195539 matches found
WordPress plugin Mega Addons 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Passport-wsfed-saml2 安全漏洞
Passport-wsfed-saml2 is an Auth0 open source token authentication provider. A security vulnerability exists in Passport-wsfed-saml2 version 4.6.2 and earlier, which can be exploited by an attacker to bypass WSFed authentication on a website using passport-wsfed-saml2...
Microsoft SharePoint 安全漏洞
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft Corporation USA. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information.A remo...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Live Caption, which can be exploited by attackers to execute arbitrary code on a system or cause a denial of service...
VideoLAN VLC media player 输入验证错误漏洞
VideoLAN VLC media player is a free, open source cross-platform multimedia player also a multimedia framework organized by VideoLAN France. The product supports playback of multiple media files, CD-ROMs, etc., multiple audio and video formats WMV, MP3, etc., etc. A security vulnerability exists i...
WAVLINK WN531G3 安全漏洞
The WAVLINK WN531G3 is a wireless router from China's RuiYin Technology WAVLINK. The WAVLINK WN531G3 M31G3.V5030.201204 version and M31G3.V5030.200325 version contain an access control error vulnerability that can be exploited by an attacker to download configuration data and log files...
WordPress plugin Easy Digital Downloads 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...
WordPress plugin Creative Mail 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Creative Mail 1.5.4 and earlier versions contain a cross-site request forgery vulnerability...
Apache MINA 代码问题漏洞
Apache MINA is the United States Apache Apache Foundation of a web application framework. The product is mainly used to develop high-performance and highly scalable web applications. Apache MINA 2.9.1 and earlier versions suffer from a deserialization vulnerability that stems from the use of Java...
JGraph draw.io 跨站脚本漏洞
JGraph draw.io is a configurable chart/whiteboard visualization application for JGraph. A security vulnerability exists in JGraph draw.io versions prior to 20.5.2. An attacker could exploit this vulnerability to perform cross-site scripting attacks...
Metabase 输入验证错误漏洞
Metabase is an open source data analytics platform from the US-based Metabase, Inc. A security vulnerability exists in Metabase that stems from a custom GeoJSON map URL address that will follow a redirect to an address that is otherwise not allowed, such as a link to a local or private network...
Synology DiskStation Manager 竞争条件问题漏洞
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology, a Chinese company. The operating system manages information such as data, files, photos, music, etc. The Synology DiskStation Manager DSM has a competitive condition. A competing conditio...
Abode Iota 格式化字符串错误漏洞
Abode Iota is a reliable Diy home security system from Abode. A formatting string error vulnerability exists in Abode Iota versions 6.9X and 6.9Z, which stems from the fact that an attacker can send an authenticated, malicious HTTP request to its web interface/action/wirelessConnect functionality...
Human Resource Management System 安全漏洞
Human Resource Management System is a human resource management system by maverickosama Personal Developer. A security vulnerability exists in Human Resource Management System, which originates from an unknown function in employeeview.php in the Image File Handler, and can be exploited by an...
Trend Micro Apex One 缓冲区错误漏洞
Trend Micro Apex One is an endpoint protection software from Trend Micro, Inc. An out-of-bounds access vulnerability exists in the 2019 on-prem, SaaS version of Trend Micro Apex One, which could be exploited by an attacker to create specially crafted messages to cause memory corruption in a...
编号撤回
This CVE number has been withdrawn...
Open vSwitch 缓冲区错误漏洞
Open vSwitch is an open source virtual switch. A buffer error vulnerability exists in Open vSwitch versions v0.90.0 through v2.5.0, which stems from a heap buffer over-read in flow.c. An unsafe comparison of the minimasks function may result in access to unmapped memory regions, which can be...
Rocket.Chat 授权问题漏洞
Rocket.Chat is an open source team chat software. A security vulnerability exists in Rocket.Chat Mobile App versions prior to 4.14.1.22788, which stems from incorrect authentication and can be exploited by an attacker to bypass local authentication...
WhatsApp 输入验证错误漏洞
WhatsApp is a suite of mobile applications from the American company WhatsApp that use the Internet to send text messages. The application uses the contact information in a smartphone to find contacts using the software to transmit text, images, etc. WhatsApp suffers from a security vulnerability...
Cargo 路径遍历漏洞
Cargo is a Rust package manager open-sourced by The Rust Programming Language. A path traversal vulnerability exists in versions of Cargo prior to 0.65.0, which stems from extracting a malicious crate that could corrupt arbitrary files...
WordPress plugin Beaver Builder – WordPress Page Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Beaver Builder - A...
Apache IoTDB 授权问题漏洞
Apache IoTDB is an integrated data management engine designed for time-series data from the Apache Foundation that provides data collection, storage, and analysis services, etc. An authorization issue vulnerability exists in Apache IoTDB version 0.13.0, which stems from vulnerability to session i...
WordPress plugin Mailchimp for WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
Simple Online Book Store System 跨站脚本漏洞
Simple Online Book Store System is a simple online bookstore system by Carlo Montero, an individual developer. Simple Online Book Store System suffers from a cross-site scripting vulnerability, which stems from an unknown function in its /admin/edit.php component that operates on the parameter ei...
Microsoft Visual Studio 安全漏洞
Microsoft Visual Studio is a family of development tool suites from Microsoft Corporation USA and a largely complete development toolset that includes most of the tools needed throughout the software lifecycle. A security vulnerability exists in Microsoft Visual Studio. The following products and...
Microsoft Visual Studio 代码注入漏洞
Microsoft Visual Studio is a family of development tool suites and a fundamentally complete set of development tools from Microsoft Corporation USA that includes most of the tools needed throughout the software life cycle. A code injection vulnerability exists in Microsoft Visual Studio. The...
WordPress Plugin Google Authenticator 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Mealie 跨站脚本漏洞
Mealie is a self-hosted recipe manager and meal planner by an individual developer in Hayden, USA. A cross-site scripting vulnerability exists in Mealie version 1.0.0beta3. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected...
QPDF 缓冲区错误漏洞
QPDF is a software application. A C++ library and a set of programs that examine and manipulate the structure of PDF files. A security vulnerability exists in QPDF version v8.4.2, which stems from the discovery of a heap buffer overflow vulnerability via the function QPDF::processXRefStream...
Drupal 访问控制错误漏洞
Drupal is an open source content management system developed in PHP by the Drupal community. An Access Control Error vulnerability exists in Drupal versions prior to 9.3.19 and prior to 9.4.3 that stems from improperly restricted access. A remote attacker could use this vulnerability to alter dat...
Advantech iView SQL注入漏洞
Advantech Iview, a software based on Simple Network Protocol SNMP for managing B B SmartWorx devices from Advantech, China, is vulnerable to a SQL injection vulnerability in Advantech iView, which stems from a special element used in SQL commands that is not neutralized. An unauthorized attacker...
OFFIS DCMTK 代码问题漏洞
OFFIS DCMTK is a collection of libraries and applications from OFFIS Germany that implement most of the DICOM standards. Software for inspecting, building and converting DICOM image files, processing offline media, sending and receiving images over a network connection, and demonstrating image...
Jenkins Plugin Embeddable Build Status 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Embeddable Build Status Plugin ha...
Citrix Application Delivery Management 安全漏洞
Citrix Application Delivery Management ADM is an application delivery management system from Citrix. The system provides centralized network and application management functions. A security vulnerability exists in Citrix Application Delivery Management that originates from allowing an...
radare2 缓冲区错误漏洞
radare2 is a set of libraries and tools for working with binary files. A security vulnerability exists in radare2 versions prior to 5.7.0 that originates from uninitialized pointer access...
Cisco Common Services Platform Collector 跨站脚本漏洞
Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...
EventSource 信息泄露漏洞
EventSource is a pure JavaScript implementation of the EventSource client. An information disclosure vulnerability exists in versions of EventSource prior to 2.0.2, which originates from exposing sensitive information to an unauthorized Actor...
Microsoft Office 安全特征问题漏洞
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and others. A security feature issue vulnerability exists in Microsoft Office. The following products an...
Fortinet FortiIsolator 安全漏洞
Fortinet FortiIsolator is a Fortinet USA application that provides remote security isolation capabilities for browsers. The application adds additional advanced threat protection capabilities to the Fortinet Security Fabric and protects business-critical data from sophisticated threats on the Web...
Red Lion DA50N 安全漏洞
Red Lion DA50N is a series of secure edge network gateways from Red Lion, U.S.A. A security vulnerability exists in the Red Lion DA50N that could be exploited by an attacker to gain access to stored credentials and thereby gain access to protected resources...
Red Lion DA50N 数据伪造问题漏洞
The Red Lion DA50N is a series of secure edge network gateways from Red Lion, U.S.A. The Red Lion DA50N is vulnerable to a data forgery issue that stems from the possibility that an authorized user could install a maliciously modified package file when updating the device via the Web UI, and that...
jc21 Nginx Proxy Manager 跨站脚本漏洞
jc21 Nginx Proxy Manager is a graphical user interface for managing Nginx servers. jc21 Nginx Proxy Manager versions prior to 2.9.17 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could...
pgAdmin 代码问题漏洞
pgAdmin is an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin 4 versions prior to 6.7, which stems from the software's inability to validate the path of a file uploaded by a user, resulting in a path traversal...
FreeTAKServer 访问控制错误漏洞
FreeTAKServer is an open source lightweight server from the FreeTAKTeam team. It is used to connect to TAK clients. FreeTAKServer suffers from an access control error vulnerability, which stems from the fact that Endpoint/ManageRoute/postRoute can be accessed without authentication, and can be...
Yokogawa Exaopc 权限许可和访问控制问题漏洞
Yokogawa Electric is a server of Yokogawa Electric Yokogawa, a Japanese company. A security vulnerability exists in Yokogawa Electric. The vulnerability stems from the "Long-term Data Archive Package" service creating named pipes with incorrect ACL configurations. The following products and...
phpMyAdmin 信息泄露漏洞
phpMyAdmin is a free, web-based MySQL database management tool from the Phpmyadmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin 5.1.1 and prio...
Openmct 跨站脚本漏洞
Nasa Openmct is an open source open mission control technology from NASA, Inc. It is used to visualize data on desktop and mobile devices. A cross-site scripting vulnerability exists in Openmct up to version 1.7.7, which stems from the software's lack of effective filtering and escaping of...
Sourceforge mbsync 缓冲区错误漏洞
Sourceforge mbsync is an application from the Sourceforge community in the United States. It provides synchronization of remote IMAP mailboxes with local maildir-style mailboxes. Sourceforge mbsync suffers from a buffer error vulnerability that stems from the fact that due to insufficient handlin...
Snapd 输入验证错误漏洞
Snapd is an open source, cross-platform package management tool. snapd is vulnerable to an input validation error that could be exploited to allow snap to escape strict snap restrictions by injecting arbitrary AppArmor policy rules through misformatted content interfaces and layout statements...