195539 matches found
Freebsd FreeBSD Competitive Conditions Problem Vulnerability
FreeBSD is a Unix-like operating system from the Freebsd Foundation. FreeBSD has a security vulnerability that can be exploited by an attacker to bypass restrictions via jail remove Unkilled Processes of FreeBSD to escalate his privileges...
GNOME Evolution Data Forgery Issue Vulnerability
GNOME Evolution is a suite of email client programs for the Gnome desktop environment for Linux. The program provides Email, calendar, meeting scheduling, contact management, and other features. A data forgery issue vulnerability exists in GNOME Evolution through 3.38.3, which stems from Evolutio...
TP-Link Tapo C110 格式化字符串错误漏洞
The TP-Link Tapo C110 is an indoor network camera produced by TP-Link Corporation. The TP-Link Tapo C110 v2 has a vulnerability related to formatted string handling. This vulnerability stems from improper processing of user control inputs in the ONVIF service. It is possible for authenticated...
Google Chrome 资源管理错误漏洞
Google Chrome is a cross-platform web browser developed by Google. It is primarily used for accessing web pages, running web applications, and providing various extended features. There is a resource management vulnerability in Google Chrome, which stems from improper handling of references after...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. In versions prior to 149.0.7827.115, there was a resource management vulnerability that stemmed from issues with reusing resources after their release in the Media component. This vulnerability could allow remote attackers to exploit heap...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. In versions prior to 149.0.7827.115, there was a resource management vulnerability that stemmed from the reuse of resources after they were released in Core. This vulnerability could allow remote attackers to execute arbitrary code through a...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google. Its main features include providing a fast, secure, and stable browsing experience. Google Chrome has a resource management vulnerability. This vulnerability stems from the Views component failing to properly handle the object lifecycle when...
Google Chrome 缓冲区错误漏洞
Google Chrome is a cross-platform web browser developed by Google. It primarily offers functions such as web browsing, extension support, and multi-tab management. Google Chrome has a privilege escalation vulnerability, which stems from the VideoCapture component failing to properly validate memo...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.19 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass issues during message reading operations, resulting in bypassing channel permissio...
Google Chrome 输入验证错误漏洞
Google Chrome is a cross-platform web browser developed by Google. It is primarily used for accessing the internet and running web applications. Google Chrome has a security vulnerability that stems from improper handling of implementation logic in extensions. A remote attacker can exploit this...
KanaDojo 安全漏洞
KanaDojo is an attractive and customizable Japanese learning platform developed by lingdojo. Versions of KanaDojo prior to 0.18.0 contained security vulnerabilities. These vulnerabilities were caused by sandbox escape attacks, allowing attackers to execute arbitrary code by passing the global...
Quest Bot 安全漏洞
Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the /automod add, /automod remove, and /automod list commands not having the required...
389 Directory Server 输入验证错误漏洞
389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. 389 Directory Server has a vulnerability related to input validation. This vulnerability stems from an integer overflow in the SASL I/O layer. In the function...
Apple macOS Sequoia 信息泄露漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 had a security vulnerability that stemmed from privacy concerns, potentially allowing applications to access sensitive user data...
Perry 路径遍历漏洞
Perry is a tool developed by Perry OpenSource that compiles TypeScript into native executable files. Versions of Perry prior to 0.5.1159 contained a path traversal vulnerability. This vulnerability allows malicious attackers to write arbitrary content to any writable location within the running...
vLLM 资源管理错误漏洞
vLLM is an open-source inference and service engine designed for LLM models, featuring high throughput and efficient memory usage. Version vLLM 0.8.0 and later contain a resource management vulnerability. This vulnerability stems from the unlimited frame counting in the VideoMediaIO.loadbase64...
VMware Spring Web Services 安全漏洞
VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are security vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the...
ImageMagick 安全漏洞
ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-24 contained security vulnerabilities due to lack of return value checking. On 32-bit...
Fission 操作系统命令注入漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.23.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the builder passing the Environment.spec.builder.command directly to...
libnfs 安全漏洞
libnfs is a network file system access client library developed by Ronnie Sahlberg. Versions of libnfs prior to 55c18ea contained security vulnerabilities; these vulnerabilities stemmed from unvalidated string sizes, which could lead to integer overflows when connecting to specially crafted NFS...
Palo Alto Networks PAN-OS 代码问题漏洞
Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a code vulnerability in Palo Alto Networks PAN-OS, which stems from memory corruption during tunnel traffic processing. This vulnerability could allow authenticated users to initiat...
Dulwich 路径遍历漏洞
Dulwich is a Python-based Git repository management interface developed by Jelmer Vernooij. Versions of Dulwich from 0.23.2 to 1.2.5 contained a path traversal vulnerability. This vulnerability stemmed from the porcelain.submoduleupdate method not verifying the submodule paths properly. As a...
Dulwich 路径遍历漏洞
Dulwich is a Python-based Git repository management interface developed by Jelmer Vernooij. Versions of Dulwich from 0.10.0 to 1.2.5 contained a path traversal vulnerability. This vulnerability stemmed from the fact that the path element verifier on Windows allowed filenames that were interpreted...
WordPress plugin Copy & Delete Posts 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
TDengine 数字错误漏洞
TDengine is an open-source, high-performance, cloud-native time series database developed by the TDengine company. There are digital error vulnerabilities in the TDengine 3.4.0.0 to 3.4.1.5 version. These vulnerabilities stem from unverified remote attackers sending specially crafted RPC packets,...
Fedify 安全漏洞
Fedify is a TypeScript library developed by Hong Minhee. It is used to build federated server applications that support ActivityPub and other standards. Versions of Fedify prior to 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3 have security vulnerabilities. These vulnerabilities stem from attackers...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Monterey prior to 12.4 contained security vulnerabilities due to memory corruption issues, which could lead to unexpected changes in shared memory between processes...
Fission 安全漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained a security vulnerability. This vulnerability stemmed from the lack of validation in the Environment.spec.runtime.podSpec/spec.builder.podSpec field. When using MergePodSpec,...
Fission 安全漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.23.0 contain security vulnerabilities. These vulnerabilities stem from the runtime Pod using the fission-fetcher ServiceAccount and automatically mounting tokens. User function code can rea...
389 Directory Server 安全漏洞
389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. There is a security vulnerability in 389 Directory Server, which stems from the fact that the length of the ocsuperior field is not taken into account when calculating...
Jenkins 安全漏洞
Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have security vulnerabilitie...
NSA Ghidra 资源管理错误漏洞
NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Prior to version 12.1 of NSA Ghidra, there was a resource management vulnerability. This vulnerability stemmed from iterator failures during the...
VMware Spring Data Commons 资源管理错误漏洞
VMware Spring Data Commons is a data access abstraction framework developed by VMware Corporation in the United States. Vulnerabilities exist in versions 4.0.0 and earlier, as well as versions 3.5.0 and earlier, 3.4.0 and earlier, 3.3.0 and earlier, 3.2.0 and earlier, 3.1.0 and earlier, 3.0.0 and...
VMware Spring AMQP 信任管理问题漏洞
VMware Spring AMQP is a message queue integration framework developed by VMware, Inc. There is a vulnerability related to trust management in VMware Spring AMQP. This vulnerability arises when configuring a proxy connection using RabbitConnectionFactoryBean.setUriamqps://…, without calling...
VMware Spring Data MongoDB 安全漏洞
VMware Spring Data MongoDB is a MongoDB data access framework developed by the American company VMware. There are security vulnerabilities in VMware Spring Data MongoDB versions 5.0.0 and earlier, as well as versions 4.5.0 and earlier, 4.4.0 and earlier, 4.3.0 and earlier, 4.2.0 and earlier, 4.1....
Spring Security 跨站脚本漏洞
VMware Spring Security is a security framework provided by the American company VMware, designed to provide descriptive security protection for Spring-based applications. VMware Spring Security has a cross-site scripting vulnerability, which allows attackers to manipulate values within...
SpiceDB 授权问题漏洞
SpiceDB is a fine-grained permission database developed by the Authzed team. In versions 1.15.0 to 1.52.0 of SpiceDB, there was an authorization vulnerability. This vulnerability stemmed from the caveat structure, which contained nested lists, potentially leading to improper caching reuse...
Microsoft DWM Core Library 资源管理错误漏洞
The Microsoft DWM Core Library is a core library of Microsoft Windows from the company Microsoft. There is a resource management vulnerability in the Microsoft DWM Core Library. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected:...
microsoft windows common log file system driver 资源管理错误漏洞
The Microsoft Windows Common Log File System Driver provides a high-performance, general-purpose log file subsystem. Dedicated client applications can utilize this subsystem, and multiple clients can share it to optimize log access. The Microsoft Windows Common Log File System Driver has a resour...
Microsoft Windows Media Center 缓冲区错误漏洞
Microsoft Windows Media is a series of media playback and management software developed by the American company Microsoft. There are security vulnerabilities in Microsoft Windows Media. Attackers can exploit these vulnerabilities to execute code. The following products and versions are affected:...
Microsoft Windows Ancillary Function Driver for WinSock 竞争条件问题漏洞
The Microsoft Windows Ancillary Function Driver for WinSock is a compatibility issue vulnerability in Winsock by Microsoft Corporation. Attackers can exploit this vulnerability to gain elevated privileges. The following products and versions are affected: Windows Server 2012 R2 Server Core...
Microsoft Windows Performance Monitor 数字错误漏洞
Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a vulnerability in input validation of Microsoft Windows. Attackers can exploit this vulnerability to execute code remotely. The following products and versions are affected: Windows 11...
Microsoft Windows TCP/IP 缓冲区错误漏洞
Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There are security vulnerabilities associated with Microsoft Windows TCP/IP. The following products and versions are affected: Windows Server 2022, Windows 11 Version...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability arises from the vgicitsinvalidatecache function, which incorrectly places an iteration pointer ...
SQLFluff 资源管理错误漏洞
SQLFluff is an open-source SQL linter that features flexible and configurable syntax. Versions of SQLFluff prior to 4.2.0 contained a resource management vulnerability. This vulnerability stemmed from the parser’s improper handling of malicious long SQL queries, which could lead to resource...
Adobe Experience Manager 输入验证错误漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
DBI 缓冲区错误漏洞
DBI is a Perl database interface tool developed under the open-source license of perl5-dbi. Versions of DBI prior to 1.648 contained a buffer error vulnerability. This vulnerability stemmed from the lack of length limitation when error messages were written into a 200-byte buffer, which could lea...
Microsoft Windows Narrator Braille 权限许可和访问控制问题漏洞
Microsoft Windows is an operating system used on personal devices by the American company Microsoft. There are code-related vulnerabilities in Microsoft Windows Narrator Braille. Attackers can exploit these vulnerabilities to gain higher privileges...