195539 matches found
Code-Projects Employee Management System SQL注入漏洞
Code-Projects Employee Management System is a Code-Projects open source employee management system . Code-Projects Employee Management System version 1.0 suffers from a SQL injection vulnerability that originates from the operation of the parameter pid by an unknown function in the /psubmit.php...
H3C Magic B0 安全漏洞
H3C Magic B0 is a small wireless router produced by H3C Corporation. The H3C Magic B0 100R002 and earlier versions have security vulnerabilities. These vulnerabilities stem from improper handling of parameters in the function EditBasicSSID5G within the file/goform/aspForm. This may lead to a remo...
New API SQL注入漏洞
The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.12.1 have a SQL injection vulnerability. This vulnerability originates from the SearchUserTopUps/SearchAllTopUps function in the model/topup.go file of the self Endpoint component, which may lead to...
SourceCodester Hospitals Patient Records Management System SQL注入漏洞
SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability stems from...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.6 contained security vulnerabilities. These vulnerabilities stemmed from the chat completion API, where tool IDs and server parameters were provided by users witho...
Turborepo 跨站请求伪造漏洞
Turborepo is a high-performance JavaScript and TypeScript build system open source by Vercel. Versions of Turborepo prior to 2.9.14 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of validation of the CSRF status value on the localhost callback in t...
phpMyFAQ 安全漏洞
phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of limits on the number of authentication attempts at the /admin/check endpoint, allowing...
WordPress plugin Essential Addons for Elementor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
vm2 安全漏洞
vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 have security vulnerabilities; these vulnerabilities stem from sandbox boundary violations. During...
Netty 环境问题漏洞
Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contained environmental issues. These issues stemmed from...
vm2 代码注入漏洞
vm2 is a high-level virtual machine/sandbox for Node.js developed by Patrik Simek from Czech Republic. It runs untrusted code using built-in Node modules listed in the allowlist. In versions 3.9.6 to 3.10.5 of vm2, there was a code injection vulnerability. This vulnerability stemmed from a bridgi...
Schneider Electric Saitel DR RTU和Schneider Electric Saitel DP RTU 路径遍历漏洞
Schneider Electric Saitel DR RTU and Schneider Electric Saitel DP RTU are both remote terminal devices from Schneider Electric, a French company. Both devices have a path traversal vulnerability. This vulnerability stems from improper path name restrictions, which may lead to unauthorized access ...
Onyx 安全漏洞
Onyx is an open-source AI large model platform developed by Onyx. Vulnerabilities exist in versions prior to Onyx 3.0.9, 3.1.6, and 3.2.6. These vulnerabilities stem from the POST /chat/stop-chat-session/chatsessionid endpoint checking authentication but failing to verify that the session belongs...
PhpSpreadsheet 跨站脚本漏洞
PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. Versions prior to PhpSpreadsheet 5.7.0, 3.10.5, 2.4.5, 2.1.16, and 1.30.4 contained a cross-site scripting vulnerability. This vulnerability stemmed from HTML writers skipping...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. The version of OpenClaw from 2026.4.7 to 2026.4.10 contains security vulnerabilities. These vulnerabilities stem from the lack of standardization of Discord event cover image parameters during sandbox media...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in DevTools, allowing attackers who persuade users to install malicious extensions to leak...
Flowise 命令注入漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior to Flowise 3.1.0, there was a command injection vulnerability in versions of the tool. This vulnerability stemmed from the lack of proper sandboxing mechanisms in the run method of the...
Seeyon OA A8 代码问题漏洞
Seeyon OA A8 is a collaborative office management system developed by the Chinese company Seeyon. There is a code vulnerability in Seeyon OA A8. This vulnerability stems from an unauthenticated file writing operation at the /seeyon/htmlofficeservlet endpoint. This could allow a remote attacker to...
Eclipse Jetty 授权问题漏洞
Eclipse Jetty is an open-source Java-based web server and Java Servlet container developed by the Eclipse Foundation. There is an authorization issue vulnerability in Eclipse Jetty, which stems from the fact that the JASPIAuthenticator does not clear the ThreadLocal variable. This can cause...
Open-Xchange OX Dovecot Pro 安全漏洞
Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. OX Dovecot Pro has a security vulnerability; this vulnerability arises from email messages that contain excessive RFC 2231 MIME parameters, which may lead to excessive CPU usage and...
HCCTG MPOS M6 PLUS 安全漏洞
HCCTG MPOS M6 PLUS is a mobile payment terminal device developed by HCCTG Corporation. The HCCTG MPOS M6 PLUS 1V.31-N version contains a security vulnerability, which stems from an authentication bypass in the Bluetooth Handler component...
glances 安全漏洞
Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.2 contained security vulnerabilities. These vulnerabilities stemmed from the use of untrusted advertisement names to construct connection URIs and retrieve keys under the Central Browser mode. This...
itsourcecode Online Doctor Appointment System SQL注入漏洞
itsourcecode Online Doctor Appointment System is an open-source online doctor appointment system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability, which stems from incorrect handling of the patientid parameter in the file admin/patientaction.php. This...
The Unofficial and Awesome Home Assistant MCP Server 跨站脚本漏洞
The Unofficial and Awesome Home Assistant MCP Server is an open-source component of the Unofficial Home Assistant AI Toolkit, designed to connect smart home platforms with AI assistants. Versions of the Unofficial and Awesome Home Assistant MCP Server prior to version 7.0.0 contained a cross-site...
Copyparty 跨站脚本漏洞
Copyparty is a portable file server developed by Ed’s individual developer. Versions of Copyparty prior to 1.20.12 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of the.prologue.html file, which could allow attackers to execute arbitrary JavaScri...
Microsoft Graphics Component 代码问题漏洞
The Microsoft Graphics Component is a graphics driver component developed by Microsoft Corporation. There are code-related vulnerabilities in the Microsoft Graphics Component. Attackers can exploit these vulnerabilities to cause system denial-of-service attacks. The following products and version...
Rocket.Chat 安全漏洞
Rocket.Chat is a chat software developed by the Rocket.Chat company. There were security vulnerabilities in versions prior to 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0. These vulnerabilities stemmed from authentication issues within the DDP Streamer service, where two-factor...
WordPress plugin Marcell 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
IBM Db2 安全漏洞
IBM Db2 is a relational database management system developed by IBM. The system can run on various operating systems such as UNIX, Linux, IBMi, z/OS, and Windows servers. Versions of IBM Db2 prior to 11.5.9 and 12.1.3 contain security vulnerabilities. These vulnerabilities stem from specific HADR...
Dell Unisphere for PowerMax 跨站脚本漏洞
Dell Unisphere for PowerMax is a graphical management platform developed by the American company Dell. The version 9.2.4.x of Dell Unisphere for PowerMax contains a cross-site scripting vulnerability, which arises from improper input handling and may lead to cross-site scripting attacks...
Microsoft Outlook 信息泄露漏洞
Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Outlook. The vulnerability stems from the application's inadequate protection of sensitive information and can be exploited by an attacker to conduc...
Keycloak security vulnerabilities
Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak, which stems from improper control of administrator API permissions. This vulnerability may allow restricted administrators to retrieve sensitive user attributes...
Dell PowerScale OneFS security vulnerabilities
Dell PowerScale OneFS is an operating system developed by the American company Dell. It provides a horizontally scalable NAS solution through the PowerScale OneFS operating system. Versions of Dell PowerScale OneFS prior to 9.13.0.0 contained a security vulnerability. This vulnerability stemmed...
WordPress plugin Hospital Doctor Directory has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Sandboxie Plus code issue and vulnerabilities
Sandboxie Plus is an open-source Windows sandboxing tool developed by Sandboxie Plus. Version 0.7.2 of Sandboxie Plus has a code vulnerability; this vulnerability stems from a service path in the SbieSvc service that lacks quotation marks, which may allow local attackers to execute code with...
Microsoft Windows SMB Server 竞争条件问题漏洞
Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server due to...
WordPress plugin WP Export Categories & Taxonomies 安全漏洞
...
Elastic Filebeat 安全漏洞
Elastic Filebeat is a lightweight data probe for forwarding and centralizing log data from Elastic Netherlands. A security vulnerability exists in Elastic Filebeat that stems from improper input validation and could lead to a buffer overflow and denial of service...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from an out-of-bounds read in the rtwgetie parser in rtl8723bs...
Brother iPrint&Scan 安全漏洞
Brother iPrint&Scan is a free application from Brother that allows you to print and scan from your Android device. A security vulnerability exists in Brother iPrint&Scan version 6.13.7 and earlier, which stems from improper use of the external cache directory and could result in files being...
Tuya多款产品 安全漏洞
Tuya Android SDK and others are products of Tuya China.Tuya Android SDK is a software development kit.Tuya iOS SDK is a software development kit.Tuya Smart App is a smart app. A security vulnerability exists in several Tuya products, which stems from an unvalidated state parameter in the OAuth...
Pi-hole Web Interface 跨站脚本漏洞
Pi-hole Web Interface is a dashboard web interface from Pi-hole open source. A cross-site scripting vulnerability exists in Pi-hole Web Interface versions prior to 6.3, which stems from improper input cleanup in the Address field and could lead to a cross-site scripting attack...
D-Link Nuclias Connect 安全漏洞
D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from an observable response difference vulnerability that stems from the...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform from HCL India. A security vulnerability exists in HCL AION version v2.0 that stems from allowing inline script execution in CSP environments...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unreleased temporary buffer that could lead to a memory leak...
Tuya Smart Life App 安全漏洞
Tuya Smart Life App is a smart home control app from Chinese company Tuya Tuya. A security vulnerability exists in Tuya Smart Life App version 5.6.1, which originates from an attacker being able to control the device without privileges via the Matter protocol...
Baicells多款产品 安全漏洞
Baicells Nova 436Q and others are products of Baicells, Inc.Baicells Nova 436Q is an advanced dual-carrier outdoor eNodeB eNB. Baicells Nova 227 and others are products of the company.Baicells Nova 227 is a miniature base station.Baicells NEUTRINO430 is an LTE base station. A security vulnerabili...
Mobile Security Framework 路径遍历漏洞
Mobile Security Framework MobSF is an automated all-in-one mobile application from Mobile Security Framework open source. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A path traversal vulnerability exists in...
Fortinet FortiWeb 安全漏洞
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A security vulnerability exists in Fortinet...
OpenMetadata 安全漏洞
OpenMetadata is OpenMetadata open source a unified discovery, observable and governance platform powered by a central metadata repository, deep along and seamless team collaboration. A security vulnerability exists in OpenMetadata 1.4.4 and earlier versions, which stems from an unvalidated...