195539 matches found
Xterm 命令注入漏洞
Xterm is a terminal emulator for the X Window System by Thomas Dickey, a personal developer. It is intended to provide Dec Vt102 and Tektronix 4014 compatible terminals for programs that cannot use the window system directly. A security vulnerability exists in versions prior to Xterm 375. An...
GoFlow 资源管理错误漏洞
GoFlow is an open source NetFlow/IPFIX/sFlow collector in Go by Cloudflare. A resource management error vulnerability exists in GoFlow versions prior to 3.4.4, which stems from insufficient packet cleanup and processes consuming large amounts of memory, leading to denial of service attacks...
OAuthenticator 安全漏洞
OAuthenticator is an OAuth token library for the JupyerHub login handler. A security vulnerability exists in OAuthenticator version 14.2.0 and earlier, which stems from CILogon, a federated authentication provider that allows users to authenticate with multiple identity providers IdPs...
Canonical Apport 资源管理错误漏洞
Canonical Apport is a toolkit from Canonical UK that collects and provides feedback on error messages information that the operating system considers useful when an application crashes. A resource management error vulnerability exists in Canonical Apport, which arises from the application not...
Canonical Apport 安全特征问题漏洞
Canonical Apport is a toolkit from Canonical UK that collects and provides feedback on error messages information that the operating system considers useful when an application crashes. Canonical Apport suffers from a security signature issue vulnerability that stems from not filtering D-Bus...
nest 安全漏洞
nest is a Node.js framework developed by Nestjs, designed for building efficient, scalable, and enterprise-level server-side applications using TypeScript/JavaScript. Version 11.1.13 of nest contains a security vulnerability. This vulnerability arises from NestJS applications that utilize...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unreleased control handler that could lead to a memory leak...
Clinic’s Patient Management System SQL注入漏洞
Clinic's Patient Management System is a patient management system for a clinic in Carlo Montero. A security vulnerability exists in Clinic's Patient Management System version 2.0, which originates from a SQL injection vulnerability on the login page...
Filament Excel 安全漏洞
Filament Excel is a tool by Dennis Koch, a personal developer. Easily configure Excel exports in Filament through batch or page operations. A security vulnerability exists in Filament Excel that stems from allowing any file to be downloaded without logging in...
Coder 安全漏洞
Coder is an application from Coder that allows you to set up a development environment in a public or private cloud infrastructure. A security vulnerability exists in Coder and CoderV2 that stems from a security hole in OIDC authentication that allows an attacker to bypass authentication and crea...
WordPress plugin Formidable Forms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability in the WordPress...
ThinkCMF 跨站脚本漏洞
ThinkCMF is a CMS Content Management System based on ThinkPHP. A cross-site scripting vulnerability exists in ThinkCMF version 5.1.5, which stems from the lack of effective filtering and escaping of user-supplied data in the file UserController.php, and can be exploited by an attacker to execute...
Fortinet FortiADC 操作系统命令注入漏洞
Fortinet FortiADC is an application delivery controller from Fortinet, Inc. Fortinet FortiADC suffers from a command injection vulnerability, which stems from an improper neutralization of special elements used in os commands, that can be exploited by an attacker to execute arbitrary shell code a...
Jenkins NS-ND Integration Performance Publisher Plugin 信任管理问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A trust management issue...
v8n 安全漏洞
v8n is a JavaScript validation library by the individual developer Bruno C. Couto. A security vulnerability exists in versions of v8n prior to 1.5.1, which stems from the fact that the low complexity of its lowercase and uppercase regular expressions may lead to denial-of-service attacks...
Moodle 输入验证错误漏洞
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. moodle suffers from an input validation error vulnerability, which stems from improper input validation and can be exploited by remote...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the Smart...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
GNU LibreDWG 安全漏洞
GNU LibreDWG is a C-language library from the GNU community in the United States that is used for processing DWG files. Versions of GNU LibreDWG 0.13.4.8160 and earlier contain security vulnerabilities. These vulnerabilities stem from a heap buffer overflow in the bitreadRC function within the...
PilusCart SQL注入漏洞
PilusCart is an online store management system based on PHP and MySQL. Version 1.4.1 of PilusCart has a SQL injection vulnerability. This vulnerability stems from the send parameter, which allows for SQL injections. It may allow unverified attackers to manipulate database queries and extract...
Microsoft Windows Routing and Remote Access Service 安全漏洞
Microsoft Windows Routing and Remote Access Service is a network service from Microsoft Corporation USA that is used to implement features such as network routing, virtual private networks VPNs, and dial-up connections. A security vulnerability exists in Microsoft Windows Routing and Remote Acces...
Autodesk Navisworks 缓冲区错误漏洞
Autodesk Navisworks is a 3D model review software for architecture, engineering and construction from Autodesk, Inc. in the United States. A security vulnerability exists in Autodesk Navisworks that originates from parsing a specially crafted DWFX file resulting in memory corruption that could...
WordPress plugin HUSKY 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
编号撤回
Red Hat Undertow is a Java-based embedded web server from Red Hat USA and is the default web server for Wildfly Java Application Server. This CVE number has been withdrawn...
Moodle 安全漏洞
Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from the need for additional restrictions to avoid the risk of remote...
Ruby SAML 数据伪造问题漏洞
Ruby SAML is an open source implementation of a SAML authorization client from SAML-Toolkits. A data forgery vulnerability exists in Ruby SAML that stems from Ruby-SAML's inability to properly verify the signature of a SAML response, allowing an attacker to log in to a vulnerable system as an...
WordPress plugin ShopLentor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
Progress MOVEit Transfer Cross-Site Scripting Vulnerability
Progress MOVEit Transfer is a secure hosted file transfer application from Progress. A security vulnerability exists in Progress MOVEit Transfer that stems from a Reflected Cross-Site Scripting XSS vulnerability when MOVEit Gateway and MOVEit Transfer are used together. Affected products and...
phpMyFAQ 跨站脚本漏洞
phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.2.2, which stems from the lack of effective filtering and escaping of user-supplied data in the FileName parameter of the file attachment upload function, an...
VMware Aria Operations for Logs Code Issue Vulnerability
VMware Aria Operations for Logs is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A security vulnerability exists in VMware Aria Operations for Logs, which stems from a deserialization vulnerability...
Vyper 输入验证错误漏洞
Vyper is the Pythonic smart contract language for EVM. An input validation error vulnerability exists in versions of Vyper prior to 0.3.8, which stems from a lack of overflow checking for cyclic variables...
go-dagpb 缓冲区错误漏洞
go-dagpb is an IPLD open source implementation of the DAG-PB Go specification. A security vulnerability exists in go-dagpb that stems from the fact that the dag-pb codec may crash when decoding an invalid block...
WordPress plugin Keywordrush Content Egg 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
VMware Spring Data REST 安全漏洞
VMware Spring Data REST is a data interface from VMware, Inc. It is used to build on top of the Spring Data repository, analyze an application's domain model, and expose hypermedia-driven HTTP resources for aggregations contained in the model. A security vulnerability exists in VMware Spring Data...
Google TensorFlow 安全漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A security vulnerability exists in Google TensorFlow, which stems from the fact that if tf.sparse.cross receives an input separator that is not a scalar, it fails with an...
SAP Host Agent 代码问题漏洞
SAP Host Agent is a suite of agent programs from SAP Germany that support a number of lifecycle management tasks such as operating system monitoring, database monitoring, and system instance monitoring. A code issue vulnerability exists in SAP NetWeaver, ABAP Platform, and SAP Host Agent. An...
Progress Software WhatsUp Gold 安全漏洞
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold versions 21.1.0 throu...
Moxa MGate 安全漏洞
Moxa MGate is a series of Ethernet gateway products from Moxa China. A security vulnerability exists in the Moxa MGate that allows an attacker to perform a man-in-the-middle MITM attack on the device. This affects MGate MB3170 series firmware version 4.2 or lower. and MGate MB3270 series firmware...
CreateWiki 授权问题漏洞
CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. A security vulnerability exists in CreateWiki that stems from the ability to use Special:RequestWikiQueue for anonymous comments when sent directly via POST...
Snapd 竞争条件问题漏洞
Snapd is an open source, cross-platform package management tool. snapd is vulnerable to a contention issue, which can be exploited by local attackers to gain root privileges and execute arbitrary code to gain privilege escalation by binding to mount their own content in snap's private mount...
Aruba Instant 格式化字符串错误漏洞
Aruba Instant is a wireless network from Aruba USA. provides the only Wi-Fi solution that is easy to set up. Aruba Instant suffers from a Formatting String Error vulnerability that originates from a formatting string error in the Instant Command Line Interface. The vulnerability allows remote use...
Fortinet多款产品 安全漏洞
Fortinet FortiRecorder and others are products of Fortinet, Inc.Fortinet FortiRecorder is a Web-based network video recorder management system.Fortinet FortiMail is an email security gateway product.Fortinet FortiVoice is a unified communications and collaboration-as-a-service. A security...
Altenergy Power System Control Software 注入漏洞
Altenergy Power System Control Software is microinverter control software from Altenergy Power System. An injection vulnerability exists in Altenergy Power Control Software 20241108 and prior versions that stems from an improper authorization issue in the file /index.php/display/database/...
WordPress Plugin Mail Queue 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists...
Osprey Pump Controller 安全特征问题漏洞
Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01 that stems from vulnerability to a predictable and weak session token generation algorithm and could facilitate bypassing authentication and authorization. An attacker...
Apache Shiro 安全漏洞
Apache Shiro is a suite of Java security frameworks for performing authentication, authorization, encryption, and session management from the Apache Foundation USA. A security vulnerability exists in Apache Shiro versions prior to 1.11.0, which stems from a specially crafted HTTP request that cou...
Microsoft Windows Terminal 代码注入漏洞
Microsoft Windows Terminal is a new virtual terminal for Windows 10 announced by Microsoft Corporation of the United States at the Build 2019 conference that opened in Seattle. Users can install it through the Microsoft App Store or compile and install it themselves by downloading the source code...
ThinkCMF 跨站请求伪造漏洞
ThinkCMF is a CMS Content Management System based on ThinkPHP. A security vulnerability exists in ThinkCMF version 6.0.7, which stems from vulnerability to cross-site request forgery CSRF vulnerability...
NTT DATA TERASOLUNA 输入验证错误漏洞
NTT DATA TERASOLUNA is an NTT DATA framework from NTT DATA Corporation in Japan. A security vulnerability exists in NTT DATA TERASOLUNA Global Framework version 1.0.0 and TERASOLUNA Server Framework for Java Rich versions 2.0.0.2 through 2.0.5.1, which stems from improper input validation in the...
WordPress plugin WP Contact Slider 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...