195539 matches found
WordPress Plugin WooCommerce Product Carousel Slider Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Intel Simics Simulator Security Vulnerability
Intel Simics Simulator is a full-system simulator from Intel Corporation USA. A security vulnerability exists in Intel Simics Simulator. An attacker exploiting this vulnerability could cause an elevation of privilege...
VMware Workstation Buffer Error Vulnerability
VMware Workstation is a set of virtual machine software from VMware. The software provides the ability to run multiple virtual machines with different operating systems at the same time. A security vulnerability exists in VMware Workstation version 17.x prior to 17.5, which stems from an...
WordPress Plugin Stout Google Calendar Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Stout Goog...
WordPress Plugin sis-handball Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress Plugin wp-tell-a-friend-popup-form Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
EVE OS Security Vulnerability
EVE OS is a general-purpose, open Linux-based operating system for distributed edge computing open-sourced by IF Edge. EVE OS suffers from a security vulnerability that stems from the Pillar eve container allowing an attacker to add their own key and gain full control of the system...
EVE OS Data Forgery Issue Vulnerability
EVE OS is a general-purpose, open Linux-based operating system for distributed edge computing open-sourced by IF Edge. EVE OS suffers from a security vulnerability that stems from the fact that the MEASURED boot mechanism does not validate the entire rootfs, leading to an attacker being able to...
NVIDIA DGX Security Vulnerability
NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A security vulnerability exists in the NVIDIA DGX H100 BMC, which stems from a security flaw in IPMI that can be exploited by attackers to cause code execution, denial of service, privilege escalation, and...
WordPress plugin Easy Hide Login 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin Leyka cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from allowing low-privileged users to access out-of-privilege content...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in Gitlab CE/EE that stems from allowing...
UNISOC Chipsets 安全漏洞
UNISOC Chipsets are chipsets from China's Zilight Spreadtrum UNISOC. A security vulnerability exists in some unisoc products, which stems from a lack of privilege checking in the fastDial service, leading to local information leakage. The following products are affected:...
部分MediaTek芯片 缓冲区错误漏洞
MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in some of the MediaTek chips, which stems from an out-of-bounds write due to an integer overflow in the keyinstall that may result in a local privilege escalation...
WordPress plugin Brizy Page Builder 数据伪造问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Mozilla Firefox 输入验证错误漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 114, which stems from a site isolation bypass that allows open redirects to data on the site...
Mitsubishi Electric Corporation MELSEC WS 安全漏洞
The Mitsubishi Electric Corporation MELSEC WS Series is a programmable logic controller from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric Corporation MELSEC WS WS0-GETH00200, which originates from a vulnerability that could allow an unauthenticated, remote...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost. An attacker exploited the vulnerability to elevate privileges to system administrator privileges...
Western Digital My Cloud OS 代码问题漏洞
Western Digital My Cloud is a personal cloud storage device from Western Digital. A code issue vulnerability exists in Western Digital My Cloud OS 5 prior to version 5.26.202, which stems from the presence of a server-side request forgery SSRF vulnerability...
Django 输入验证错误漏洞
Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. Django has a security vulnerability that stems from the ability to bypass authentication when...
Wordpress Plugin Mail Subscribe List 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Bare Metal Operator 信息泄露漏洞
Bare Metal Operator is an open source application from Metal³ that uses the Kubernetes API to manage bare metal hosts. An information disclosure vulnerability exists in Bare Metal Operator versions prior to 0.3.0, which stems from the presence of plaintext username and hashed password disclosure...
Oracle MySQL 安全漏洞
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized MySQL connector hangs or frequent and repeated crashes, as well as unauthorized update, insert, or delete acces...
Siemens Mendix 安全漏洞
Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment and iteration. An information disclosure vulnerability exists in the Siemens Mendix Forgot Password module. The vulnerability stems from the fact that the...
Foreman 代码注入漏洞
Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides service provisioning, configuration management, and status reporting. A security vulnerability exists in Foreman that originates from allowing an administrator user to set global parameters...
Medicine Tracker System 跨站脚本漏洞
Medicine Tracker System is a drug tracking system by the individual developer Carlo Montero. A cross-site scripting vulnerability exists in Medicine Tracker System. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this...
Wondershare Dr.Fone 安全漏洞
Wondershare Dr. Fone is a mobile device toolkit software from China Wondershare Technology Wondershare. The software provides applications, transfer data, contacts, messages and other auxiliary functions for the device. A security vulnerability exists in Wondershare Dr.Fone v12.9.6. An attacker...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from unhidden Google IAP...
Directus 跨站脚本漏洞
Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A cross-site scripting vulnerability exists in Directus versions prior to 9.23.0 that stems from vulnerability to HTML injection attacks...
GitHub Enterprise Server 代码注入漏洞
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.8.0...
ZoneMinder 安全漏洞
ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, among others. A security vulnerability exists in ZoneMinder versions prior to 1.36.33 and prior to 1.37.33, which stems from the presence of an unauthenticated remote code execution vi...
Ricoh MP C4504ex 安全漏洞
The Ricoh MP C4504ex is a printer from Ricoh Japan. A security vulnerability exists in the Ricoh MP C4504ex version 1.06, which stems from an incorrect processing credentials flow...
Adobe FrameMaker 缓冲区错误漏洞
Adobe Framemaker is a set of page layout software for writing and editing large or complex documents including structured documents from Adobe. Adobe FrameMaker has an out-of-bounds write vulnerability that can be exploited by attackers to cause arbitrary code execution...
Microsoft .NET Framework 安全漏洞
Microsoft .NET Framework is a comprehensive and consistent programming model from Microsoft Corporation USA and a development platform. The platform includes the C and Visual Basic programming languages, a public language runtime library, and an extensive class library. A security vulnerability...
WordPress plugin WP TripAdvisor Review Slider SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists i...
modoboa 安全漏洞
modoboa is an email hosting and management platform for individual developers. A security vulnerability exists in versions prior to modoboa 2.0.4. An attacker can bypass authentication by exploiting the vulnerability...
OpenMage Magento Lts 安全漏洞
OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A security vulnerability exists in OpenMage LTS versions prior to 19.4.22, 20.0.19 and prior to 20.0.19, which stems from the inclusion of an infinite loop in the malicious code filter...
debug 安全漏洞
debug is a small JavaScript debugging utility open-sourced by Debug.js and modeled on core Node.js debugging techniques. A security vulnerability exists in debug versions prior to 3.1.0, which stems from the function useColors in file src/node.js, where manipulation of the parameter str leads to...
ThinkPHP 路径遍历漏洞
ThinkPHP is a PHP-based, open source, lightweight web application development framework from China's Top Thinking Information Technology Company. A security vulnerability exists in ThinkPHP Framework versions prior to 6.0.14, which originates from allowing local files to be included via the lang...
MikroTik RouterOS 缓冲区错误漏洞
MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in PCs to enable them to provide router functionality. A buffer error vulnerability exists in MikroTik RouterOS versions prior to v7.6, which stems from the inclusion o...
Discourse 输入验证错误漏洞
Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. An input validation error vulnerability exists in versions prior to Discourse 2.9.0.beta13, which stems from the ability for users to post chat messages of unlimited...
WordPress plugin login-block-ips 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
VMware Workspace ONE Assist 授权问题漏洞
VMware Workspace ONE Assist is a real-time remote support solution from VMware, Inc. It allows VMware Workspace ONE UEM administrators to remotely access and troubleshoot devices in real-time while respecting end-user privacy. A security vulnerability exists in VMware Workspace ONE Assist prior t...
Abode Iota 格式化字符串错误漏洞
Abode Iota is a reliable Diy home security system from Abode. A formatting string error vulnerability exists in Abode Iota versions 6.9X and 6.9Z, which stems from the fact that an attacker can send an authenticated, malicious HTTP request to its web interface/action/wirelessConnect functionality...
WordPress Plugin Passster 加密问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
OpenHarmony 安全漏洞
OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation Foundation. A security vulnerability exists in OpenHarmony v3.1.2 and earlier and 3.0.6 and earlier, which stems from a kernel memory pool overwriting issue in its /dev/mmzuserdev device driver...
Apache Commons JXPath 缓冲区错误漏洞
Apache Commons JXPath is a Java-based implementation of XPath 1.0 from the Apache Foundation, U.S.A. A buffer overflow vulnerability exists in Apache Commons JXPath, which is caused by a stack buffer overflow when parsing XPath. A remote attacker could exploit this vulnerability to cause a denial...
Wazuh 安全漏洞
Wazuh is an Wazuh open source application. Wazuh 3.6.1 and later, 3.13.5 and earlier, 4.0.0 and later, 4.2.7 and earlier, and 4.3.0 and later, 4.3.7 and earlier are vulnerable to a code execution vulnerability that stems from Active Response endpoint fails to properly filter the special elements ...
Rockwell Automation ThinManager 缓冲区错误漏洞
Rockwell Automation ThinManager is a thin client management software from Rockwell Automation. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. A security vulnerability exists in Rockwell Automation ThinManager versions 11.0.0 through 13.0.0, which stems fr...