195539 matches found
Ivanti Avalanche 代码问题漏洞
Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A code issue vulnerability exists in Ivanti Avalanche version 6.3.x and prior versions, which stems from a failure ...
Apache Ranger 安全漏洞
Apache Ranger is a set of architectures from the U.S.-based Apache Foundation that implements comprehensive security measures for Hadoop clusters. The product provides centralized security policy management for core enterprise security requirements such as authorization, billing and data...
WordPress Plugin Electric Studio Client Login 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress Plugin Sitemap Index 1.2.3及 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
Microsoft PostScript Printer Driver 安全漏洞
Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft.Microsoft PCL6 Class Printer Driver is a printer driver from Microsoft. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft. A remote code execution...
svelte 跨站请求伪造漏洞
svelte is a new way to build web applications from Svelte Open Source. A security vulnerability exists in svelte Kit versions prior to 1.15.1, which originates from bypassing protection by specifying a different "Content-Type" header value. An attacker could exploit the vulnerability to perform...
WordPress Plugin AI ChatBot 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Cisco SD-WAN vManage Software 跨站请求伪造漏洞
Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A security vulnerability exists in Cisco SD-WAN vManage Software due to insufficient CSRF protection in the web-based management interface on affected systems...
MGT-COMMERCE CloudPanel 信任管理问题漏洞
MGT-COMMERCE CloudPanel is a free solution from MGT-COMMERCE Open Source. It is designed to ease the burden of managing self-hosted Linux servers. A security vulnerability exists in MGT-COMMERCE CloudPanel version 2.2.0, which stems from the fact that the system comes with a static SSL certificat...
WordPress Plugin DH – Anti AdBlocker 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin DH - Anti AdBlocker A...
WordPress plugin Participants Database 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Opennms Group OpenNMS 跨站脚本漏洞
Opennms Group OpenNMS is an open source, enterprise-class network monitoring and network management platform from Opennms Group, Inc. A security vulnerability exists in Opennms Group OpenNMS Meridian, Horizon, which stems from a cross-site scripting XSS vulnerability in graph results that can be...
Microsoft 3D Builder 安全漏洞
Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...
ownCloud 路径遍历漏洞
ownCloud is a personal cloud storage solution from the US-based company ownCloud. A security vulnerability exists in ownCloud Android versions prior to 3.0, which stems from an information leak when uploading internal files...
TYPO3 跨站脚本漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from TYPO3 Association in Switzerland. A cross-site scripting vulnerability exists in TYPO3. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement...
RushBet 跨站脚本漏洞
RushBet is a suite of betting sites from RushBet, Inc. A security vulnerability exists in RushBet version 2022.23.1-b490616d that stems from not properly validating incoming data. An attacker exploited the vulnerability to steal customer accounts through the use of a malicious application...
Twake 跨站脚本漏洞
Twake is a secure open source collaboration platform open sourced by LINAGORA that improves organizational productivity. Twake suffers from a cross-site scripting vulnerability that originates from the presence of XSS in the integration URL in linagora/twake, which allows javascript to be execute...
Alpine 安全漏洞
Alpine is an email program. A security vulnerability exists in versions of Alpine prior to 1.10.4, which stems from a vulnerability that allows bypassing URL access filters...
luckyshot CRMx SQL注入漏洞
CRMx is a super flexible micro CRM system from the individual developer Xavi Esteve. A security vulnerability exists in luckyshot CRMx that stems from an incorrect operation leading to sql injection...
Microsoft Azure 安全漏洞
Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Azure. No information about this vulnerability is available at this time, so stay tuned to CNNVD or vendor announcements...
SAML 授权问题漏洞
SAML is a library for Ross Kinder individual developers that contains a partial implementation of the saml standard in golang. That is, it allows third parties to authenticate your users, or allows third parties to rely on us to authenticate their users. There is an authorization issue...
Advantech R-SeeNet 缓冲区错误漏洞
Advantech R-SeeNet is an industrial monitoring software from Advantech China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet 2.4.17 and previous versions have a security vulnerability that can be exploited to...
Cisco Enterprise NFV Infrastructure Software 数据伪造问题漏洞
Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from Cisco. The platform enables full lifecycle management of virtualized services through a central orchestrator and controller. Cisco Enterprise NFV Infrastructure Software is vulnerable to a...
Linux kernel 资源管理错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel version 5.19.12 and earlier versions, which stems from the presence of a race condition in...
SAMSUNG TizenRT 安全漏洞
TizenRT is an application system. A lightweight RTOS-based platform that supports low-end IoT devices. SAMSUNG TizenRT suffers from a security vulnerability that originates in l2packetreceivetimeout in wpasupplicant/src/l2packet/l2packetpcap.c Missing checking of the return value of pcapdispatch,...
dlt-daemon 缓冲区错误漏洞
Dlt-daemon is the DLT communication interface for Genivia's ECU. It collects and buffers log messages from one or more DLT users running on the ECU and makes them available to DLT clients upon request. A buffer overflow vulnerability exists in Genivia Dlt-daemon 2.18.8 and prior versions, which...
Binary 资源管理错误漏洞
Binary is a library by the individual developers of gagliardetto. It is used for encoding/decoding Borsh and other formats. A security vulnerability exists in Binary versions prior to 0.7.1. An attacker exploited the vulnerability to allocate slices in memory with arbitrarily oversized values,...
Intel Active Management Technology 安全漏洞
Intel Active Management Technology AMT is a suite of hardware-based remote active management technology software for computers from Intel Corporation. Intel Active Management Technology , Standard Manageability A security vulnerability exists in versions prior to August 9, 2022, which stems from...
Michlol Solutions rashim web interface 操作系统命令注入漏洞
Michlol Solutions rashim web interface is a web interface from Michlol Solutions. An operating system command injection vulnerability exists in the Michlol Solutions rashim web interface prior to version 187.4392, which stems from an insecure direct object reference IDOR in the web interface that...
Automattic Mongoose 安全漏洞
Automattic Mongoose is a MongoDB object modeling tool for asynchronous environments. A security vulnerability exists in Automattic Mongoose versions prior to 6.4.6, which stems from the Schema.path function being susceptible to prototype contamination when setting up schema objects, which can be...
Jenkins Plugin Deployer Framework 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
TZInfo 安全漏洞
TZInfo is a Ruby timezone library. A security vulnerability exists in TZInfo that stems from its susceptibility to relative path traversal causing TZInfo::Timezone.get to load arbitrary files. The following versions are affected: 0.3.60 and earlier, 1.0.0 through 1.2.9 only when used with the Rub...
Hyperledger Fabric 输入验证错误漏洞
Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used to develop solutions and applications. Hyperledger Fabric suffers from an input validation error vulnerability that stems from incorrect validation of inputs in a consensus request, which could be exploited by a...
MediaTek 芯片缓冲区错误漏洞
MediaTek Inc. is the world's fourth largest fab-based semiconductor company and a leader in the markets of mobile terminals, smart home applications, wireless connectivity and Internet of Things IoT products, with approximately 1.5 billion units of end products with built-in MediaTek chips hittin...
KDDI HOME SPOT CUBE2 操作系统命令注入漏洞
KDDI HOME SPOT CUBE2 is a home wireless router from KDDI Japan. KDDI HOME SPOT CUBE2 is vulnerable to an operating system command injection vulnerability, which stems from data received from a DHCP server not being processed properly. An attacker could use this vulnerability to execute arbitrary...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...
Advantech iView SQL注入漏洞
Advantech Iview is a Simple Network Protocol SNMP based software from Advantech, China, for managing B B SmartWorx devices. information...
semver-regex 安全漏洞
npm semver-regex is a regular expression used to match semver versions. semver-regex versions prior to 3.1.4 and versions 4.0.0 inclusive through 4.0.2 have a denial of service vulnerability that stems from not properly handling incoming error messages, which can be exploited to cause a denial of...
HashiCorp go-getter 命令注入漏洞
HashiCorp go-getter is a library for Go golang from HashiCorp, Inc. that is used to download files or directories from various sources using URLs as the primary form of input. A command injection vulnerability exists in HashiCorp go-getter version 2.0.2 and prior versions, which stems from the...
Arm Mali GPU Kernel Driver 资源管理错误漏洞
Arm Mali GPU Kernel Driver is a driver for a graphics processor unit from Arm UK. A security vulnerability exists in the Arm Mali GPU Kernel Driver, which can be exploited by an attacker to perform incorrect CPU memory operations, resulting in reuse after release. The following products and...
Siemens Teamcenter 代码问题漏洞
Siemens Teamcenter is a product lifecycle management computer software application from Siemens, Germany. Siemens Teamcenter contains a security vulnerability that could be exploited by attackers to view files on the application server file system...
F5 BIG-IP 资源管理错误漏洞
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. F5 BIG-IP is vulnerable to resource management errors, which can be exploited by attackers to cause service degradation,...
yii-helpers 安全漏洞
yii-helpers is a set of helper classes for the Yii framework, used as LUYA helpers. A security vulnerability exists in the GitHub library luyadev/yii-helpers prior to version 1.2.1, which can be exploited by an attacker to cause effects such as client-side command injection, code execution, or...
CSV-Safe gem 安全漏洞
The CSV-Safe gem is a library to prevent CSV injection attacks. A security vulnerability exists in versions of the CSV-Safe gem prior to 3.0.0 that stems from not however filtering out special characters that could trigger CSV injection...
Libmobi 缓冲区错误漏洞
Libmobi is a C library . It is used to process documents in the Mobipocket/Kindle MOBI e-book format. A security vulnerability exists in Libmobi versions prior to 0.11, which stems from a buffer error that can be exploited by an attacker to cause arbitrary code execution...
WordPress plugin Caldera Forms跨站脚本漏洞
WordPress is a blogging platform developed using the PHP language. cross-site scripting vulnerability exists in versions prior to WordPress plugin Caldera Forms 1.9.7. The vulnerability stems from the plugin's failure to validate and escape cf-api parameters before outputting them back to the...
WordPress和WordPress plugin 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Easy Digital Downloads plugin is vulnerable to cross-site request forgery, which originates from Ea...
Micro Focus Operations Bridge Manager 安全漏洞
Micro Focus Operations Bridge Manager is a software application from Micro Focus UK. It provides a monitoring function. A security vulnerability exists in Micro Focus Operations Bridge containerized, which can be exploited by unauthenticated attackers to conduct remote code execution...
WordPress plugin Anti-Malware Security and Brute-Force Firewall 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. WordPress plugin Anti-Malware Security and Brute-Force Firewall is vulnerable to cross-site scripting. The...
Maccms 跨站脚本漏洞
Maccms is a PHP-based film and television content management system CMS. v10 version of Maccms contains a cross-site scripting vulnerability, which originates from the lack of user-supplied data and output data validation filtering in the select and input parameters in...