195539 matches found
Lenovo Notebook Security Breach
Lenovo Notebook is a laptop computer from Lenovo, a Chinese company. The Lenovo Notebook suffers from a security vulnerability that originates from allowing an attacker to modify the secure boot settings by modifying the NVRAM variable...
WordPress Plugin ldap-ad-staff-employee-directory-search Access Control Error Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An access control error vulnerabili...
WordPress Plugin ldap-login-for-intranet-sites Access Control Error Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control error...
WordPress plugin FileOrganizer Access Control Error Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An Access Control Error vulnerability exist...
AMD DXE Driver Security Vulnerability
AMD DXE driver is a driver from UltraMicroelectronics AMD. A security vulnerability exists in AMD DXE Driver, which stems from improper initialization of variables in the driver, and could allow a privileged user to disclose sensitive information via local access...
NVIDIA DGX Buffer Error Vulnerability
NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A buffer error vulnerability exists in the NVIDIA DGX H100 BMC. An attacker could exploit this vulnerability to cause arbitrary kernel code execution, denial of service, privilege escalation, information...
SQLpage Information Disclosure Vulnerability
SQLpage is an SQL-only web application builder. It is designed to help data scientists, analysts, and business intelligence teams quickly build powerful data-centric applications without having to worry about any traditional Web programming languages and concepts. An information disclosure...
SaltStack Salt Security Vulnerabilities
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to 3005.2 or 3006.2, which stems from the fact that after...
Keylime 安全漏洞
Keylime is an open source extensible trust system for Keylime that utilizes TPM technology. A security vulnerability exists in Keylime that stems from a vulnerability that could allow bypassing the Poll Response Protocol during agent registration...
Exiv2 缓冲区错误漏洞
Exiv2 is a suite of C++ libraries and command line applications for managing image metadata. It provides the ability to read and write image metadata in a variety of formats including EXIF, IPTC and XMP. A buffer overflow vulnerability exists in Exiv2 version 0.27.1, which stems from a boundary...
Beijing Baichuo Smart S85F Management Platform 命令注入漏洞
Beijing Baichuo Smart S85F Management Platform is a management platform of Beijing Baichuo Company. Beijing Baichuo Smart S85F Management Platform suffers from a command injection vulnerability that originates in /log/decodmail.php and can lead to SQL injection...
ELECOM WRC-F1167ACF和WRC-1750GHBK 操作系统命令注入漏洞
The ELECOM WRC-F1167ACF and ELECOM WRC-1750GHBK are both wireless routers from ELECOM Japan. A security vulnerability exists in all versions of the ELECOM WRC-F1167ACF and WRC-1750GHBK that stems from the presence of an operating system command injection vulnerability. An attacker can exploit thi...
WordPress plugin Extensions for Leaflet Map 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android onCreate module has an authorization issue vulnerability that stems from a lack of permission checking in the onCreate module of ManagePermissionsActivity.java, with one possible way to bypass the Restore...
Intel Dynamic Tuning Technology Security Vulnerability
Intel Dynamic Tuning Technology is a U.S. Intel Intel company that enables smarter and more efficient performance management by dynamically tuning processor and system performance parameters. A security vulnerability exists in versions prior to Intel Dynamic Tuning Technology 8.7.10400.15482, whi...
Rails Security Vulnerabilities
Rails is an open source web application framework based on the Ruby language from the Rails team in the United States. A security vulnerability exists in Rails that stems from the redirectto method in Rails that allows values to be supplied that contain characters that are not legal in the HTTP...
FreeBSD Security Vulnerabilities
FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD versions 13.1 and 13.2, which stems from a buffer overflow vulnerability in the fwctl driver state machine. The vulnerability can be exploited to execute arbitrary code as root ...
HashiCorp Vault 安全漏洞
HashiCorp Vault is a private key access management tool from HashiCorp Inc. in the United States. A security vulnerability exists in HashiCorp Vault versions prior to 1.14.1, 1.13.5 and 1.13.5, which stems from the fact that HashiCorp's Vault and Vault Enterprise are vulnerable to a user...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab DAST scanner versions prior to 3.0.29...
Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System 代码问题漏洞
Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System is a Mountain Flood Disaster Prevention Monitoring and Early Warning System from Suncreate. A code issue vulnerability exists in Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System...
RWS WorldServer 安全特征问题漏洞
RWS WorldServer is a flexible, enterprise-class translation management system from RWS UK. A security vulnerability exists in RWS WorldServer version 11.7.3 and earlier, which stems from the presence of a session token enumeration issue...
vm2 代码注入漏洞
vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. A code injection vulnerability exists in vm2 3.9.19 and earlier versions, which stems from the ability to bypass handle...
Microsoft Raw Image Extension 安全漏洞
Microsoft Raw Image Extension is a software application from Microsoft. It enables you to view thumbnails and metadata for supported raw file formats directly in Windows File Explorer or view images in the Photos application. A security vulnerability exists in Microsoft Raw Image Extension. An...
Microsoft PostScript Printer Driver 安全漏洞
Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft Corporation USA. A security vulnerability exists in Microsoft PostScript Printer Driver. An attacker could exploit the vulnerability to remotely execute code. The following products a...
Siemens CP-8031 MASTER MODULE 命令注入漏洞
The SICAM A8000 RTUs Remote Terminal Units series is a modular device family for remote control and automation applications in all areas of energy supply. A command injection vulnerability exists in the Siemens SICAM A8000 Devices CPCI85 Firmware, which can be exploited by an attacker to execute...
tgstation-server 信息泄露漏洞
tgstation-server is a toolset for managing production BYOND servers. An information disclosure vulnerability exists in TGstation versions prior to 5.12.5, which originates from a username that can be discovered by forcing a login to the endpoint with an invalid password...
WordPress plugin Catalyst Connect Zoho CRM Client Portal 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
KylinSoft kylin-software-properties 安全漏洞
KylinSoft kylin-software-properties is an application from KylinSoft China. A security vulnerability exists in KylinSoft kylin-software-properties prior to version 0.0.1-130, which stems from incorrect access control...
WordPress plugin Yoast Local SEO 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Mitsubishi Electric MELSEC iQ-F Series 安全漏洞
The Mitsubishi Electric MELSEC iQ-F series is a programmable logic controller from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric MELSEC iQ-F Series, which is caused by a denial of service in a CPU module that writes more data to a buffer than the maximum...
WordPress plugin Auto Prune Posts 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
Weaver E-Office 代码问题漏洞
Weaver E-Office is a collaborative office system from China's Panavision Technologies Weaver. A code issue vulnerability exists in Weaver E-Office version 9.5, which stems from a problem with the file /inc/jquery/uploadify/uploadify.php, where manipulation of the parameter Filedata can result in...
WordPress Plugin Booqable Rental 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Microsoft Visual Studio Code 安全漏洞
Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A security vulnerability exists in Microsoft Visual Studio Code. An attacker exploits the vulnerability to perform spoofing attacks...
WordPress plugin WP BaiDu Submit 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Jellyfin 跨站脚本漏洞
Jellyfin is a freeware media system. It allows you to control the management and streaming of media. It is an alternative to the proprietary Emby and Plex, and can serve media from a dedicated server to end-user devices through multiple applications. Jellyfin suffers from a cross-site scripting...
phpMyFAQ 跨站脚本漏洞
phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ Cross-Site Scripting Vulnerability. No information about this vulnerability is available at this time, so stay tuned to CNNVD or vendor...
XWiki Commons 跨站脚本漏洞
XWiki Commons is a technology library shared by several other top XWiki projects. A cross-site scripting vulnerability exists in XWiki Commons, which stems from the fact that when the parameter content is set to true, the RSS macro bundled with XWiki contains the content of feed items without any...
SourceCodester Employee and Visitor Gate Pass Logging System SQL注入漏洞
Employee and Visitor Gate Pass Logging System is an employee and visitor pass logging system by Carlo Montero, an individual developer. SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 suffers from a SQL injection vulnerability that stems from a problem in the file...
Microsoft PostScript Printer Driver安全漏洞
Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft.Microsoft PCL6 Class Printer Driver is a printer driver from Microsoft. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft. A remote code execution...
Online Computer and Laptop Store SQL注入漏洞
Online Computer and Laptop Store is an online computer and laptop store. An SQL injection vulnerability exists in Online Computer and Laptop Store v1.0, which originates from the function deleteorder in /classes/master.php?f=deleteorder where the parameter id of deleteorder lacks validation for...
WordPress Plugin Broken Link Checker 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin YourChannel 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...
Generex UPS CS141 代码问题漏洞
The Generex UPS CS141 is a microcomputer from the German company Generex. A security vulnerability exists in the Generex UPS CS141 prior to version 2.06, which stems from a vulnerability that allows an attacker to upload a firmware file containing a webshell...
Mattermost 信息泄露漏洞
Mattermost is an open source collaboration platform from US-based Mattermost. Mattermost suffers from a message disclosure vulnerability that stems from allowing an attacker to disclose the contents of linked messages by requesting a preview of an existing message when creating a new message via ...
TP-LINK Tapo C310 信任管理问题漏洞
TP-LINK Tapo C310 is a security camera from China P&L TP-LINK. A security vulnerability exists in the TP-LINK Tapo C310 that stems from the presence of unauthorized video streaming access...
WordPress Plugin WP-CommentNavi 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
VISAM VBASE 代码问题漏洞
VISAM VBASE is a data acquisition and monitoring system from VISAM Germany. A code issue vulnerability exists in VISAM VBASE Automation Base prior to version 11.7.5, which stems from an improper restriction on XML external entity references, and can be exploited by an attacker to trick a user int...
GPAC 资源管理错误漏洞
GPAC is an open source multimedia framework. A resource management error vulnerability exists in GPAC version 2.3-DEV-rev35-gbbca86917-master, which stems from the presence of an unknown function in the file filters/loadtext.c, resulting in a buffer overflow...
Covid-19 Directory On Vaccination System 跨站脚本漏洞
The Covid-19 Directory On Vaccination System is a COVID-19 information management system by an individual developer in Ndueso Okorie, Nigeria. The system will accurately store and retrieve information about COVID-19 vaccinations in order to control the spread of a pandemic. A cross-site scripting...