195539 matches found
Containous Traefik 信任管理问题漏洞
Containous Traefik is a reverse proxy and load balancer from Containous, U.S. Containous Traefik is vulnerable to a trust management issue that stems from the fact that when a request is sent using an FQDN processed by a router configured with a dedicated TLS configuration, the TLS configuration...
Schneider Electric 多款产品信息泄露漏洞
Schneider Electric Modicon Quantum is a large programmable logic controller PLC for process applications, high availability and safety solutions. Schneider Electric Modicon M340 is a medium-range PLC programmable logic controller for industrial processes and infrastructure. An information...
Red Hat Undertow 资源管理错误漏洞
Red Hat Undertow is a Java-based embedded web server from Red Hat and is the default web server for Wildfly Java Application Server. A resource management error vulnerability exists in Red Hat Undertow that stems from the product triggering a client-side call timeout for certain calls made over...
Dell Emc Secure Connect Gateway 日志信息泄露漏洞
Dell Emc Secure Connect Gateway Dell Emc Scg is a secure connectivity gateway from Dell, Inc. The vulnerability can be exploited to read sensitive information...
json-pointer 安全漏洞
Json-Pointer is an open source, Rfc 6901 described by Manuel Stofer, a Swiss individual developer of some utilities for Json pointers. json-pointer has a security vulnerability that stems from improper design or implementation during the code development of a web-based system or product. No...
Netgear NETGEAR R6260 缓冲区错误漏洞
NETGEAR R6260 is a router from Netgear, Inc. NETGEAR R6260 routers is vulnerable because the setupwizard.cgi page fails to properly validate the length of data when parsing the SOAP LOGIN TOKEN environment variable. An attacker could exploit this vulnerability to execute arbitrary code on an...
WordPress 插件 跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Frontend Uploader prior to version 1.3.2, which stems from the fact that the plugin does not prevent the uploading of HTML files, e.g., it allows unauthenticate...
Django 跨站脚本漏洞
Django is the Django Foundation's set of open source web application framework based on the Python language. The framework includes an object-oriented mapper, view system, template system, etc. Django's Unicorn framework in version 0.35.3 and earlier has a cross-site scripting vulnerability that...
Matrix 加密问题漏洞
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A cryptographic issue vulnerability exists in versions of Matrix Javascript SDK prior to 12.4.1, which stems from a logic error in a device's room key sharing functionality that results in insufficient...
Elements-IT HTTP Commander 跨站脚本漏洞
Elements-IT HTTP Commander is a server-hosted, web-based file management solution from Elements-IT Germany. It provides basic functionality for working with files creating, copying, deleting, etc. and many other additional features, such as integration with cloud services, online editing of Offic...
White Shark System 信息泄露漏洞
White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A website physical path disclosure vulnerability exis...
CLICK PLC CPU Modules 授权问题漏洞
CLICK PLC CPU Modules are Automation Direct's network devices A single CLICK CPU Module can be connected to up to 8 I/O modules to expand the amount of system I/O and meet the needs of a specific application. A security vulnerability exists in Automation Direct CLICK PLC CPU Modules that stems fr...
CLICK PLC CPU Modules 授权问题漏洞
CLICK PLC CPU Modules are Automation Direct's network devices A single CLICK CPU Module can be connected to up to 8 I/O modules to expand the amount of system I/O and meet the needs of a specific application. A security vulnerability exists in Automation Direct CLICK PLC CPU Modules that results ...
Zope 路径遍历漏洞
Zope is a set of object-oriented, open source web application servers written in the Python language from the Zope ZOPE community. Zope suffers from a path traversal vulnerability that stems from the fact that untrusted modules can be obtained indirectly through Python modules that can be used...
HP 多款产品缓冲区错误漏洞
The HP Color LaserJet Pro M280-M281 is a printer from Hewlett-Packard HP in the United States. A buffer error vulnerability exists in several HP products, which stems from a potential buffer overflow in a software driver that could result in privilege escalation. The following products and versio...
Travis Ralston matrix-react-sdk 代码问题漏洞
Travis Ralston matrix-react-sdk is an open source application by Travis Ralston. Used to insert the Matrix chat/voice client into a web page. A code issue vulnerability exists in Matrix-React-SDK that arises from an improperly designed or implemented code development process for a web system or...
Supsystic WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
Aleksa Sarai umoci modifies Open Container images 输入验证错误漏洞
Aleksa Sarai umoci modifies Open Container images is an open source application from Aleksa Sarai, a reference implementation of the OCI image specification that provides users with the ability to create, manipulate, and interact with container images. A security vulnerability exists in Open...
Npm netmask 代码问题漏洞
nodejs is a JavaScript runtime environment based on the ChromeV8 engine through the Chromev8 engine for the packaging and the use of event-driven and non-blocking IO applications so that the development of high-performance Javascript background applications has become possible . Node.js netmask...
Askey RTF8115VW Cross-Site Scripting Vulnerability
Askey RTF8115VW is an application from Askey China. Provides the most stable broadband connection source to bring super-fast speeds to all types of users. A cross-site scripting vulnerability exists in Askey RTF8115VW. The vulnerability stems from cgi-bin/teaccesorouter.cgi curWebPage missing...
Prismjs Security Vulnerability
Prism is an application from the US-based individual developers of Prism. It is a lightweight, extensible syntax highlighting tool. A security vulnerability exists in Prismjs. The vulnerability stems from the application's susceptibility to a denial of service ReDoS attack triggered by a regular...
OpenWrt Security Vulnerabilities
OpenWrt is a Linux operating system for embedded devices. A security vulnerability exists in OpenWrt 19.07.x before 19.07.7, which stems from the fact that when IPv6 is used, a routing loop may be created that generates excessive network traffic between an affected device and the router of its...
MediaWiki 安全漏洞
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.1 and prior version...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation for untrusted inputs in the Network component. It could allow remote...
Google Chrome 竞争条件问题漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a vulnerability due to race conditions in the Safe Browsing component. This vulnerability could allow remote attackers to execute a sandbox escape through malicious files after...
MIT Kerberos 数字错误漏洞
MIT krb5 is a network authentication protocol developed by the Massachusetts Institute of Technology in the United States. It operates on a client/server architecture, and both the client and server can perform identity authentication i.e., double verification, which helps prevent eavesdropping a...
VMware Spring Web Services 安全漏洞
VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are security vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from...
Kong Gateway Enterprise 环境问题漏洞
Kong Gateway Enterprise is an enterprise-level API gateway platform developed by Kong Corporation. Versions 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 of Kong Gateway Enterprise contain environmental issues vulnerabilities. These vulnerabilities stem from defects in the HTTP request processing pipelin...
WordPress plugin WP Logo Showcase Responsive Slider and Carousel 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
VMware Spring Web Services 授权问题漏洞
VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. Versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services contain authorization vulnerabilities. These vulnerabilities stem from the...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google, offering fast and secure web browsing features. Google Chrome has a vulnerability related to input validation, which stems from improper implementations in the DevTools component. Attackers can exploit this vulnerability to achieve sandbox escap...
ImageMagick 安全漏洞
ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-25 contained security vulnerabilities. These vulnerabilities stemmed from providing invalid options...
WordPress plugin Yoast Duplicate Post 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
kafka-python 资源管理错误漏洞
Kafka-Python is a distributed stream processing engine client library written entirely in Python by Dana Powers. Versions of Kafka-Python prior to 2.3.2 contained a resource management vulnerability. This vulnerability stemmed from the lack of verification of the iteration count during SCRAM...
Palo Alto Networks Prisma Access Agent 安全漏洞
Palo Alto Networks Prisma Access Agent is a zero-trust network access client agent developed by Palo Alto Networks. There is a security vulnerability in the Palo Alto Networks Prisma Access Agent for Linux, which stems from an issue related to privilege escalation. This vulnerability may allow...
Palo Alto Networks GlobalProtect app 日志信息泄露漏洞
The Palo Alto Networks GlobalProtect app is a network protection software developed by Palo Alto Networks. The GlobalProtect app for macOS has a vulnerability related to log information leakage. This vulnerability allows local users to obtain the configuration passwords necessary to disable,...
ESP-IDF 缓冲区错误漏洞
ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0 of ESP-IDF contain buffer error vulnerabilities, which stem from out-of-bounds reads in the BlueDroid AVRCP vendor-command parser...
Nimiq 安全漏洞
Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.5.0 contained a security vulnerability. This vulnerability occurred when processing RequestBatchSet messages that contained the hash of the genesis block, causing Policy::macroblockbefore to cra...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by the American company Microsoft. Microsoft Office SharePoint has a cross-site scripting vulnerability, which stems from improper input during the web page generation process. This...
Microsoft Windows Push Notifications 资源管理错误漏洞
Microsoft Windows Push Notifications is a push notification service provided by Microsoft Corporation. It provides a reliable way to deliver new updates. There are security vulnerabilities associated with Microsoft Windows Push Notifications. The following products and versions are affected:...
FreeSWITCH 输入验证错误漏洞
FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and short message-based products and applications. Prior to FreeSWITCH version 1.11.1, there was a...
Adobe ColdFusion 输入验证错误漏洞
Adobe ColdFusion is a rapid application development platform provided by Adobe Inc. This platform includes an integrated development environment and a scripting language. Versions of Adobe ColdFusion such as 2023.19, 2025.8, and earlier have code vulnerabilities. These vulnerabilities stem from...
Nextcloud Server 安全漏洞
NextCloud Server is an open-source NextCloud server program developed by NextCloud. There were security vulnerabilities in versions 32.0.0 to 32.0.9 and 33.0.0 to 33.0.3 of NextCloud Server. These vulnerabilities stemmed from improper authorization control in the calendar backend, allowing...
HP Poly Voice 安全漏洞
HP Poly Voice is a voice communication software developed by the American company Hewlett-Packard HP. There is a security vulnerability in HP Poly Voice, which stems from a buffer overflow issue when administrators enable interactive connection establishment. This vulnerability may lead to remote...
vLLM 安全漏洞
vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Version vLLM 0.14.1 contains a security vulnerability caused by the hardcoding of the trustremotecode=True parameter, which may lead to remote code execution...
Oracle Internet Procurement Connector 安全漏洞
The Oracle Internet Procurement Connector is a corporate procurement system integration and data exchange component developed by Oracle, a company in the United States. Versions 12.2.3 to 12.2.15 of the Oracle Internet Procurement Connector contain security vulnerabilities. These vulnerabilities...
GnuTLS 信任管理问题漏洞
GnuTLS is an open-source, free security communication library developed by GnuTLS. GnuTLS has a trust management vulnerability, which stems from the certificate verification process. Customized certificates may cause incorrect backtracking during the verification of the common name field,...
PuTTY 安全漏洞
PuTTY is a suite of free Telnet, Rlogin and SSH client software from the individual developer Simon Tatham. The software is primarily used for remote administration of Linux systems. A security vulnerability exists in PuTTY versions prior to 0.84, which stems from an assertion failure in ECDSA...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from an unchecked string length overflow. This vulnerability may lead to the return of...