195539 matches found
Xen 安全漏洞
Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. A security vulnerability exists in Xen that stems from th...
WordPress plugin Notibar 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a potential error problem caused by misuse of the smpprocessorid function...
RAGFlow 命令注入漏洞
RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A command injection vulnerability exists in RAGFlow version 0.11.0, which stems from a lack of comprehensive input validation or cleanup, causing the addllm function in llmapp.py to contain a...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. A security vulnerability exists in versions prior to Google Chrome 130.0.6723.58, which can be exploited by remote attackers to execute arbitrary code via a crafted HTML page...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab versions 17.1 through 17.1.7, 17.2...
WordPress plugin LearnPress SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
Homebrew 安全漏洞
Homebrew is a package manager in the Homebrew open source. A security vulnerability exists in Homebrew versions prior to 4.2.20, which stems from os/linux/elf.rb's use of ldd to load ELF files obtained from untrusted sources. An attacker can achieve code execution via an ELF file with a custom...
ImageMagick 安全漏洞
ImageMagick is a suite of open source image processing software from ImageMagick Open Source. It can read, convert or write images in many formats. A security vulnerability exists in ImageMagick version 7.11-35 and earlier versions. An attacker can execute arbitrary code by exploiting the...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that originates from memory reuse after release in User Education. An attacker can exploit the vulnerability to execute arbitrary code on the system...
Openfind Mail2000 Cross-Site Scripting Vulnerability
Openfind Mail2000 is a Web-based email system from China's Openfind. A cross-site scripting vulnerability exists in Openfind Mail2000, which originates from not properly validating email attachments, allowing an unauthenticated, remote attacker to inject JavaScript code into the attachments and...
Toshiba e-STUDIO Security Vulnerability
Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from a directory traversal vulnerability that could overwrite or place new files on the multifunction device if the multifunction device...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the use of kfree to free memory instead of kvfree...
GitLab CE/EE 资源管理错误漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community edition of GitLab. A resource management error vulnerability exists in GitLab CE/EE. An attacker could u...
HSC Cybersecurity HC Mailinspector 路径遍历漏洞
HSC Cybersecurity HC Mailinspector is a cloud email security solution from HSC Cybersecurity. A path traversal vulnerability exists in HSC Cybersecurity HC Mailinspector versions 5.2.17-3 through v.5.2.18, which stems from an unauthenticated path traversal vulnerability in /public/loader.php, whe...
Veritas Technologies Backup Exec 安全漏洞
Veritas Technologies Backup Exec is a powerful suite of data backup recovery tools from Veritas Technologies, USA. With a web-based management console and an intuitive graphical user interface with easy-to-use wizards, the software simplifies the installation process and improves manageability...
WordPress Plugin Post Views Counter 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...
Honeywell MPA2 Access Panel Security Vulnerability
The Honeywell MPA2 Access Panel is a hardware device for access control systems from Honeywell USA. A security vulnerability exists in Honeywell MPA2 Access Panel versions prior to R1.00.08.05 that stems from a cross-site scripting vulnerability that allows the use of invalid characters...
F5 Nginx Resource Management Error Vulnerability
F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5, Inc. distributed under the BSD-like protocol. A security vulnerability exists in F5 Nginx Plus versions R30 and R31, which stems from an undisclosed request that could cause an NGINX worker process...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a heap buffer overflow vulnerability that is caused by incorrect boundary checking in ANGLE. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause the application to...
WordPress Plugin Quantity Plus Minus Button for WooCommerce by CodeAstrology Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Quantity Plus Minus Button...
Zoom VDI Client Security Vulnerability
Zoom VDI Client is a server-based computing model client from Zoom USA that allows you to deliver desktop images to endpoint devices over a network. A security vulnerability exists in Zoom. An attacker has exploited the vulnerability to perform privilege escalation via network access. The followi...
Microsoft XAML Diagnostics Security Vulnerability
Microsoft XAML Diagnostics is a set of tools from Microsoft Corporation USA that help developers analyze and debug the user interface of XAML-based applications. A security vulnerability exists in Microsoft XAML Diagnostics. An attacker could exploit the vulnerability to elevate privileges. The...
Searchor Security Breach
Searchor is an all-in-one PyPi Python library by Arjun Sharda, an individual developer. It simplifies web crawling, fetching topic information, and generating search query URLs. A security vulnerability exists in Searchor prior to version 2.4.2, which is caused by a code execution vulnerability i...
Apple macOS Sonoma Security Vulnerability
Apple macOS Sonoma is a desktop operating system by Apple Inc. A security vulnerability exists in Apple macOS Sonoma version 14.2, which can be exploited to display secure text fields via a secondary keyboard when using a physical keyboard...
Mitsubishi Electric GX Works2 输入验证错误漏洞
The Mitsubishi Electric GX Works2 is a programmable controller from Mitsubishi Electric Japan. The Mitsubishi Electric GX Works2 suffers from an input validation error vulnerability that can be exploited by an attacker to cause a denial of service for certain functions by sending specially crafte...
Adobe Acrobat Reader 安全漏洞
Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. A security vulnerability exists in Adobe Acrobat Reader version 23.006.20360 and earlier and version 20.005.30524 and earlier, which can be exploited by an attacker ...
WordPress Plugin UpdraftPlus Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress plugin Booster for WooCommerce cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Open Journal Systems Cross-Site Request Forgery Vulnerability
Open Journal Systems OJS is an open source system for managing peer-reviewed academic journals. A cross-site request forgery vulnerability exists in Open Journal Systems versions prior to 3.3.0-16 that stems from the presence of a cross-site request forgery CSRF vulnerability...
WordPress plugin Popup Builder Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...
IDM Sistemas QSige SQL Injection Vulnerability
IDM Sistemas QSige is a communication management system from IDM Sistemas. A security vulnerability exists in IDM Sistemas QSige that stems from a web application that does not properly filter input parameters, resulting in SQL injection, DoS, or information disclosure...
WordPress Plugin Banner Management For WooCommerce Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress plugin bridge-core cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Jumpserver Code Injection Vulnerability
Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. JumpServer suffers from a code injection vulnerability that originates from an authenticated user who can execute arbitrary commands using a vulnerability in a MongoDB session, leading to...
pimcore Security Vulnerabilities
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A security vulnerability exists in pimcore dem...
JeecgBoot SQL Injection Vulnerability
JeecgBoot is a Chinese Java low-code platform for enterprise web applications. JeecgBoot jeecg-boot versions 3.0 and 3.5.3 are vulnerable to a SQL injection vulnerability that stems from the presence of a SQL injection vulnerability. An attacker can exploit this vulnerability to execute arbitrary...
Electron Code Issues Vulnerabilities
Electron is a personal developer of a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium and can be used to write cross-platform desktop applications using HTML, CSS. A code issue vulnerability exists in Electron. An attacker can...
SpringBlade SQL注入漏洞
Breed Network Technology SpringBlade is a set of microservice development platform from China Breed Network Technology. A security vulnerability exists in SpringBlade version V3.6.0, which stems from a SQL injection when executing a SQL query, where the parameters submitted by the user are not...
Gerbv 缓冲区错误漏洞
Gerbv is a Gerber file Rs-274X only viewer. It is used to view Rs-274X Gerber files, Excellon drill files and Pick-N-Place files. A security vulnerability exists in Gerbv versions 2.4.0 and 2.10.0, which originated when a user with control over file input could cause a crash and denial of service...
Hitachi EH-VIEW 缓冲区错误漏洞
Hitachi EH-VIEW is a data visualization and analytics platform from Hitachi, Japan, focused on helping organizations turn data into actionable insights. The goal of this platform is to help organizations better understand their data through visualization, analytics, and reporting tools to make mo...
Omeka S Cross-Site Scripting Vulnerability
Omeka S is an open source web content management system CMS from Omeka, Inc. that specializes in creating and managing digital exhibitions and online digital archives. It is a new version of the Omeka project, and unlike the traditional Omeka Classic, Omeka S emphasizes multi-user collaboration a...
WordPress Plugin WpStream – Live Streaming, Video on Demand, Pay Per View 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WpStream -...
OpenAM 授权问题漏洞
OpenAM is an all-in-one access management solution organized by the OpenAM Consortium. It provides authentication, authorization, delegation and federation capabilities. An authorization issue vulnerability exists in Open Access Management OpenAM versions 14.7.2 and earlier, which stems from an...
Unitronics Vision1210 安全漏洞
The Unitronics Vision1210 is a PLC controller with an embedded HMI panel from Unitronics. A security vulnerability exists in the Unitronics Vision1210 that stems from the presence of an embedded malicious code vulnerability that could allow a remote attacker to store malicious code in the device'...
WordPress plugin KiviCare Management System 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
XWiki Platform 跨站脚本漏洞
XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform. An attacker could use this vulnerability to inject Javascript code into a page by forging a URL and trigger a cross-site...
Livebook 操作系统命令注入漏洞
Livebook is a web application for writing interactive and collaborative code notebooks. Livebook suffers from an operating system command injection vulnerability that originates from allowing an attacker to execute arbitrary commands using Desktop's protocol handler. Affected products and version...
Siemens CP-8031 安全漏洞
The SICAM A8000 RTUs Remote Terminal Units series is a modular device family for remote control and automation applications in all areas of energy supply. A security vulnerability exists in the Siemens SICAM A8000 Devices CPCI85 Firmware, which can be exploited by an attacker to attempt to...
GPAC 安全漏洞
GPAC is an open source multimedia framework. A security vulnerability exists in GPAC versions prior to 2.2.2 that stems from the presence of a stack-based buffer overflow...