195539 matches found
MediaWiki - Wikistories 安全漏洞
MediaWiki - Wikistories is a MediaWiki open source extension for creating visual stories. A security vulnerability exists in Mediawiki - Wikistories versions prior to 1.44 that stems from improper input neutralization and could lead to a stored cross-site scripting attack...
Mechrevo Control Center GX V2 安全漏洞
Mechrevo Control Center GX V2 is a system level control software from China-based Mechrevo. A security vulnerability exists in Mechrevo Control Center GX V2 version 5.56.51.48, which originates from an uncontrolled search path in the component reg File Handler...
WordPress plugin Computer Repair Shop 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in t...
Mitsubishi Electric MC Works64和Mitsubishi Electric GENESIS64 安全漏洞
Mitsubishi Electric MC Works64 and Mitsubishi Electric GENESIS64 are both products of Mitsubishi Electric Corporation Mitsubishi Electric, Japan.Mitsubishi Electric MC Works64 is a data acquisition and monitoring system Mitsubishi Electric GENESIS64 is a SCADA kit. A security vulnerability exists...
WordPress plugin CodeBard s Patron Button and Widgets for Patreon 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress plugin CodeBard ...
Pydantic 安全漏洞
Pydantic is a library in the Pydantic open source. Data validation can be performed using Python type hints. A security vulnerability exists in Pydantic versions prior to 2.4.0, 1.10.13, which stems from a vulnerability that allows remote attackers to cause a denial of service via a crafted email...
GeoServer 代码问题漏洞
GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. GeoServer suffers from a server-side request forgery vulnerability that stems from the fact that the OGC Web Processing Service WPS specification is designed to process information from an...
phpMyFAQ 跨站脚本漏洞
phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ versions prior to 3.1.14, which stems from the presence of a stored cross-site scripting XSS vulnerability...
Red Hat Keycloak 代码问题漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak offlineaccess, which stems from a lack of root session authentication and reuse of session...
Teleport 操作系统命令注入漏洞
Teleport is an identity-aware, multi-protocol access agent from Teleport, Inc. for engineers and security professionals to unify access to SSH servers, Kubernetes clusters, web applications and databases across all environments. Teleport version 9.3.6 suffers from an operating system command...
parse-url 跨站脚本漏洞
parse-url is an advanced url parser with git url support. A cross-site scripting vulnerability exists in parse-url versions prior to 7.0.0, which stems from a last fix can be bypassed and can be exploited by an attacker to place any malicious JS code on a web page...
Vapor 输入验证错误漏洞
Vapor is vapor individual developers of a Swift web development framework. It can be used to develop high-performance web applications and supports iOS, OS X and Ubuntu systems. An input validation error vulnerability exists in Vapor versions prior to 4.60.3, which stems from an integer overflow...
Django SQL注入漏洞
Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2.28 before version 2.2, version 3.2.13 before version 3.2, and version 4.0.4 before...
Rust 缓冲区错误漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer error vulnerability exists in Rust nix crate versions prior to 0.20.2,0.21.2 prior to 0.21.x, and 0.22.2 prior to 0.22.x, which stems from an out-of-bounds write to Unistd::getgrouplist...
Captcha Protect 跨站脚本漏洞
Captcha Protect is an open-source middleware for CAPTCHA protection developed by libops, based on traffic detection. Versions of Captcha Protect prior to 1.12.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the challenge page accepting target values provided by...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from insufficient validation of code exchange tokens, which could lead to account takeover. The following versions are affected: version 11.0.2...
Intel Neural Compressor 安全漏洞
Intel Neural Compressor is an open source project from Intel Corporation USA designed to help developers easily optimize AI models. A security vulnerability exists in Intel Neural Compressor versions prior to v3.0 that stems from an improper neutralization of special elements used in SQL commands...
Simple Customer Relationship Management 安全漏洞
Simple Customer Relationship Management Simple CRM is a simple customer relationship management system by the individual developer Carlo Montero. A security vulnerability exists in Simple Customer Relationship Management System v1.0, which stems from a cross-site scripting vulnerability that allo...
WordPress plugin The All-In-One Security 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
L-Soft LISTSERV 跨站脚本漏洞
L-Soft LISTSERV is a suite of e-mail list management software from L-Soft. A cross-site scripting vulnerability exists in LISTSERV version 17, which stems from a cross-site scripting XSS vulnerability in the web interface. An attacker can exploit this vulnerability to inject arbitrary JavaScript ...
Google TensorFlow 输入验证错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from a segmentation error that occurs if QuantizedAdd is given a tensor of non-zero rank mininput or maxinput. An attacke...
Jenkins Plugin Request Rename Or Delete 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site request forgery vulnerability...
SAP Knowledge Warehouse 跨站脚本漏洞
SAP Business Information Warehouse SAP BW is a data warehouse for collecting and tabulating information in an enterprise environment from SAP Germany. The software is an enterprise-wide information center for data analysis from R / 3 and other business applications, including databases and extern...
Matrix Synapse 资源管理错误漏洞
Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. Matrix Synapse suffers from a security vulnerability that stems from the fact that a malicious or poorly implemented host server can inject malformed events by specifying different room ids in the pa...
algernon 路径遍历漏洞
Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.6 contained a path traversal vulnerability. This vulnerability stemmed from the uploadedFileSaveIn function in lua/upload/upload.go, which used filepath.Join to concatenate the directory provided by the...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an asynchronous request that can bypass antiviolate protections, potentially leading to a dictionary attack...
GPAC 安全漏洞
GPAC is an open source multimedia framework from GPAC Open Source. A security vulnerability exists in GPAC 2.4 and earlier versions, which stems from a null pointer dereference due to incorrect manipulation of the parameter baseiniturl in the file src/mediatools/dashclient.c. The vulnerability is...
Matrix Rust SDK SQL注入漏洞
Matrix Rust SDK is an open source Rust-based Matrix client server development toolkit from The Matrix.org Foundation. A SQL injection vulnerability exists in Matrix Rust SDK versions 0.11 and 0.12, which stems from SQL injection in the EventCache::findeventwithrelations method, and could lead to...
Microsoft Configuration Manager SQL注入漏洞
Microsoft Configuration Manager is a Microsoft solution for managing computers and servers within an organization that helps IT departments keep software up to date, set configuration and security policies, and monitor system status. A SQL injection vulnerability exists in Microsoft Configuration...
FreeFloat FTP Server 安全漏洞
FreeFloat FTP Server is an FTP service from Freefloat. A buffer overflow vulnerability exists in FreeFloat FTP Server, which stems from the component CD Command Handler failing to properly validate the length size of input data, no details of the vulnerability are provided at this time...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the thermal core error handling device registration...
WordPress plugin Shortcodes and extra features for Phlox theme 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
Liferay Portal 跨站请求伪造漏洞
Liferay Portal is a J2EE-based portal solution from Liferay USA. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and so on. A security vulnerability exists in Liferay Portal,...
PuTTY 安全漏洞
PuTTY is a suite of free Telnet, Rlogin, and SSH client software from the individual developer Simon Tatham. The software is primarily used for remote administration of Linux systems. A security vulnerability exists in PuTTY versions 0.68 through 0.80, which stems from the presence of biased rand...
编号撤回
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. This CVE number has...
Red Hat Undertow 安全漏洞
Red Hat Undertow is a Java-based embedded web server from Red Hat, Inc. and is the default web server for Wildfly Java Application Server. A security vulnerability exists in Red Hat Undertow that stems from not checking the server identity in https connections...
Bento4 安全漏洞
Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in Bento4, which stems from an unknown function in its mp4mux component that allows an attacker to implement a memory leak. The attack method is publicly available and can be initiated remotely...
Google TensorFlow 安全漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google. Google TensorFlow has a security vulnerability that stems from the fact that the implementation of Conv2DBackpropInput requires inputsizes to be 4-dimensional. Otherwise, it gives an assertion failu...
PrestaShop SQL注入漏洞
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A SQL injection vulnerability exists in PrestaShop versions 1.6.0.10 through 1.7.8.6, which stems from a...
Distributed Data Systems WebHmi 操作系统命令注入漏洞
Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used to monitor and control any automation system on a local network and over the Internet from computers and mobile devices. An operating system command injection...
WordPress plugin Admin Word Count Column路径遍历漏洞
WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. PHP is a scripting language that executes on the server side. WordPress plugin Admin An arbitrary file reading vulnerability exists in Word Count Column 2.2 and earlier versions, which...
Omron CX-Position 缓冲区错误漏洞
Omron CX-Position is a position control software from Omron Corporation of Japan. An out-of-bounds write vulnerability exists in Omron CX-Position, which stems from a failure to properly validate data when a program performs an operation in memory while processing a specific project file, and cou...
OpenClaw 代码问题漏洞
OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.14 had code vulnerabilities related to command hijacking. Attackers could execute unintended binary files by manipulating the PATH environment variable, potentially leading to arbitrary command...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which stems from improper input validation of the loadDescription function in DeviceAdminInfo.java, and can be exploited by an attacker to cause a local elevation of...
MingSoft MCMS 安全漏洞
MingSoft MCMS is a modular content management framework developed by MingSoft Corporation in China. Version 6.1.1 of MingSoft MCMS contains a security vulnerability, which stems from incorrect handling of the File parameter in the file/ms/file/uploadTemplate.do file. This vulnerability could lead...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memory leak in the ubifssysfsinit function...
Zyxel USG FLEX 安全漏洞
Zyxel USG FLEX is a firewall from China Hopkins Zyxel. Offering flexible VPN options IPsec, SSL or L2TP, it provides flexible and secure remote access for remote work and management. A security vulnerability exists in Zyxel USG FLEX versions prior to V1.32, which stems from improper assignment of...
WordPress plugin GP Premium 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Microsoft Office OneNote 安全漏洞
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and others. A security vulnerability exists in Microsoft Office OneNote, which stems from the presence o...
Wasmtime 缓冲区错误漏洞
Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. A security vulnerability exists in versions of Wasmtime prior to 2.0.2, which stems from out-of-bounds reads and writes in its zero-memory page configuration...