195539 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from an out-of-bounds read vulnerability that stems from an out-of-bounds read problem in the parseleasestate method of the KSMBD implementation of the...
Froxlor 安全漏洞
Froxlor is a lightweight server management software from the Froxlor team. A security vulnerability exists in Froxlor versions prior to 2.0.13, which stems from the ability to log in with a password that is stored in the database as an MD5 hash, leading to type obfuscation in PHP, which can be...
Red Hat Directory Server 信任管理问题漏洞
Red Hat Directory Server is a commercial version of the Linux directory server from Red Hat. A security vulnerability exists in Red Hat Directory Server 11 and 12, which stems from an attempt by LDAP to decode the userPassword attribute instead of the userCertificate attribute when browsing for...
Nautobot 安全漏洞
Nautobot is a web automation platform by the individual developers of Nautobot. A security vulnerability exists in Nautobot versions prior to 1.5.7, which can be exploited by an attacker to conduct a potential remote code execution attack via maliciously crafted template code...
Fortinet FortiWeb 路径遍历漏洞
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A path traversal vulnerability exists in...
Dell EMC Unity 加密问题漏洞
Dell EMC Unity is a unified storage array product from Dell, a U.S. company. versions prior to Dell EMC Unity 5.2.0.0.5.173 have an encryption issue vulnerability that stems from the use of corrupted encryption algorithms, which can be exploited by a remote, unauthenticated attacker to obtain...
WordPress plugin Simple URLs 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
WordPress plugin Interactive Geo Maps 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
VMware vRealize Log Insight 路径遍历漏洞
VMware vRealize Log Insight is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A security vulnerability exists in VMware vRealize Log Insight. An unauthenticated attacker could inject files into the operating system of an...
Jenkins Plugin Keycloak Authentication 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
WordPress plugin The WP Statistics SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...
IBM Cognos Analytics 代码问题漏洞
IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A server-side request forgery...
WordPress plugin Checkout for PayPal 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
TYPO3 授权问题漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. An authorization issue vulnerability exists in TYPO3 Core, which can be exploited by an attacker to bypass TYPO3 Core restrictions via Frontend Login in order to gain user privileges...
WordPress plugin Easy Digital Downloads 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...
Google TensorFlow 代码问题漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that stems from the lack of proper validation of user-supplied data by Bcast::ToShape, which can be exploited by an attacker to cau...
WordPress plugin wpForo Forum 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
Cisco Firepower Management Center 跨站脚本漏洞
Cisco Firepower Management Center FMC is a new generation of firewall management center software from the United States Cisco Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which could be exploited by a remote, authenticated attacker to conduct an XSS...
Microsoft SharePoint 安全漏洞
Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code...
Splunk 代码注入漏洞
Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...
NSS 安全漏洞
NSS is an underlying cryptography library from the Mozilla Foundation. The library supports a variety of cryptographic algorithms, and the Firefox browser's TLS implementation is based on this library. A security vulnerability exists in NSS that stems from a crash without a user's credentials in...
Human Resource Management System 安全漏洞
Human Resource Management System is a human resource management system by maverickosama Personal Developer. A security vulnerability exists in Human Resource Management System, which originates from an unknown function in employeeview.php in the Image File Handler, and can be exploited by an...
Puppet 安全漏洞
Puppet is a set of client/server C/S architecture-based configuration management tools from Puppet Labs in the United States, which can be used to manage configuration files, users, cron tasks, packages, system services, etc. A command injection vulnerability exists in puppet puppetlabs-mysql...
WordPress plugin Awesome Filterable Portfolio 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
Kubernetes 安全漏洞
Kubernetes K8s is an open source system from the Cloud Native Computing Foundation for automating the deployment, scaling, and management of containerized applications. A security vulnerability exists in Kubernetes. No information about this vulnerability is available at this time, so stay tuned ...
Cargo 资源管理错误漏洞
Cargo is a Rust package manager open-sourced by The Rust Programming Language. A resource management error vulnerability exists in versions of Cargo prior to 0.65.0, which stems from the extraction of a malicious crate that can fill the filesystem...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS is vulnerable to an authorization issue stemming from improper privilege management in the HwChrService module, which could be exploited b...
Helm 资源管理错误漏洞
Helm is a Kubernetes package manager. Helm version 3.9.3 and earlier are vulnerable to a resource management error that stems from a fuzz test provided by CNCF that identifies input to a function in the strvals package that could cause an out-of-memory panic. No detailed vulnerability details are...
Tenda AC18 安全漏洞
Tenda AC18 is a router from Tenda China. A security vulnerability exists in Tenda AC18 version V15.03.05.05, which originates from a vulnerability that allows an attacker to achieve remote command execution...
HDF5 Group libhdf5缓冲区错误漏洞
HDF5 Group libhdf5 is a high performance data management and storage suite from HDF5 Group, Inc. A buffer error vulnerability exists in HDF5 Group libhdf5 version 1.10.4, which stems from a specially crafted GIF file that can lead to code execution, and can be exploited by an attacker to trigger...
WordPress plugin Duplicate Page and Post 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Autodesk 3ds Max 安全漏洞
Autodesk 3ds Max is a full-featured, three-dimensional computer graphics software from the American company Autodesk. A security vulnerability exists in Autodesk 3ds Max versions 2022, 2021, and 2020, which stems from the presence of a stack-based buffer overflow that can lead to code execution...
F5 BIG-IP 输入验证错误漏洞
NGINX Ingress Controller is an application from F5 that works with NGINX and NGINX Plus and supports the standard ingress features - content-based routing and TLS / SSL offload. Ingress objects can be exploited by an attacker to obtain all available secret objects in the NGINX Ingress Controller...
Trend Micro VPN Proxy Pro 安全漏洞
Trend Micro VPN Proxy Pro is one of the best virtual private network services from Trend Micro. A security vulnerability exists in Trend Micro VPN Proxy Pro version 5.2.1026 and prior versions. A local attacker could exploit the vulnerability to gain elevation of privilege on affected systems...
BookWyrm 跨站脚本漏洞
BookWyrm is a social reading platform. A cross-site scripting vulnerability exists in BookWyrm versions prior to 0.4.1, which stems from not properly cleaning up the html presented to the user, and is exploited by an attacker to perform cross-site scripting attacks...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability caused by a lack of The vulnerability is caused by a lack of permission checking in the getSubscriptionProperty of SubscriptionController.java. An...
jsrsasign 数据伪造问题漏洞
The jsrsasign package is an open source cryptographic library from the individual developer Kenji Urashima in Japan. A security vulnerability exists in jsrsasign versions prior to 10.5.25, which stems from a vulnerability to incorrect validation of cryptographic signatures when JWS or JWT...
TrueConf Server 跨站脚本漏洞
TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server contains a cross-site scripting vulnerability that could be exploited by remote attackers to perform basic cross-site scripting Reflected attacks...
Motorola Solutions ACE1000 数据伪造问题漏洞
The Motorola Solutions ACE1000 is a remote terminal unit from Motorola Solutions USA. A data forgery vulnerability exists in the Motorola Solutions ACE1000 version that originates from allowing custom applications to be installed via the STS software, the C Toolkit, or the ACE1000 Easy...
Directus 代码问题漏洞
Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A code issue vulnerability exists in Directus versions v9.0.0-beta.2 through 9.6.0, which stems from a server-side request forgery SSRF vulnerability in the media upload feature. An attacker could us...
Dell SupportAssist Client 路径遍历漏洞
Dell SupportAssist Client is a client application from Dell USA. The program provides automated, proactive and predictive techniques for troubleshooting, etc. Dell SupportAssist Client Consumer and Dell SupportAssist Client Commercial are vulnerable to an arbitrary file deletion/overwrite...
Firejail 权限许可和访问控制问题漏洞
Firejail is a SUID sandbox program written in C. A security vulnerability exists in Firejail version 0.9.68, which can be exploited by an attacker to gain root privileges...
Illumina Local Run Manager 安全漏洞
Illumina Local Run Manager is an integrated solution from Illumina, Inc. Designed to create sequencing runs, monitor run status, analyze sequencing data, and view results, Illumina Local Run Manager contains an information disclosure vulnerability that could be exploited by remote attackers to...
GitLab 跨站脚本漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab Community Edition and GitLab...
Google Chrome 权限许可和访问控制问题漏洞
Google Chrome is a web browser from Google, Inc. A privilege permission and access control issue vulnerability exists in Google Chrome versions 70.0.3538.67 through 101.0.4951.67, which stems from insufficient policy enforcement in the file system API. A remote attacker could exploit the...
WordPress plugin WP Subtitle 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in versions of WordPress prior to WP Subtitles plugin...
Progress Software WhatsUp Gold 信息泄露漏洞
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold versions 16.1 through...
Microsoft Visual Studio 输入验证错误漏洞
Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. A remote code execution vulnerability exists in Microsoft Visual Studio that originates when a...