195539 matches found
SPIP 信息泄露漏洞
SPIP is a Web-based content distribution system used primarily for online collaboration. A security vulnerability exists in SPIP, which stems from a web-based system or product that does not properly restrict access to resources from unauthorized roles. An unauthenticated attacker could use this...
SAP Fiori 跨站脚本漏洞
SAP Fiori, a user experience UX design system for SAP applications from SAP, Germany, provides designers and developers with a set of tools and guidelines to quickly develop applications for any platform, delivering a consistent, innovative experience for creators and users. A cross-site scriptin...
Autodesk AutoCAD 缓冲区错误漏洞
Autodesk AutoCAD is a suite of professional 3D drawing software from the American company Autodesk. A buffer error vulnerability exists in Autodesk AutoCAD DWF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the affected Autodesk AutoCAD. The...
Elastic Stack Kibana 安全漏洞
Elasticsearch Kibana is an open source, browser-based analysis and search Elasticsearch dashboard tool from the Dutch company Elasticsearch.Elasticsearch Kibana is vulnerable to an authorization issue that could be exploited by an attacker to create new alert rules or override existing rules...
Qt 路径遍历漏洞
Qt is a cross-platform C application development framework from the Norwegian company Qt. It is widely used for developing GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers.Qt versions prior to...
usbredirparser 资源管理错误漏洞
usbredirparser is checking header length deserialized data. A resource management error vulnerability exists in usbredirparser that stems from a use-after vulnerability found in usbredirparser serialize in usbredirparser usbredirparser.c in versions of usbredirparser prior to 0.11.0. This issue...
Dell Wyse Device Agent 信息泄露漏洞
Wyse Device Agent is a unified agent for all thin client management solutions from Dell, U.S.A. Wyse Device Agent is vulnerable to an information disclosure vulnerability due to excessive data exported by the application. An attacker could exploit the vulnerability to access potentially sensitive...
Gravitl Netmaker 安全漏洞
Gravitl Netmaker is a platform for creating and managing fast, secure and dynamic virtual overlay networks using WireGuard from Gravitl USA. for creating and controlling automated virtual networks. Gravitl Netmaker has a security vulnerability that stems from the use of hard-coded encryption keys...
Snapd 输入验证错误漏洞
Snapd is an open source, cross-platform package management tool. snapd is vulnerable to an input validation error that could be exploited to allow snap to escape strict snap restrictions by injecting arbitrary AppArmor policy rules through misformatted content interfaces and layout statements...
Cisco Email Security Appliance 安全漏洞
The Cisco Email Security Appliance ESA is an email security appliance from Cisco, U.S.A. A resource management error vulnerability exists in the Cisco Email Security Appliance DNS Verification, which could be exploited by an attacker to cause the appliance to be inaccessible from the management...
Jenkins 插件 信息泄露漏洞
Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins HashiCorp Vault Plugin 3.8.0 and earlier versions are vulnerable to an information disclosure vulnerability that...
Microsoft SharePoint 代码问题漏洞
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft Corporation USA. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. remot...
Fortinet FortiOS 信任管理问题漏洞
Fortinet FortiOS is a security operating system from Fortinet, Inc. that is designed to be used on the FortiGate network security platform. A security vulnerability exists in Fortinet FortiOS, which stems from the use of hard-coded encryption keys that could allow an attacker to retrieve the keys...
D-Link DIR-809 缓冲区错误漏洞
A buffer error vulnerability exists in the D-Link DIR-809, a dual-band router from D-Link China. The vulnerability stems from the failure of the sub80046EB4 function in the product/formSetPortTr link to effectively determine data boundaries. An attacker could cause a buffer overflow resulting in ...
Hyperledger Fabric 代码问题漏洞
Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used to develop solutions and applications. A code issue vulnerability exists in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0, which can be exploited by an attacker by constructing a message with a payload of zero and...
Hitachi Energy Relion 访问控制错误漏洞
Hitachi Energy Relion is used by Hitachi Energy Switzerland to protect, control, measure, and monitor power systems. A security vulnerability exists in the internal database access mechanism of the Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600, which arises from the product'...
Microsoft Power BI Report Server 跨站脚本漏洞
Microsoft Power BI Report Server is a Microsoft server-side application for managing and sharing business analysis reports. A cross-site scripting vulnerability exists in Microsoft Power BI Report Server. The following products and versions are affected: Microsoft Power BI Report Server...
stb 安全漏洞
stb is a single-file public domain library for C/C. stbimage.h is one of the image loaders. stb stbimage.h contains a security vulnerability that stems from the HDR loader parsing truncated file-tailed RLE scan lines into an infinitely long zero-length sequence. An attacker could cause a denial o...
Ecoa Bas controller 信任管理问题漏洞
ECOA BAS controller is a BAS controller developed by Ecoa Technologies Corp in Taiwan, China. ECOA BAS controller is vulnerable to hard-coded credentials, which can be exploited by attackers to directly log in and gain administrator control privileges...
SAMSUNG SMR 安全漏洞
SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. The patch program is provided for Samsung cell phone applications. SAMSUNG SMR has a security vulnerability that originates from an improperly designed or implemented code development process for a networked syst...
Git 处理逻辑错误漏洞
Git is a free, open source distributed version control system. Git suffers from a Processing Logic Error vulnerability that stems from the fact that gitconnectgit in connect.c in Git prior to version 2.30.1 allows repository paths to contain line breaks, which can lead to unexpected cross-protoco...
ZEIT Next.js 跨站脚本漏洞
ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. Next.js versions 10.0.0 to 11.0.0 have a cross-site scripting vulnerability that can be exploited by attackers to execute arbitrary js commands...
D-Link DSL-2750U 操作系统命令注入漏洞
The D-Link DSL-2750U is a wireless N 300 ADSL2 modem router. an OS command injection vulnerability exists in the D-Link DSL-2750U ME1.16 and earlier versions. An attacker could exploit this vulnerability in combination with other vulnerabilities to execute arbitrary OS commands...
Cpanel 代码问题漏洞
Cpanel is a set of Web-based automated colocation platform from Cpanel, Inc. in the United States. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions prior to cPanel 98.0.1, which can be exploited to perform a...
Xfig fig2dev 缓冲区错误漏洞
fig2dev is used to convert .fig files to various graphics languages and formats. A stack buffer overflow vulnerability exists in the genptktext component of genptk.c in fig2dev version 3.2.7b. An attacker could exploit this vulnerability to cause a denial of service by converting xfig files to pt...
Rust 命令注入漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a command injection vulnerability that can be exploited by attackers to cause data contention and memory corruption due to data contention...
Apple macOS 权限许可和访问控制问题漏洞
Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. The macOS is vulnerable to a privilege permission and access control issue, which exists due to improperly imposed security restrictions within IOUSBHostFamily. A local...
Joomla! CMS 输入验证错误漏洞
is a set of forum components used in the Joomla! content management system. Joomla! is vulnerable to an input validation error in versions 2.5.0 to 3.9.27, which can be exploited by attackers to cause corruption in the usergroups table...
Philips Vue PACS 安全漏洞
Philips Vue PACS is an image management solution from Philips Europe. A security vulnerability exists in Philips Vue PACS. The vulnerability allows an unauthorized person or process to eavesdrop, view or modify data, gain access to the system, execute code, install unauthorized software, or affec...
WordPress 插件 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A security vulnerability exists in the Smooth Scroll Page...
Apache Dubbo 代码问题漏洞
Apache Dubbo is the Apache Foundation's Java-based high-performance open source RPC framework. A deserialization vulnerability exists in Apache Dubbo versions prior to 2.7.8 and 2.6.9. An attacker can use this vulnerability to further exploit by tampering with byte leading flags and specifying a...
Tenancy multi-tenant 输入验证错误漏洞
Tenancy multi-tenant is an open source multi-domain controller. Tenancy multi-tenant suffers from an open redirection vulnerability that can be exploited by an attacker to redirect a user's site to any other site using a specially crafted URL...
Arm Mali GPU 资源管理错误漏洞
The ARM Arm Mali GPUs are a family of mobile display chipsets GPUs from the British company ARM. Like other 3D display chips based on IP cores embedded technology, the Mali display chipset does not provide a display controller similar to a graphics card specifically designed to drive an LCD monit...
Jenkins 跨站脚本漏洞
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...
Fibaro Home Center 2 安全漏洞
FIBARO Home Center 2 is an application system of the Polish company FIBARO. A system integration system. A security vulnerability exists in Fibaro Home Center 2 that stems from the fact that communications between users and devices can be eavesdropped on to hijack sessions, tokens, and passwords...
Microsoft SharePoint 输入验证错误漏洞
SharePoint is a web-based collaboration platform that integrates with Microsoft Office.SharePoint Server is one of the versions of SharePoint that is installed on a customer's IT infrastructure and is designed to give an organization greater control over the behavior or design of...
Microsoft Windows 安全特征问题漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation. Microsoft Windows is vulnerable to a security feature issue. The following products and editions are affected: Windows 10 Version 1803 for 32-bit Systems,Windows 10 Version 180...
Invigo Automatic Device Management 操作系统命令注入漏洞
Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. An arbitrary OS command injection vulnerability exists in /admin/admapi.php in...
WordPress plugin Paid Memberships Pro SQL注入漏洞
WordPress plugin Paid Memberships Pro is an open source application plugin for WordPress. The plugin is designed for premium content sites, clubs/associations, subscription products, newsletters and more. Paid Memberships Pro versions prior to 2.5.6 suffers from a SQL injection vulnerability that...
TYPO3 跨站脚本漏洞
TYPO3 is a free and open source content management system. A cross-site scripting vulnerability exists in TYPO3 Form Framework, which can be exploited by attackers to inject malicious script or HTML code...
Microsoft Excel 安全漏洞
Microsoft Excel is a spreadsheet processing software in the Office suite of Microsoft Corporation USA. A security vulnerability exists in Microsoft Excel. The following products and editions are affected:Microsoft Office 2019 for 32-bit editions,Microsoft Office 2019 for 64-bit editions,Microsoft...
OpenMage Code Issues Vulnerabilities
OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A code issue vulnerability exists in OpenMage versions 19.4.10 and 20.0.6, which stems from the presence of a vulnerability that allows remote attackers to execute code...
OpenClaw 代码问题漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 had code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing issues in browser control, allowing authenticated users to bypass private network...
CyberArk Idira Endpoint Privilege Manager 安全漏洞
CyberArk Idira Endpoint Privilege Manager is a terminal privilege management agent developed by the American company CyberArk. Versions of CyberArk Idira Endpoint Privilege Manager prior to version 26.5 contained security vulnerabilities, allowing local attackers to compromise the initialization ...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability caused by improper implementations in the Views component. This vulnerability could allow remote attackers to execute a sandbox escape by exploiting a...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in the DevTools component, which could allow remote attackers to bypass the same-origin polic...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google. It primarily provides features for web browsing, extension support, and multi-platform synchronization. There is a resource management vulnerability in Google Chrome. This vulnerability stems from the Cast component’s failure to properly handle...
CyberArk Idira Privileged Session Manager 路径遍历漏洞
CyberArk Idira Privileged Session Manager is a privileged session management platform developed by the American company CyberArk. Versions of CyberArk Idira Privileged Session Manager prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5 contained a path traversal vulnerability. This vulnerability stemmed...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a resource management vulnerability. This vulnerability stemmed from a problem with the Video component involving reusing resources after they were released. It could allow remote...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.6 contained a security vulnerability. This vulnerability stemmed from a bypass of the approval policy in the Skill Workshop application process, allowing proxy tools to set appl...