195539 matches found
Maccms 跨站脚本漏洞
Maccms is a PHP-based film and television content management system CMS. v10 version of Maccms contains a cross-site scripting vulnerability, which originates from the lack of user-supplied data and output data validation filtering in the select and input parameters in...
HP 多款产品跨站脚本漏洞
HP Color LaserJet Pro and others are products of Hewlett-Packard HP in the U.S. HP Color LaserJet Pro is a line of color printers.HP PageWide Pro is a line of multifunction printers.HP LaserJet Printers is a line of... A security vulnerability exists in multiple HP products that stems from a lack...
Jenkins GitLab Authentication Plugin信息泄露漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins GitLab Authentication Plugin ...
Apple macOS Big Sur缓冲区错误漏洞
Apple macOS Big Sur is a mobile application app from Apple USA. macOS Big Sur prior to version 11.6.5 A buffer error vulnerability exists that stems from a boundary error when processing binary files in AppleScript. A malicious application can trigger a buffer overflow and execute arbitrary code ...
DVDFab 路径遍历漏洞
DVDFab is a multimedia solution. A path traversal vulnerability exists in DVDFab 12 PlayerFab. The following products and versions are affected: DVDFab 12 from version 6.2.1.0 to 6.2.1.1, PlayerFab from version 7.0.0.0 to 7.0.0.5...
Google TensorFlow 输入验证错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google TensorFlow is vulnerable to an input validation error that stems from an integer overflow in the Range implementation, which could be exploited by an attacker to trigger undefined behavior or, in...
Google TensorFlow 资源管理错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google Tensorflow is vulnerable to resource management errors, which can be exploited by attackers to cause mismanagement of resources...
vditor 跨站脚本漏洞
vditor is a browser-based Markdown editor that supports WYSIWYG, on-the-fly rendering similar to Typora, and split-screen preview modes. vditor suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the web application. An attacker...
Adobe Premiere Elements 缓冲区错误漏洞
Adobe Premiere Elements is a video editing software application from Adobe. A memory buffer out-of-bounds access vulnerability exists in Adobe Premiere Elements 2021 build 19.0 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...
Vm2 安全漏洞
Vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. Vm2 suffers from a security vulnerability that stems from a vulnerability in package vm2 prior to 3.9.4. An attacker ca...
stb 缓冲区错误漏洞
stb is a single-file public domain library for C/C ++. A buffer error vulnerability exists in stb version 2.26, which stems from a buffer overflow vulnerability in the stbiextendreceive function of the stbimage.h file in the software . An attacker can trigger the vulnerability via a crafted JPEG...
IR615 Router 跨站脚本漏洞
The IR615 Router is a 4G industrial router from Rimu Technologies, China. IR615 Router has a cross-site scripting vulnerability that could be exploited to hijack user sessions connected to the system...
Red Hat Jboss Enterprise Application Platform 7 代码问题漏洞
Red Hat Jboss Enterprise Application Platform 7 Red Hat Jboss Eap 7 is a middleware platform built on open standards and compatible with the Java Ee 7 specification from Red Hat USA. A code issue vulnerability exists in Red Hat JBoss Enterprise Application Platform 7 Artemis that stems from the...
Nltk 代码问题漏洞
Nltk is a natural language toolkit. It is used to support research and development in natural language processing. A code issue vulnerability exists in nltk that stems from an error in certain regular expressions in the product. An attacker could cause a denial of service via this vulnerability...
GNU Mailman 访问控制错误漏洞
GNU Mailman is a free suite of software from the GNU community for managing e-mail discussions and e-mail lists. The software integrates with web projects to make it easy for users to manage email subscription accounts and provides built-in archiving, automatic forwarding processing, content...
Apache Zeppelin 命令注入漏洞
Apache Zeppelin is a Web-based open source notebook application from the Apache Foundation. The application supports interactive data analysis and collaborative documentation. Apache Zeppelin 0.9.0 and earlier versions contain a command injection vulnerability that could be exploited by an attack...
GitLab 安全漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab CE/EE that stem...
Deamon Tools Pro 输入验证错误漏洞
Deamon Tools Pro is a simulation emulation software that facilitates the creation and installation of images. An input validation error vulnerability exists in Deamon Tools Pro. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor...
Huawei Smartphone 输入验证错误漏洞
Huawei Emui is an Android-based mobile operating system. Huawei Magic UI is the operating system for Honor phones. Huawei EMUI/Magic UI is vulnerable to an integer overflow vulnerability, which can be exploited by attackers to cause the execution of certain code...
OpenStack 输入验证错误漏洞
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA in collaboration with Rackspace in the United States. Openstack Nova suffers from an input validation error vulnerability that allows remote attackers to exploit the vulnerability ...
Oracle Essbase 输入验证错误漏洞
Oracle Hyperion Essbase Administration Services is a robust, cross-platform graphical user interface that makes Essbase administration tasks easy to perform.Oracle Hyperion Essbase Administration Services 11.1.2.4. Release 21.2 contains a security vulnerability in the EAS Console component. An...
SAS Environment Manager 跨站脚本漏洞
SAS Environment Manager is a web-based management solution for SAS environments from SAS, Inc. A security vulnerability exists in SAS Environment Manager that stems from SAS Environment Manager 2.5 allowing XSS to pass through the Name field when creating an edit server. An attacker could exploit...
Shopizer 跨站脚本漏洞
Shopizer is a Java open source e-commerce software. A cross-site scripting vulnerability exists in Shopizer versions prior to 2.17.0. A remote attacker can exploit this vulnerability by using the ref parameter to inject arbitrary Web script or HTML into a page about any product...
NoneCMS 跨站脚本漏洞
NoneCMS is a simple and compact open-source content management system that can be used to quickly build corporate sites, personal blogs, and support mobile. A cross-site scripting vulnerability exists in admin/nav/add.html in NoneCMS version 1.3.0. Attackers can use the name parameter to inject...
LocalFilesEditor 数据伪造问题漏洞
LocalFilesEditor is a software application. Photobooth software for the web, built by an active community of users and developers. A security vulnerability exists in the LocalFilesEditor extension prior to version 11.4.0.1, which stems from a file parameter not being validated by proper regular...
Envoy 安全漏洞
Envoy is an open source distributed proxy server. Envoy suffers from a security vulnerability that can be exploited by attackers to cause a denial of service due to null references...
Pi-hole 操作系统命令注入漏洞
Pi-hole is a network-level ad-blocking application from Pi-hole, Inc. A security vulnerability exists in Pi-hole core 5.2.4, which originates in the Linux network-level ad and Internet tracking blocking application...
Microsoft Visual Studio Code 代码注入漏洞
Microsoft Visual Studio Code is an open source code editor from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Visual Studio Code. A remote attacker can exploit this vulnerability to execute arbitrary code...
Fortinet FortiWeb 信息泄露漏洞
American Fita Fortinet was founded in October 2000, is committed to chip design, network communication speed, security and defense. A security vulnerability exists in Fortinet fortiweb, which can be exploited by an attacker to read the password used by the FortiWeb scanner to access devices defin...
WordPress 安全漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. BuddyPress has a security vulnerability prior to 5.0.0 and 7.2.1 that can be exploited by an attacke...
Wordpress Modern Events Calendar Lite 代码问题漏洞
Wordpress Modern Events Calendar Lite is an open source application plugin for Wordpress. This plugin is the best tool for managing event websites. A code issue vulnerability exists in the WordPress Modern Events Calendar Lite plugin before 5.16.5, which stems from an arbitrary file upload that...
NVIDIA GPU Display Driver Security Vulnerability
NVIDIA GPU Display Driver is a driver from NVIDIA Corporation that is used to provide interactive support for graphics card display modules in operating systems. A security vulnerability exists in NVIDIA GPU Display Driver that originates from improper access control leading to denial of service...
MongoDB Security Vulnerabilities
MongoDB is a document-oriented database management system from the American company MongoDB. A security vulnerability exists in MongoDB, which originates from the possibility that a user authorized to perform a database query may issue a special query with a composite index that affects...
Vim 注入漏洞
Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim prior to 9.2.0495 contained a vulnerability due to the netrw plugin. This vulnerability stemmed from the s:NetrwBookHistSave function in the netrw plugin, which inserted directory names derived from the...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation for untrusted inputs, which could allow remote attackers to exploit the...
Google Chrome 缓冲区错误漏洞
Google Chrome Video is a component that handles video decoding and rendering, primarily used to support video playback in the Chrome browser on ChromeOS. The Google Chrome Video component has a security vulnerability. This vulnerability stems from an improper check of boundaries during video data...
WordPress plugin Product Filter by WBW SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Axios 安全漏洞
Axios is an open-source HTTP client developed by Axios team, based on Promise a solution for asynchronous programming. Versions of Axios prior to 0.32.0 and 1.16.0 contain security vulnerabilities. These vulnerabilities stem from the Node.js HTTP adapter, which may forward the Proxy-Authorization...
VMware Spring Web Services 代码问题漏洞
VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are code vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the use of...
VMware Spring Integration 路径遍历漏洞
VMware Spring Integration is an enterprise application integration framework developed by VMware, Inc. Versions 7.0.0 to 7.0.4, 6.5.0 to 6.5.8, 6.4.0 to 6.4.11, 6.3.0 to 6.3.14, and 5.5.0 to 5.5.20 of VMware Spring Integration have a path traversal vulnerability. This vulnerability arises due to...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a resource management vulnerability, which stems from a problem with reusing resources after they are released in the Autofill component. A remote attacker can exploit this vulnerability to destroy the...
Fission 安全漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities arise from the use of ServiceAccountName: fission-builder in the builder pod, without setting AutomountServiceAccountToken: fals...
bit7z 后置链接漏洞
bit7z is a file compression/uncompression tool developed by Riccardo as an individual project. Versions of bit7z prior to 4.0.12 had a post-installation link vulnerability. This vulnerability stemmed from the use of symbolic links during archive updates, allowing for arbitrary file overwriting...
kafka-python 安全漏洞
Kafka-Python is a distributed stream processing engine client library written entirely in Python by Dana Powers. Versions of Kafka-Python prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of boundary validation for the 4-byte frame length value in the...
Fission 路径遍历漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained a path traversal vulnerability. This vulnerability stemmed from the Unarchive function using filepath.Join to concatenate the archive entry name with the target directory,...
Roxy-WI 输入验证错误漏洞
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from the EscapedString verifier failing to properly prevent path...
Migration Planner UI SQL注入漏洞
The Migration Planner UI is an open-source migration planning front-end tool developed by KubeV2V. The Migration Planner UI has a SQL injection vulnerability. This vulnerability arises when a remotely authenticated attacker uploads a specially crafted RVTools .xlsx file. Due to improper input...
QNAP qts 异常处理不当漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. There are code-related vulnerabilities in QNAP Systems QTS and QNAP Systems QuTS hero, which stem from null pointer...
VMware Spring AMQP 安全特征问题漏洞
VMware Spring AMQP is a message queue integration framework developed by the American company VMware. There is a security vulnerability in VMware Spring AMQP, which stems from the use of a fixed reply queue ID in the RabbitTemplate.sendAndReceive method, making it predictable due to an internal...
Microsoft Visual Studio Code 日志信息泄露漏洞
Microsoft Visual Studio Code is an open-source code editor developed by the American company Microsoft. Microsoft Visual Studio Code has a vulnerability related to information leakage. Attackers can exploit this vulnerability to obtain sensitive information...