195539 matches found
Webmin 跨站脚本漏洞
Webmin is a set of web-based system management tools for Unix-like operating systems, developed by the Webmin community. Versions of Webmin prior to 2.641 contained a cross-site scripting vulnerability. This vulnerability stemmed from the email template description field in the System and Server...
MLflow 安全漏洞
MLflow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of mlflow prior to 3.11.0 contained a security vulnerability. This vulnerability stemmed...
protobuf.js 代码注入漏洞
protobuf.js is an open-source implementation of the Protocol Buffers protocol, written entirely in JavaScript. It supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions prior to 7.5.6 and 8.0.2 of protobuf.js h...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
D-Link DNS-320 命令注入漏洞
The D-Link DNS-320 is a NAS Network Attached Storage device produced by D-Link Corporation. The D-Link DNS-320 version 2.06B01 has a command injection vulnerability. This vulnerability arises from functions such as delete, rename, copy, move, chmod, and chown in the file/cgi-bin/webfilemgr.cgi,...
OpenEXR 缓冲区错误漏洞
OpenEXR is an open standard for high dynamic range image HDR file format, open-sourced by the Academy Software Foundation. Versions of OpenEXR from 3.0.0 to 3.2.9, 3.3.0 to 3.3.11, and 3.4.0 to 3.4.11 contain a buffer error vulnerability. This vulnerability arises from the IDManifest::init...
EFM ipTIME C200 注入漏洞
EFM ipTIME C200 is a network camera device produced by the South Korean company EFM. The EFM ipTIME C200 models starting from version 1.092 and earlier have a vulnerability that stems from the sub408F90 function’s ApplyRestore endpoint, which processes the RestoreFile parameter. This vulnerabilit...
CodeCanyon Perfex CRM 注入漏洞
CodeCanyon Perfex CRM is a self-hosted customer relationship management software developed by CodeCanyon. Versions of CodeCanyon Perfex CRM 3.4.1 and earlier had a SQL injection vulnerability. This vulnerability stemmed from the operation of the Admin Kanban endpoint in the...
Assimp 资源管理错误漏洞
Assimp is an open-source library developed by Assimp. It is used for importing and exporting various 3D model formats. Version 6.0.2 of Assimp contains a resource management vulnerability. This vulnerability originates from the ParseVectorDataArray method in FBXParser.cpp, and it could allow a...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the absence of a CAPNETADMIN capability check for the peer network namespace in the rtnlnewlink...
wolfSSL(CyaSSL) 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. wolfSSL CyaSSL has security vulnerabilities; one of these vulnerabilities stems from heap out-of-bound reading during PKCS7 parsing,...
Emissary 跨站脚本漏洞
Emissary is a distributed P2P data-driven workflow framework developed by the National Security Agency. Versions of Emissary prior to 8.39.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Mustache navigation template directly inserting configured link values...
Claude Code CLI和Claude Agent SDK 操作系统命令注入漏洞
Claude Code CLI and Claude Agent SDK are both open-source products developed by Anthropic. Claude Code CLI is a command-line AI coding assistant tool. Claude Agent SDK is a developer toolkit for AI coding assistants. Both Claude Code CLI and Claude Agent SDK have operating system command injectio...
RAGFlow 安全漏洞
RAGFlow is an open-source RAG engine based on deep document understanding, developed by InfiniFlow. Versions of RAGFlow prior to 0.24.0 contain security vulnerabilities. These vulnerabilities stem from the Agent’s Text Processing and Message components using the non-sandboxed jinja2.Template for...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability arises from verified users with the UMA protection role being able to bypass UMA policy verification. This could allow attackers to include...
Netcore Power 15AX 操作系统命令注入漏洞
Netcore Power 15AX is a wireless router device produced by Netcore Corporation. Versions of Netcore Power 15AX starting with 3.0.0.6938 and earlier have a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter IpAddr in the...
Seafile Server 安全漏洞
Seafile Server is an open-source cloud storage server software developed by Seafile, offering features for file synchronization, sharing, and collaboration management. Versions of Seafile Server such as 13.0.15, 13.0.16-pro, 12.0.14, and earlier have security vulnerabilities. These vulnerabilitie...
WWBN AVideo 跨站请求伪造漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF token validation on the setPermission.json.php endpoint, which could...
VeryPDF PCL Converter 缓冲区错误漏洞
VeryPDF PCL Converter is a PDF encryption tool developed by VeryPDF Corporation. Version 2.7 of VeryPDF PCL Converter has a buffer overflow vulnerability. This vulnerability arises from entering excessively long strings into the password field. It is possible for local attackers to trigger a buff...
Node.js Adapter for Hono 安全漏洞
The Node.js Adapter for Hono is an open-source tool developed by Hono, designed to run Hono applications on Node.js. Versions of the Node.js Adapter for Hono prior to 1.19.10 contained a security vulnerability. This vulnerability stemmed from inconsistent URL decoding, which could allow access to...
free5GC 代码问题漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC SMF 1.4.1 and earlier contain code vulnerabilities. These vulnerabilities arise from kernel crashes when processing malformed PFCP SessionReportRequest messages, which may lead to process...
Mersenne Research Prime95 安全漏洞
Mersenne Research Prime95 is an open-source software developed by Mersenne Research, running on Windows operating systems. Version 29.8 build 6 of Mersenne Research Prime95 contains a security vulnerability. This vulnerability stems from a buffer overflow in the user ID input field, which could...
OctoPrint security vulnerabilities
OctoPrint is an open-source application developed by OctoPrint. It provides a quick web interface for controlling consumer-grade 3D printers. Versions of OctoPrint prior to 1.11.5 have security vulnerabilities. These vulnerabilities stem from the use of character-based comparisons in API key...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uninstall interrupt that may cause a null pointer dereference when the DPU controller is not used or was...
WordPress plugin Request a Quote 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...
Windu CMS 跨站请求伪造漏洞
Windu CMS Windu CMS is a lightweight web content management system CMS from Windu. A cross-site request forgery vulnerability exists in Windu CMS version 4.1, which stems from insufficient cross-site request forgery protection and could lead to malicious file uploads...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a mismatch in the return type of the netiucvtx function, which could lead to a kernel panic or thread...
happy-dom 代码注入漏洞
happy-dom is a JavaScript implementation of a web browser without a graphical user interface by the individual developer David Ortner. A code injection vulnerability exists in happy-dom version 19 and earlier, which stems from insufficient isolation of the Node.js VM Context environment and could...
Newforma Project Center Server 安全漏洞
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An information disclosure vulnerability exists in Newforma Proje...
Nozomi Networks Guardian/CMC SQL注入漏洞
Nozomi Networks Guardian/CMC is a centralized management console from Nozomi Networks, Inc. in the United States. A SQL injection vulnerability exists in Nozomi Networks Guardian/CMC that stems from improper validation of input parameters in the Alert function, which could lead to an SQL injectio...
WordPress plugin Chained Quiz 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Microsoft Windows SMB Server 授权问题漏洞
Microsoft Windows SMB Server is a network file sharing protocol from Microsoft USA. It allows applications on a computer to read and write files and request services from server programs on a computer network. An authorization issue vulnerability exists in Microsoft Windows SMB Server. An attacke...
itsourcecode POS Point of Sale System 代码注入漏洞
POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of the...
BoyunCMS 安全漏洞
BoyunCMS is an enterprise content management system from China Boyun Boyun Company. A security vulnerability exists in BoyunCMS 1.4.20 and earlier versions, which originates from improper handling of the parameter phone in the file application/update/controller/Server.php, which may lead to SQL...
Brother Industries Multiple driver installers for Windows 安全漏洞
Brother Industries Multiple driver installers for Windows is a driver software from Brother Industries, Japan. A security vulnerability exists in Brother Industries Multiple driver installers for Windows, which can be exploited by an unauthenticated attacker to generate a default administrator...
Kashipara Online Service Management Portal 安全漏洞
Kashipara Online Service Management Portal is an online service management portal from Kashipara. A security vulnerability exists in Kashipara Online Service Management Portal version V1.0, which stems from improper handling of the rPassword parameter in the /osms/Requester/Requesterchangepass.ph...
Fortinet多款产品 安全漏洞
Fortinet FortiOS and others are products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiWeb is a Web application layer firewall.Fortinet Fortinet FortiManager is a centralized network security management platfor...
WinRAR 安全漏洞
WinRAR is a file compressor from WinRAR. The product supports compression and decompression of files in RAR, ZIP, and other formats, among others. A security vulnerability exists in WinRAR versions prior to 7.11 that stems from a symbolic link bypassing the security warning feature, which could...
WordPress plugin Shopify to WooCommerce Migration 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
SoftEther VPN 安全漏洞
SoftEther VPN is a free and open source, cross-platform, multi-protocol VPN software from SoftEther Open Source. It is used to provide secure, flexible and efficient network connectivity that bypasses geographic restrictions. A security vulnerability exists in SoftEther VPN version 5.02.5187, whi...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a race condition in the reference counting handling of SRBs in the qla2xxx driver, which could result in a...
Loggrove 安全漏洞
Loggrove is a web platform service by olajowon individual developer. A security vulnerability exists in Loggrove version v.1.0, which originates from sensitive information that can be accessed via the read.py component...
Lenovo Vantage 安全漏洞
Lenovo Vantage is a computer management application from the Chinese company Lenovo Lenovo. The program supports features such as driver updates, device status diagnostics, and computer configuration. A security vulnerability exists in Lenovo Vantage, which stems from improper BIOS customization...
Amazon多款产品 信任管理问题漏洞
Amazon WorkSpaces and others are products of Amazon.com, Inc.Amazon WorkSpaces is a fully hosted, persistent desktop virtualization service that gives your users access to the data, applications, and resources they need, anytime, anywhere, from any supported device.Amazon AppStream is an...
Xen 安全漏洞
Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. A security vulnerability exists in Xen that stems from th...
WordPress plugin Notibar 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a potential error problem caused by misuse of the smpprocessorid function...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. A security vulnerability exists in versions prior to Google Chrome 130.0.6723.58, which can be exploited by remote attackers to execute arbitrary code via a crafted HTML page...
SAP NetWeaver Enterprise Portal 跨站脚本漏洞
Backoffice for SAP Commerce Cloud is a user-centered, scalable back-end interface that allows business users to easily manage any type of data in SAP Commerce Cloud. A cross-site scripting vulnerability exists in SAP NetWeaver Enterprise Portal, which can be exploited by remote attackers to injec...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab versions 17.1 through 17.1.7, 17.2...