195539 matches found
Siemens JT2Go 代码问题漏洞
JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML with available JT, VFZ, CGM and TIF data.Teamcenter Visualization software is able to enhance its Product Lifecycle Management PLM environments with a comprehensive range of visualization solutions. PLM environme...
Fortinet FortiOS 安全漏洞
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering, and antispam. A security vulnerabili...
Hutool 安全漏洞
Hutool is a small but complete Java tool library from the Chinese Dromara community. A security vulnerability exists in Hutool v5.8.17 and earlier versions, which originates from an information disclosure vulnerability in the File.createTempFile function in /core/io/FileUtil.java...
Apache NiFi 代码注入漏洞
Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A code injection vulnerability exists in Apache NiFi versions 0.0.2 through 1.21.0 that originates from allowing...
WordPress plugin B2BKing 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Matrix Synapse 授权问题漏洞
Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. An authorization issue vulnerability exists in versions of Matrix Synapse prior to 1.85.0, which stems from the possibility that a deactivated user may log in while using an uncommon configuration...
STARFACE 安全漏洞
STARFACE is an IP telephony system for digital communications from STARFACE, Inc. A security vulnerability exists in STARFACE version 7.3.0.10 and prior versions that originates from allowing authentication using password hashes...
SQLite 代码注入漏洞
SQLite is a lightweight database that is ACID compliant relational database management system. A code injection vulnerability exists in SQLite JDBC that stems from a remote code execution vulnerability. No detailed vulnerability details are provided at this time...
WordPress Plugin Brands for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Online Exam System SQL注入漏洞
Online Exam System is an online exam system by oretnom23 individual developers. A SQL injection vulnerability exists in SourceCodester Online Exam System version 1.0, which stems from a problem with the file /dosen/data of the component POST Parameter Handler, where manipulation of the parameter...
MitraStar GPT-2741GNAC-N2 安全漏洞
MitraStar GPT-2741GNAC-N2 is a fiber optic access device from China-based MitraStar Technology MitraStar. A security vulnerability exists in the MitraStar GPT-2741GNAC-N2 firmware version BRg5.91.11WVK.0b32, which originates from the inclusion of Remote Code Execution RCE in the ping function...
WordPress plugin vSlider Multi Image Slider for WordPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress plugin Easy Digital Downloads 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...
Pimcore 跨站脚本漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A cross-site scripting vulnerability exists in...
OURPHP SQL注入漏洞
OURPHP is OURPHP open source an open source, cross-platform, enterprise-level + e-commerce + applet + APP multi-terminal synchronization CMS station-building system. OURPHP version 7.2.0 and previous versions exist SQL injection vulnerability. The vulnerability stems from the application's lack o...
Joomla SQL注入漏洞
Joomla is an open source, cross-platform content management system CMS developed using PHP and MySQL by the U.S. Open Source Matters team. Joomla 3 suffers from a security vulnerability that stems from improper use of input filters leading to SQL injection. An attacker exploiting the vulnerabilit...
Oracle SQL Developer 安全漏洞
Oracle SQL Developer is a free integrated development environment from Oracle Corporation that simplifies the development and management of Oracle databases. A security vulnerability exists in Oracle SQL Developer versions prior to 23.1.0. An attacker exploiting this vulnerability could take over...
Schneider Electric Easy UPS Online Monitoring Software 访问控制错误漏洞
Schneider Electric Easy UPS Online Monitoring Software is a power monitoring software from the French company Schneider Electric Schneider Electric. The Schneider Electric Easy UPS Online Monitoring Software suffers from an Access Control Error vulnerability that stems from a lack of authenticati...
Apple macOS Ventura 缓冲区错误漏洞
Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura version 13.1, which originates from the ability to execute arbitrary code with kernel privileges...
phpMyFAQ 跨站脚本漏洞
phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ versions prior to 3.1.12, which stems from the presence of a stored cross-site scripting XSS vulnerability...
Hitachi Vantara Pentaho Business Analytics Server 代码问题漏洞
Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that stems from improper references to XML external...
Pimcore 跨站脚本漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A cross-site scripting vulnerability exists in...
Medical Certificate Generator App SQL注入漏洞
Medical Certificate Generator App is a simple web application for medical clinics. A SQL injection vulnerability exists in SourceCodester Medical Certificate Generator App version 1.0, which stems from a problem in the file action.php, where manipulation of the parameter id can lead to sql...
Kozea CairoSVG 代码问题漏洞
Kozea CairoSVG is a Python based software from the Kozea community that converts SVG files to PDF, EPS, PS and PNG files. A code issue vulnerability exists in Kozea CairoSVG versions prior to 2.7.0, which stems from the fact that Cairo can send requests to an external host when processing SVG...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...
WordPress Plugin GigPress SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists i...
textAngular 跨站脚本漏洞
textAngular is a very powerful text editor for textAngular individual developers. A security vulnerability exists in textAngular 1.5.16 and earlier versions, which stems from the presence of a cross-site scripting XSS vulnerability...
Adobe FrameMaker 缓冲区错误漏洞
Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. An out-of-bounds read vulnerability exists in Adobe FrameMaker, which can be exploited by an attacker to cause a...
react-admin 跨站脚本漏洞
react-admin is a front-end framework for building data-driven applications that run in the browser on top of a REST/GraphQL API, using ES6, React, and Material Design. A security vulnerability exists in react-admin versions 3.x prior to 3.19.12 and 4.x prior to 4.7.6, which stems from the presenc...
WordPress plugin Wicked Folders 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. The WordPress plugin Wicked Folders suffers from a...
Contiki-NG 缓冲区错误漏洞
Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. A buffer error vulnerability exists in Contiki-NG version 4.8 and prior versions, which stems from an out-of-bounds write in the BLE-L2CAP module...
ZITADEL 代码问题漏洞
ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era, open sourced by ZITADEL Switzerland. A code issue vulnerability exists in ZITADEL versions 2.17.3 and earlier, 2.16.4 and earlier, which stems from allowing a...
Linux kernel 资源管理错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an issue found in ksmbd where fs/ksmbd/smb2pdu.c has an OOPS for reuse after release and SMB2TREEDISCONNECT...
WordPress plugin Mega Addons 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Passport-wsfed-saml2 安全漏洞
Passport-wsfed-saml2 is an Auth0 open source token authentication provider. A security vulnerability exists in Passport-wsfed-saml2 version 4.6.2 and earlier, which can be exploited by an attacker to bypass WSFed authentication on a website using passport-wsfed-saml2...
Microsoft SharePoint 安全漏洞
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft Corporation USA. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information.A remo...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Live Caption, which can be exploited by attackers to execute arbitrary code on a system or cause a denial of service...
VideoLAN VLC media player 输入验证错误漏洞
VideoLAN VLC media player is a free, open source cross-platform multimedia player also a multimedia framework organized by VideoLAN France. The product supports playback of multiple media files, CD-ROMs, etc., multiple audio and video formats WMV, MP3, etc., etc. A security vulnerability exists i...
WAVLINK WN531G3 安全漏洞
The WAVLINK WN531G3 is a wireless router from China's RuiYin Technology WAVLINK. The WAVLINK WN531G3 M31G3.V5030.201204 version and M31G3.V5030.200325 version contain an access control error vulnerability that can be exploited by an attacker to download configuration data and log files...
WordPress plugin Easy Digital Downloads 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...
WordPress plugin Creative Mail 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Creative Mail 1.5.4 and earlier versions contain a cross-site request forgery vulnerability...
Apache MINA 代码问题漏洞
Apache MINA is the United States Apache Apache Foundation of a web application framework. The product is mainly used to develop high-performance and highly scalable web applications. Apache MINA 2.9.1 and earlier versions suffer from a deserialization vulnerability that stems from the use of Java...
JGraph draw.io 跨站脚本漏洞
JGraph draw.io is a configurable chart/whiteboard visualization application for JGraph. A security vulnerability exists in JGraph draw.io versions prior to 20.5.2. An attacker could exploit this vulnerability to perform cross-site scripting attacks...
Metabase 输入验证错误漏洞
Metabase is an open source data analytics platform from the US-based Metabase, Inc. A security vulnerability exists in Metabase that stems from a custom GeoJSON map URL address that will follow a redirect to an address that is otherwise not allowed, such as a link to a local or private network...
Synology DiskStation Manager 竞争条件问题漏洞
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology, a Chinese company. The operating system manages information such as data, files, photos, music, etc. The Synology DiskStation Manager DSM has a competitive condition. A competing conditio...
Abode Iota 格式化字符串错误漏洞
Abode Iota is a reliable Diy home security system from Abode. A formatting string error vulnerability exists in Abode Iota versions 6.9X and 6.9Z, which stems from the fact that an attacker can send an authenticated, malicious HTTP request to its web interface/action/wirelessConnect functionality...
Trend Micro Apex One 缓冲区错误漏洞
Trend Micro Apex One is an endpoint protection software from Trend Micro, Inc. An out-of-bounds access vulnerability exists in the 2019 on-prem, SaaS version of Trend Micro Apex One, which could be exploited by an attacker to create specially crafted messages to cause memory corruption in a...
编号撤回
This CVE number has been withdrawn...
Open vSwitch 缓冲区错误漏洞
Open vSwitch is an open source virtual switch. A buffer error vulnerability exists in Open vSwitch versions v0.90.0 through v2.5.0, which stems from a heap buffer over-read in flow.c. An unsafe comparison of the minimasks function may result in access to unmapped memory regions, which can be...
Rocket.Chat 授权问题漏洞
Rocket.Chat is an open source team chat software. A security vulnerability exists in Rocket.Chat Mobile App versions prior to 4.14.1.22788, which stems from incorrect authentication and can be exploited by an attacker to bypass local authentication...