195539 matches found
PocketMine-MP 安全漏洞
PocketMine-MP is a game server software from PMMP Open Source. A security vulnerability exists in PocketMine-MP versions prior to 4.18.1, which stems from improper input validation in inventory transaction processing, and could lead to a remote attacker triggering a server crash and resulting in ...
WordPress plugin Formality 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from dm not handling partition table swapping correctly, which could lead to memory corruption...
NETGEAR DGND3700 安全漏洞
The Netgear DGND3700 is a dual-band Gigabit wireless DSL router manufactured by NETGEAR and is primarily used for home and SMB network connections. The Netgear DGND3700 suffers from an improper authentication vulnerability that originates in an unknown portion of Basic Authentication's file...
Microsoft Windows 安全漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft USA. A security vulnerability exists in Microsoft Windows. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected:Windows Server...
Django 安全漏洞
Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability in Django versions 5.1.5 prior to version 5.1, 5.0 prior to version...
BoidCMS 安全漏洞
BoidCMS is a free open source flat file CMS from BoidCMS Open Source for building simple websites and blogs, developed in PHP and using JSON as the database. A security vulnerability exists in BoidCMS 2.1.1 and earlier versions, which stems from a Reflected Cross-Site Scripting XSS vulnerability ...
Laravel 参数注入漏洞
Laravel is a web application framework from the Laravel community. A parameter injection vulnerability exists in Laravel. An attacker exploiting this vulnerability can call any URL using a specially crafted query string...
Red Hat Keycloak 安全漏洞
Red Hat Keycloak is a suite of software from Red Hat USA that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from a hard-coded, loose regular expression used for filtering that allows hosts t...
MongoDB 代码问题漏洞
MongoDB is a document-oriented database management system from the American company MongoDB. A code issue vulnerability exists in MongoDB .NET/C Driver version v2.18.0 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...
OpenStack 路径遍历漏洞
OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. A security vulnerability exists in OpenStack Cinder, glance, and nova, which stems from the fact that by providing a specially created VMDK flat image that references the path to a specific...
memos 资源管理错误漏洞
memos is an open source hosted memo center with knowledge management and social features. A resource management error vulnerability exists in versions of memos prior to 0.9.1, which stems from a denial of service...
Siemens Mendix Email Connector 安全漏洞
Siemens Mendix Email Connector Module allows email to be sent and received on its own email server and adds new features such as sending signed and encrypted emails.A security vulnerability exists in Siemens Mendix Email Connector Module due to a version of the affected module that fails to...
Microsoft Windows Terminal 代码注入漏洞
Microsoft Windows Terminal is a new virtual terminal for Windows 10 announced by Microsoft Corporation of the United States at the Build 2019 conference that opened in Seattle. Users can install it through the Microsoft App Store or compile and install it themselves by downloading the source code...
Apache SOAP 访问控制错误漏洞
Apache SOAP is used as a client-side library by the Apache Foundation to invoke SOAP services available elsewhere, and as a server-side tool to implement SOAP-accessible services. an authentication error vulnerability exists in Apache SOAP, which stems from the fact that RPCRouterServlet can be...
WordPress plugin Site Offline 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in the WordPress...
VMware vCenter Server 代码问题漏洞
VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A code issue vulnerability exists in VMware...
Jenkins Plugin OpsGenie 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...
Open Forms 代码问题漏洞
Open Forms is Open Formulieren open source an intelligent dynamic form . Used to quickly create powerful and intelligent forms exposed through the API . Open Forms versions prior to 1.1.1 have a code issue vulnerability that stems from insufficient input validation of uploaded files...
GE APM 安全漏洞
GE APM is an equipment monitoring system from General Electric GE. The system provides continuous monitoring of equipment operating status and faults. A security vulnerability exists in the GE APM Java agent that stems from the discovery of a local elevation of privilege issue in the APM Java...
Six Apart Movable Type 操作系统命令注入漏洞
Six Apart Movable Type is an application from Six Apart, Inc. A command injection vulnerability exists in Six Apart Movable Type due to incorrect input validation in the Movable Type XMLRPC API, which can be exploited by an unauthenticated remote attacker to execute arbitrary operating system...
thephpleague flysystem 代码注入漏洞
Flysystem is an open source file repository. Thephpleague flysystem suffers from a code injection vulnerability that stems from the fact that under certain conditions, flysystem could allow a malicious user to remotely execute code...
PilusCart SQL注入漏洞
PilusCart is an online store management system based on PHP and MySQL. Version 1.4.1 of PilusCart has a SQL injection vulnerability. This vulnerability stems from the send parameter, which allows for SQL injections. It may allow unverified attackers to manipulate database queries and extract...
Google Chrome 资源管理错误漏洞
Google Chrome is a popular web browser. Google Chrome suffers from a resource management error vulnerability, which stems from a post-release reuse of a media component, that can be exploited by an attacker to cause an application to crash or execute arbitrary code in the context of the applicati...
SAMSUNG MagicINFO 9 Server 安全漏洞
Samsung MagicINFO 9 Server is a core component of the MagicINFO solution and is responsible for content management and scheduling functions. A path traversal vulnerability exists in Samsung MagicINFO 9 Server, which stems from an improperly restricted pathname, and can be exploited by an attacker...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the drm/i915 component requesting an improper reference count during error trapping...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the netfsunbufferedwriteiterlocked function incorrectly handling kernel asynchronous DIO writes as user-spac...
GitLab CE/EE Security Vulnerabilities
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE, which stems from the fact that an...
WordPress Plugin Restrict User Access Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
jberet Security Vulnerabilities
jberet is a jberet open source application to provide portable batch processing support in Jakarta EE environments. A security vulnerability exists in jberet that stems from an exception in dbProperties that may display user credentials, such as the username and password for a database connection...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is a large commercial database system from Microsoft that is used on Microsoft Windows systems. A security vulnerability exists in SQL Server. The following products and versions are affected:Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity...
WordPress plugin Social Warfare 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
rgb2hex 安全漏洞
rgb2hex is a lightweight rgb/rgba-to-hexadecimal parser from the personal developer Christian Bromann. A security vulnerability exists in rgb2hex version 0.1.5 and earlier. An attacker exploited the vulnerability to cause inefficient regular expression complexity...
Book Store Management System 访问控制错误漏洞
Book Store Management System is an online bookstore system by Carlo Montero Personal Developer. A security vulnerability exists in Book Store Management System version 1.0, which stems from incorrect access control...
Digital Alert Systems DASDEC EAS 跨站脚本漏洞
Digital Alert Systems DASDEC EAS is a digital alert system from Digital Alert Systems, Inc. Digital Alert Systems DASDEC EAS suffers from a cross-site scripting vulnerability that can be exploited by a remote attacker to inject arbitrary web script or HTML code via the username field of the login...
Fastify 安全漏洞
Fastify is an open source web framework for Node.js from the OpenJS Foundation. Fastify fastify-websocket suffers from a security vulnerability that originates from an attacker sending it specific packets in the wrong format, which could cause it to crash...
F5 BIG-IP 命令注入漏洞
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other functions from F5 Corporation in the United States. A command injection vulnerability exists in F5 BIG-IP versions 16.1.x through 16.1.3.1 prior,...
WordPress plugin NEX-Forms SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...
WordPress plugin Simply Schedule Appointments 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress plugin DW Promobar 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Atlassian Jira 代码问题漏洞
Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira Service Management Server and Data Center versions prior to 4.13.20, 4.14.0 to...
Qualcomm多款产品 资源管理错误漏洞
The Qualcomm Snapdragon SOC Snapdragon Processor is a chip from Qualcomm Incorporated that is used in mobile devices to process information. A security vulnerability exists in various Qualcomm products that stems from a post-release reuse condition when using the IOCTL munmap call to free process...
Arm Mali GPU Kernel Driver 资源管理错误漏洞
The Arm Mali GPU Kernel Driver is a driver for a graphics processor unit from Arm UK. A security vulnerability exists in the Arm Mali GPU Kernel Driver, which stems from a reuse-after-release vulnerability and affects the following products and versions: Midgard versions r28p0 through r29p0, prio...
Microweber 跨站脚本漏洞
Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber versions prior to 1.2.16, which allows an...
ZZCMS SQL注入漏洞
ZZCMS is a content management system CMS from the Zzcms team in China.ZZCMS version 2019 is vulnerable to a SQL injection vulnerability that originates from a missing validation of external input SQL statements in the dlid parameter on the application's /dl/dlprint.php page. An attacker could use...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel. These vulnerabilities stem from the fact that ksmbd does not verify the SID length of inherited ACEs in the...
Oracle MySQL Server 安全漏洞
Oracle MySQL Server is a relational database management system developed by Oracle Corporation. There are security vulnerabilities in versions 8.0.0 to 8.0.45 of Oracle MySQL Server. These vulnerabilities stem from issues with the Server: DML component, which may allow attackers with high...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the f2fs file system not performing an integrity check on the destination block address during recovery, whi...
Microsoft Windows Fast Fat Driver 安全漏洞
Microsoft Windows Fast Fat Driver is a complete file system from Microsoft USA that solves a variety of problems such as storing data on disk, interacting with a cache manager, and handling a variety of I/O operations such as file creation, performing reads/writes to files, setting file...
vLLM 代码问题漏洞
vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A code issue vulnerability exists in versions of vLLM prior to v0.7.0 that stems from arbitrary code execution during unpickling when torch.load loads malicious pickle data...