195539 matches found
Microsoft Windows Ancillary Function Driver for WinSock 竞争条件问题漏洞
The Microsoft Windows Ancillary Function Driver for WinSock is a compatibility issue driver developed by Microsoft for Winsock. This driver contains a vulnerability known as a race condition. Attackers can exploit this vulnerability to gain elevated privileges. The following products and versions...
Microsoft Windows Telephony Server 缓冲区错误漏洞
Microsoft Windows Telephony Server is a component of the American company Microsoft. It supports the Telephone Application Programming Interface TAPI, allowing computer programs to communicate with shared telephone services. There is a buffer error vulnerability present in Microsoft Windows...
DesDev DedeCMS 安全漏洞
DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation in China. It is built using PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Version 5.7.118 of DesDev DedeCMS contains a securit...
Microsoft Windows Ancillary Function Driver for WinSock 资源管理错误漏洞
The Microsoft Windows Ancillary Function Driver for WinSock is a accessibility driver for Winsock by Microsoft Corporation. The Microsoft Windows Ancillary Function Driver for WinSock has a resource management vulnerability that stems from reusing resources after they have been released. This...
Microsoft Office 缓冲区错误漏洞
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a code execution vulnerability in Microsoft Office, which is caused by improper...
image-size 资源管理错误漏洞
image-size is a lightweight image size retrieval tool developed by image-size. Versions of image-size from 1.1.0 to 1.2.1 and from 2.0.0 to 2.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the findBox function, which had a denial-of-service vulnerability when processin...
Huawei HarmonyOS 访问控制错误漏洞
Huawei HarmonyOS is a distributed operating system developed by Huawei Corporation. It is designed for comprehensive scenarios and primarily offers features such as cross-device collaboration, security protection, and intelligent services. There is an access control vulnerability in the package...
VMware Spring HATEOAS 访问控制错误漏洞
VMware Spring HATEOAS is a REST API hypermedia development framework provided by the American company VMware. Vulnerabilities in access control exist in versions 1.5.0 to 1.5.6, 2.3.0 to 2.3.4, 2.4.0 to 2.4.1, 2.5.0 to 2.5.2, and 3.0.0 to 3.0.3 of VMware Spring HATEOAS. This vulnerability stems...
SAP Business Objects Business Intelligence Platform 访问控制错误漏洞
SAP Business Objects Business Intelligence Platform is a set of business intelligence software and enterprise performance solutions provided by the German company SAP. This product includes features such as report generation, analysis, and data visualization. There is an access control...
Apache Airflow 安全漏洞
Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow. The...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure of the connection preparation in the mac80211 module. This failure results in the site not...
Synology DiskStation Manager(DSM) 代码问题漏洞
Synology DiskStation Manager DSM is an operating system developed by Synology Inc. It is used for managing data, files, photos, music, and other information on network storage servers. Versions of DSM prior to 7.2.2.6-72806-5 and 7.3.1.8-86003-1 contained code vulnerabilities. These vulnerabiliti...
BentoML 代码注入漏洞
BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.39, there was a code injection vulnerability. This vulnerability stemmed from the envs.name value...
Delta Electronics DIAView 安全漏洞
Delta Electronics DIAView is an industrial configuration software developed by Delta Electronics in China. Delta Electronics DIAView has a security vulnerability, which stems from the possibility for unverified remote attackers to access the configured database...
Live555 安全漏洞
LIVE555 is a cross-platform C++ open-source project that provides solutions for streaming media. It supports standard streaming media transmission protocols such as RTP/RTCP, RTSP, and SIP. Versions of LIVE555 before 2026.04.22 had security vulnerabilities. These vulnerabilities stemmed from...
Akıllı E-Commerce Website SQL注入漏洞
Akıllı E-Commerce Website is an e-commerce website system developed by the Turkish company Akıllı, aimed at online retail and digital sales scenarios. Versions of Akıllı E-Commerce Website prior to 4.5.001 contained a SQL injection vulnerability. This vulnerability stemmed from improper...
HCL BigFix Service Management 安全漏洞
HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. There is a security vulnerability in HCL BigFix Service Management. This vulnerability stems from the failure to remove EXIF metadata from uploaded images, which may lead t...
Paperclip 授权问题漏洞
Paperclip is an AI proxy orchestration tool developed by Paperclip Open Source. Versions of Paperclip prior to 2026.416.0 contained an authorization vulnerability. This vulnerability stemmed from the default authenticated configuration, allowing unauthenticated attackers to achieve full remote co...
Roundcube Webmail 安全漏洞
Roundcube Webmail is an open-source browser-based IMAP client developed by Roundcube. It supports address book management, information search, spelling checking, and more. Versions of Roundcube Webmail prior to 1.5.14 and 1.6.14 contained security vulnerabilities. These vulnerabilities stemmed fr...
wvp-GB28181-pro 代码问题漏洞
WVP-GB28181-Pro is a video monitoring platform developed by individual developer 648540858. Versions of WVP-GB28181-Pro 2.7.4 and earlier have code vulnerabilities. These vulnerabilities stem from a deserialization issue in the function GenericFastJsonRedisSerializer within the component API...
doslib 安全漏洞
doslib is a MS-DOS development support library personally developed by Jonathan Campbell. Versions of doslib prior to 20250729 contained security vulnerabilities, which were caused by improper restrictions on memory buffer operations...
D-Link DWR-M960 安全漏洞
The D-Link DWR-M960 is a router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DWR-M960 formDdns file. The vulnerability stems from a misbehavior of the function sub4648F0 in the file /boafrm/formDdns in the DDNS Settings Handler component with respect to the...
WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
farm 安全漏洞
Farm is a web building tool developed by Farm OpenSource. Versions of Farm prior to 1.7.6 contained security vulnerabilities. These vulnerabilities stemmed from a lack of source verification in WebSocket, which could allow attackers to monitor developers and steal source code...
Kubernetes ingress-nginx 安全漏洞
Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx; this vulnerability stems from the rules.http.paths.path Ingress field...
WordPress Plugin AI Engine – The Chatbot and AI Framework for WordPress Code Issues and Vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
npm CLI security vulnerabilities
npm CLI is a package manager developed by the American company npm. There is a security vulnerability in npm CLI, which stems from loading modules from insecure locations, potentially leading to privilege escalation and the execution of arbitrary code...
IBM ApplinX 安全漏洞
IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. An unauthorized access vulnerability exists in IBM ApplinX that stems from insufficient server-side enforcement of client-side security, which could be...
RemoteMouse security vulnerability
Remote Mouse is a remote mouse application developed by the Remote Mouse company. Version 4.002 of Remote Mouse contains a security vulnerability. This vulnerability stems from the RemoteMouseService having a service path that is not enclosed in quotes, which may allow for the execution of...
Weblate 访问控制错误漏洞
Weblate is a Copyleft open source web-based free software continuous localization system. An Access Control Error vulnerability exists in Weblate versions prior to 5.15.2 that stems from improper access control of screenshot images, which could lead to unauthenticated users accessing screenshots...
Tenda M3 安全漏洞
Tenda M3 is an access control controller from Tenda China. A security vulnerability exists in Tenda M3 version 1.0.0.134903, which stems from an incorrect operation of the parameter qvlantruckport in the file /goform/setVlanPolicyData, which could result in a heap-based buffer overflow...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from premature initialization of the GPIO controller, which could lead to a race condition...
Microsoft Dynamics OmniChannel SDK Storage Containers 授权问题漏洞
Microsoft Dynamics OmniChannel SDK Storage Containers is a container for storing, accessing, or managing records from Microsoft Corporation, USA. An authorization issue vulnerability exists in Microsoft Dynamics OmniChannel SDK Storage Containers that stems from improper authorization and could...
MotionEye 安全漏洞
motionEye is a daemon web front-end for motionEye open source. A security vulnerability exists in MotionEye v0.43.1b4 and earlier versions, which stems from a configuration parameter that is not cleaned of user input and could lead to an OS command injection attack...
Creativeitem Ekushey CRM 跨站脚本漏洞
Creativeitem Ekushey CRM is an open source project management script from Creativeitem. A cross-site scripting vulnerability exists in Creativeitem Ekushey CRM version 5.0, which stems from a lack of user input validation and could lead to a stored cross-site scripting attack...
Flock Safety Android Collins 安全漏洞
Flock Safety Android Collins is an application module for managing cameras from Flock Safety USA. A security vulnerability exists in Flock Safety Android Collins version 6.35.31, which stems from a lack of authentication and could lead to denial of service, information disclosure, and remote code...
Finance.js 安全漏洞
Finance.js is a JavaScript library for financial calculations by Essam B. Individual Developer. A security vulnerability exists in Finance.js version 4.1.0, which stems from improper handling of the seekZero parameter and could lead to a denial of service attack...
WordPress plugin Duplicate Page and Post SQL注入漏洞
WordPress Duplicate Page and Post plugin is a plugin for quickly duplicating pages or posts, supporting one-click cloning of existing content and saving it to draft, private or public status, for users who need to batch process website content. WordPress Duplicate Page and Post plugin suffers fro...
MetaCPAN CGI::Simple 安全漏洞
MetaCPAN CGI::Simple is a module for Perl from the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN CGI::Simple versions prior to 1.282, which stems from HTTP response splitting and could lead to reflective cross-site scripting or open redirects...
UNISOC Chipsets 安全漏洞
UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from improper input validation and could lead to remote elevation of privilege...
WordPress plugin DigitalOcean Spaces Sync 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Apple macOS 安全漏洞
Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia contains a security vulnerability that can be exploited by attackers to cause iCloud Private Relay to fail to activate when multiple users are logged in at the same time...
Capillary.io CapillaryScope 安全漏洞
Capillary.io CapillaryScope is a software for vascular examinations from the Spanish company Capillary.io. A security vulnerability exists in Capillary.io CapillaryScope versions prior to v2.5.0, which stems from the unencrypted storage of sensitive data and could lead to credential disclosure...
Blogbook 注入漏洞
Blogbook is a content management system project by the individual developer Chaitak Gorai. Blogbook 92f5cf90f8a7e6566b576fe0952e14e1c6736513 and earlier versions have an injection vulnerability that stems from SQL injection of the parameter postid in the file /admin/viewallposts.php...
TeleMessage 安全漏洞
TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from the heap content of a JSP application containing a password sent over HTTP...
Google Chrome 安全漏洞
Google Chrome is a WEB browser developed by Google Inc. Google Chrome suffers from an information disclosure vulnerability, no details of the vulnerability are provided at this time...
Retrieval-based-Voice-Conversion-WebUI 安全漏洞
Retrieval-based-Voice-Conversion-WebUI is an open source voice training modeling tool from RVC-Project. A security vulnerability exists in Retrieval-based-Voice-Conversion-WebUI version 2.2.231006 and earlier, which stems from command injection...
LRQA Nettitude PoshC2 安全漏洞
LRQA Nettitude PoshC2 is an agent-aware C2 framework from LRQA used to help penetration testers with red teaming, late exploits, and lateral movement. A security vulnerability exists in LRQA Nettitude PoshC2 that stems from allowing an unauthenticated attacker to connect to the C2 server and...
Microsoft Windows Kernel 安全漏洞
Microsoft Windows Kernel is the kernel of the Windows operating system by Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Kernel. An attacker can exploit the vulnerability to elevate privileges. The following products and versions are affected:Windows 10 Version 18...
WordPress plugin MyBookProgress by Stormhill Media 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...