195539 matches found
modoboa 安全漏洞
modoboa is an email hosting and management platform for individual developers. A security vulnerability exists in versions prior to modoboa 2.0.4, which stems from improperly limiting excessive authentication attempts...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is a large-scale commercial database system from Microsoft that is used on Microsoft Windows systems. A security vulnerability exists in Microsoft SQL Server. The following products and editions are affected:Microsoft SQL Server 2017 for x64-based Systems GDR,Microsoft SQL...
Dompdf 安全漏洞
Dompdf is an HTML to PDF converter. A security vulnerability exists in Dompdf, which stems from the fact that Dompdf does not filter for special input...
Apache AGE SQL注入漏洞
Apache AGE is a PostgreSQL extension from the Apache Foundation that provides graphical database functionality. An SQL injection vulnerability exists in the Apache AGE driver, which stems from an inability to parameterize passed values, leading to SQL injection...
Jenkins Plugin Gerrit Trigger 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
ruby-git 安全漏洞
ruby-git is a Ruby library. It can be used to create, read, and manipulate Git repositories by wrapping system calls into git binaries. A security vulnerability exists in ruby-git v1.13.0 and earlier versions that could allow an authenticated, remote attacker to execute arbitrary ruby code by...
Juniper Networks Junos OS 资源管理错误漏洞
Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A resource management error vulnerability exists in Juniper Networks Junos OS Evolved. An attacker could exploit this...
FlatPress 安全漏洞
FlatPress is a Php-based blog building system from the FlatPress community that does not require database support. flatpressblog/flatpress has a security vulnerability that stems from PHP remote file inclusion. No details of the vulnerability are currently available...
Helm 资源管理错误漏洞
Helm is a Kubernetes package manager. A resource management error vulnerability exists in versions of Helm prior to 3.10.3, which stems from being subject to uncontrolled resource consumption that can lead to a denial of service, and inputs to functions in the strvals package can lead to a stack...
Hutool 缓冲区错误漏洞
Hutool is a small but complete Java tool library for the Chinese Dromara community. A security vulnerability exists in Hutool version v5.8.10, which originates from a stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component, allowing an attacker to cause a denial of servic...
Microsoft SharePoint 安全漏洞
Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code...
cms-php SQL注入漏洞
cms-php is a simple Content Management System CMS example with php-Mysql by Ahmad Rizal Afani Personal Developer. A security vulnerability exists in cms-php v1, which stems from the getuser function of its loginmanager.php component to implement SQL injection...
XWiki Platform 安全漏洞
XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. An input validation error vulnerability exists in XWiki Platform that stems from not properly clearing obfuscated entries. An attacker could exploit this vulnerability to obtain encrypte...
Apache Airflow 操作系统命令注入漏洞
Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform features scalable and dynamic monitoring. Apache Airflow suffers from an operating system command injection vulnerability that stems from an improper neutralization ...
WordPress plugin ULTIMATE TABLES 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
WordPress plugin Import any XML or CSV File to WordPress 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in th...
btcd 安全漏洞
btcd is a Bitcoin in Go open source alternative node-wide Bitcoin implementation written in Go golang. A security vulnerability exists in versions prior to btcd 0.23.2, which stems from improper handling of witness size checks...
WordPress plugin Complianz SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE that stems from an incorrect...
Trellix IPS Manager 代码问题漏洞
Trellix IPS Manager is a next-generation IPS for local and virtual networks from American FireEye Trellix. A security vulnerability exists in Trellix IPS Manager versions prior to 10.1 M8, which stems from the ability to import a saved XML configuration file through an external entity attack by a...
Abode Iota 格式化字符串错误漏洞
Abode Iota is a reliable Diy home security system from Abode. A formatting string error vulnerability exists in Abode Iota versions 6.9X and 6.9Z, which stems from the fact that an attacker can send an authenticated, malicious HTTP request to its web interface/action/wirelessConnect functionality...
Abode Iota 格式化字符串错误漏洞
Abode Iota is a reliable Diy home security system from Abode. A formatting string error vulnerability exists in Abode Iota versions 6.9X and 6.9Z, which stems from the fact that an attacker can send an authenticated, malicious HTTP request to its web interface/action/wirelessConnect functionality...
Oracle Virtualization和Oracle VM VirtualBox 安全漏洞
Oracle Virtualization and Oracle VM VirtualBox are both products of Oracle Corporation.Oracle Virtualization is a suite of virtualization solutions. The product is used to unify the management of the entire hardware and software architecture from applications to disks, enabling virtualization fro...
Canteen Management System SQL注入漏洞
Canteen Management System is a cafeteria management system by Mayuri K. Individual developer. A security vulnerability exists in Canteen Management System version 1.0, which stems from unknown code in the file login.php is affected, and manipulation of the parameter business may result in sql...
WordPress Plugin miniOrange Discord Integration 访问控制错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An Access Control Error vulnerability exist...
Dell BIOS 输入验证错误漏洞
Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. A security vulnerability exists in Dell BIOS that stems from an incorrect input validation issue...
Puppet 安全漏洞
Puppet is a client/server C/S architecture-based configuration management tool from Puppet Labs that can be used to manage configuration files, users, cron tasks, packages, system services, etc. A command injection vulnerability exists in versions of Puppet Puppetlabs-apt module prior to 9.0.0. T...
Adobe Bridge 缓冲区错误漏洞
Adobe Bridge is a file viewer from Adobe. Adobe Bridge is vulnerable to a buffer overflow vulnerability that stems from an out-of-bounds write vulnerability that could be exploited to execute arbitrary code in the context of the current user...
Omron CX-Programmer 资源管理错误漏洞
Omron CX-Programmer is a PLC Programmable Logic Controller programming software from Omron Japan. A security vulnerability exists in Omron CX-Programmer versions prior to v9.78, which stems from the fact that opening a specially crafted file may cause the affected product to fail to free its memo...
vm2 安全漏洞
VM2 is a sandbox that can run untrusted code with built-in modules for whitelisted nodes. versions of VM2 prior to 3.9.11 have a remote code execution vulnerability that can be exploited by an attacker to bypass sandbox protection in order to gain remote code execution privileges on the host...
DrayTek Vigor routers 安全漏洞
DrayTek Vigor routers are a series of routers from Taiwan-based DrayTek. A security vulnerability exists in DrayTek Vigor routers, which stems from a buffer overflow in its /cgi-bin/wlogin.cgi component leading to an attacker being able to pass a username or password to the aa or ab field. The...
Apache Airflow 安全漏洞
Apache Airflow is an open source platform for creating, managing and monitoring workflows from the Apache Foundation. The platform is scalable and dynamically monitored, etc. A remote code execution vulnerability exists in versions of Apache Airflow prior to 3.0.0. The vulnerability stems from th...
Microsoft Outlook 安全漏洞
Microsoft Outlook is a suite of e-mail applications from Microsoft Corporation USA. A security vulnerability exists in Microsoft Office Outlook. The following products and editions are affected:Microsoft Office 2019 for 32-bit editions,Microsoft Office 2019 for 64-bit editions,Microsoft 365 Apps...
Thingsboard 跨站脚本漏洞
Thingsboard is a Java-based platform for IOT devices for monitoring, management, and data collection from the Thingsboard team. A security vulnerability exists in Thingsboard version 3.3.1, which can be exploited by an attacker to put a script payload into the name of a rule node when creating th...
F5 BIG-IP 安全漏洞
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP HTTP MRF, which stems from the configuration of source-port preserv...
Jenkins Google Cloud Backup Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...
Mozilla Firefox 输入验证错误漏洞
Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to an input validation error that stems from a lack of ASN.1 parsing restrictions on error formats. An attacker could exploit this vulnerability to compromise the affected system...
Jenkins Plugin Beaker 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. An attacker could use this vulnerability to connect to a specified URL by...
Jenkins Plugin Embeddable Build Status 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that is vulnerable to an authorization issue in Jenkins Embeddable Build Status Plugin 2.0.3 and earlier, which stems from an inability to properly perform a ViewStatus...
BitTorrent uTorrent 授权问题漏洞
BitTorrent uTorrent is a set of BitTorrent client software written in C++ by BitTorrent Inc. in the United States. A security vulnerability exists in BitTorrent uTorrent, which originates from a weak authentication vulnerability due to operation with unknown input, which can be exploited by...
Citrix Application Delivery Management 资源管理错误漏洞
Citrix Application Delivery Management ADM is an application delivery management system from Citrix. The system provides features such as centralized network and application management. A resource management error vulnerability exists in Citrix Application Delivery Management, which is caused by ...
Redmi Note 11 和 Redmi Note 9T 缓冲区错误漏洞
Xiaomi Redmi Note 11 and Redmi Note 9T are both smartphones from Chinese company Xiaomi. The Redmi Note 11 and Redmi Note 9T suffer from a security vulnerability that stems from a stack overflow. An attacker can exploit the vulnerability to conduct a denial of service attack...
jmespath.rb 安全漏洞
jmespath.rb is the Ruby implementation of JMESPath. A security vulnerability exists in jmespath.rb versions prior to 1.6.1. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...
Google TensorFlow 输入验证错误漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which stems from the fact that tf.rawops.SparseTensorToCSRSparseMatrix does not ful...
Gitea 安全漏洞
Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in Gitea version 1.16.3 that originates from a denial of service DoS via deletion of a configuration file. An attacker can exploit the vulnerability to delete arbitrary files...
Devise-Two-Factor 安全漏洞
Devise-Two-Factor is a minimalist extension to Devise. It is used to provide support for two-factor authentication via the TOTP scheme. A security vulnerability in versions of Devise-Two-Factor prior to 4.0.2 allows an attacker to reapply a one-time password OTP to one and only one immediately...
Tiny File Manager路径遍历漏洞
Tiny File Manager is a web-based open source file manager. A path traversal vulnerability in the tinyfilemanager.php file upload function in Tiny File Manager 2.4.1 allows remote attackers to upload malicious PHP files to the webroot using a valid user account and achieve code execution on the...
Climatix POL909 跨站脚本漏洞
Siemens Climatix AWB Advanced Web and BACnet Module, POL909 enables users of the Climatix 600 solution to connect to a BACnet IP network and implement and load customer web pages and features. Siemens Climatix AWM Advanced Web Module, POL909 enables users of the Climatix 600 solution to implement...
Shapelib 资源管理错误漏洞
Shapelib is a simple C API for reading and writing ESRI ArcView Shape files. A security vulnerability exists in Shapelib, which can be exploited via contrib/shpsort.c to force the release of Shapelib's memory to trigger a denial of service and potentially run code...
TotoLink A830R 操作系统命令注入漏洞
TOTOLink A830R is a wireless dual-band router from TotoLink, China.TOTOLink A830R V5.9c.4729B20191112 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the QUERYSTRING parameter...