuickAssist Technology userspace library, it provides extended accelerated compression. A security vulnerability exists in IntelR QATzip softwar versions prior to 1.0.9, which stems from incorrect access...
Microsoft PostScript Printer Driver 安全漏洞
Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft.Microsoft PCL6 Class Printer Driver is a printer driver from Microsoft. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft. A remote code execution...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is a large-scale commercial database system from Microsoft that is used on Microsoft Windows systems. A security vulnerability exists in Microsoft SQL Server. The following products and editions are affected:Microsoft SQL Server 2017 for x64-based Systems GDR,Microsoft SQL...
Dompdf 安全漏洞
Dompdf is an HTML to PDF converter. A security vulnerability exists in Dompdf, which stems from the fact that Dompdf does not filter for special input...