195539 matches found
SourceCodester Hospitals Patient Records Management System SQL注入漏洞
SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability stems from...
WordPress plugin All in One SEO 信息泄露漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
phpMyFAQ SQL注入漏洞
phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained an SQL injection vulnerability. This vulnerability stemmed from the BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods, which inserted...
Netty 环境问题漏洞
Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contained environmental issues. These issues stemmed from...
Arqit Symmetric Key Agreement Platform 安全漏洞
The Arqit Symmetric Key Agreement Platform is a quantum-safe key negotiation platform developed by Arqit Corporation. Versions prior to 26.03 of the Arqit Symmetric Key Agreement Platform contained security vulnerabilities. These vulnerabilities stemmed from exposing the QKEY and internal system...
Playwright Capture 代码问题漏洞
Playwright Capture is an open-source web capture tool based on Playwright developed by Lookyloo. Versions of Playwright Capture prior to 1.39.6 contained code vulnerabilities. These vulnerabilities stemmed from insufficient restrictions on navigation and resource requests initiated by rendered...
ABIS BAPSİS 安全漏洞
ABIS BAPSİS is a research information system developed by the Turkish company ABIS, aimed at university research projects, academic budgets, and administrative processes management. Previous versions of ABIS BAPSİS, such as v.202604152042, contained security vulnerabilities. These vulnerabilities...
Craft CMS 安全漏洞
Craft CMS is an open-source content management system developed by Craft Studio. Versions of Craft CMS from 5.0.0-RC1 to 5.9.18 contained security vulnerabilities. These vulnerabilities stemmed from the AssetsController::actionShowInFolder method, which did not check user permissions when...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS prior to Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 contain security vulnerabilities. These vulnerabilities stem from issues with state handling, which may allow...
PHP SQL注入漏洞
PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 have a SQL injection vulnerability. This vulnerability stems from the improper handling of NUL bytes by the PDO Firebird driver when processing SQL queries, which can...
CLI Proxy API 代码问题漏洞
CLI Proxy API is an open-source CLI proxy server developed by Router-For.ME, which supports multi-model APIs. Version 6.9.29 of the CLI Proxy API has a code vulnerability that stems from the handling of the url parameter in the file internal/api/handlers/management/apitools.go. This vulnerability...
Admidio 安全漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there were security vulnerabilities. These vulnerabilities stemmed fr...
ZTE Cloud PC client uSmartView 代码问题漏洞
ZTE Cloud PC client uSmartView is a cloud desktop remote access client software developed by ZTE Corporation. There is a code vulnerability in ZTE Cloud PC client uSmartView, which stems from a DLL hijacking vulnerability. Since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful...
Apache Wicket 路径遍历漏洞
Apache Wicket is an open-source, lightweight, component-based framework developed by the Apache Foundation in the United States. It provides an object-oriented approach for developing web-based dynamic UI applications. Versions 8.0.0 to 8.17.0, 9.0.0 to 9.22.0, and 10.0.0 to 10.8.0 of Apache Wick...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google to provide web browsing, application running and internet communication features. Google Chrome suffers from an integer overflow vulnerability that stems from the Network component failing to properly handle certain data, which can be exploited b...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities were caused by environmental variable injection, allowing malicious workarea.env files to set runtime control...
mem0 输入验证错误漏洞
mem0 is an efficient memory algorithm benchmarking tool open-sourced by Mem0. An input validation error vulnerability exists in mem0 1.0.11 and earlier versions, which stems from improper manipulation of the pickle.load/pickle.dump functions in the mem0/vectorstores/faiss.py file, which could lea...
Wireshark 安全漏洞
Wireshark is a set of network packet analysis tools developed by the Wireshark team. The software’s function is to capture network packets and display detailed data for analysis. Versions of Wireshark from 4.6.0 to 4.6.4, as well as 4.4.0 to 4.4.14, have security vulnerabilities. These...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a bypass vulnerability in the webhook signature processing mechanism. The vulnerability allowed attacke...
Pi-Hole Adminlte 跨站脚本漏洞
Pi-Hole Adminlte is a control panel used for collecting more data. Versions of Pi-Hole Adminlte from 6.0 to 6.5 had a cross-site scripting vulnerability. This vulnerability occurred due to the direct insertion of configuration values into HTML attributes without escaping, which could lead to HTML...
qdPM SQL注入漏洞
qdPM is a web-based open-source project management tool developed by qdPM Inc. Version 9.1 of qdPM has a SQL injection vulnerability. This vulnerability stems from the SQL injection present in the searchbyextrafields parameter, which could allow attackers to manipulate database queries and extrac...
Broadcom Symantec Data Loss Prevention Windows Endpoint 安全漏洞
Broadcom Symantec Data Loss Prevention Windows Endpoint is a terminal data leakage prevention security software developed by Broadcom Corporation. There is a security vulnerability in Broadcom Symantec Data Loss Prevention Windows Endpoint, which stems from an privilege escalation vulnerability...
Mastodon 安全漏洞
Mastodon is an open-source social networking server based on ActivityPub, developed by Mastodon. There are security vulnerabilities in versions prior to Mastodon 4.5.8, specifically the 4.5.x branch, and versions prior to Mastodon 4.4.15, specifically the 4.4.x branch. These vulnerabilities stem...
Vikunja 安全漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 0.18.0 to 2.2.1 had security vulnerabilities. These vulnerabilities stemmed from insufficient validation of user status during certain authentication processes, allowing users who were already...
esaml 安全漏洞
esaml is a library developed by Australian developer Lexi Wilson for handling SAML authentication. It provides functions for SAML service providers and identity providers. esaml has a security vulnerability, which stems from the undisabled XML entity extensions. This vulnerability may lead to XML...
CEWE PHOTO IMPORTER 安全漏洞
CEWE PHOTO IMPORTER is a photo import tool developed by the British company CEWE. Version 6.4.3 of CEWE PHOTO IMPORTER contains a security vulnerability. This vulnerability arises from the import of specially crafted image files, which may allow local attackers to trigger an application crash...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.21 contained security vulnerabilities. These vulnerabilities stemmed from improper URL scheme validation in the assertBrowserNavigationAllowed function. This allowed unauthorize...
OPEXUS eComplaint和OPEXUS eCASE 安全漏洞
OPEXUS eComplaint and OPEXUS eCASE are products of the American company OPEXUS. OPEXUS eComplaint is a complaint and appeal management platform. OPEXUS eCASE is an case management system. There were security vulnerabilities in versions of OPEXUS eComplaint and OPEXUS eCASE before 10.2.0.0. These...
Cockpit SQL注入漏洞
Cockpit is an interactive server management interface developed by Cockpit OpenSource. Versions of Cockpit 2.13.4 and earlier had a SQL injection vulnerability. This vulnerability originated from the SQL injection vulnerability present in the MongoLite aggregate optimizer, which could allow...
OpenCTI 代码问题漏洞
OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions of OpenCTI prior to 6.8.16 had code vulnerabilities. These vulnerabilities stemmed from the data ingestion feature not verifying the URLs provided by users, which could lead to server-side request forgei...
itsourcecode Online Doctor Appointment System SQL注入漏洞
itsourcecode Online Doctor Appointment System is an open-source online doctor appointment system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability, which stems from incorrect handling of the patientid parameter in the file admin/patientaction.php. This...
Shopware 安全漏洞
Shopware is a set of open-source e-commerce software developed by the German company Shopware GmbH. Versions prior to Shopware 6.6.10.15 and 6.7.8.1 contained security vulnerabilities. These vulnerabilities stemmed from defects in the application registration process, which could allow attackers ...
Checkmate 信息泄露漏洞
Checkmate is an open-source, self-hosted tool developed by BlueWave. It aims to provide visually appealing real-time tracking and monitoring of server hardware, uptime, response times, and events. Versions of Checkmate prior to 3.4.0 contained a security vulnerability related to information...
Everon 代码问题漏洞
Everon is an electric vehicle charging station system developed by Everon Corporation. There are code vulnerabilities in Everon, which stem from the WebSocket backend’s use of predictable session identifiers. These vulnerabilities may lead to session hijacking or shadow attacks, ultimately...
WordPress plugin Custom Logo 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
OpenEXR 安全漏洞
OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions 3.3.0 to 3.3.6 and 3.4.0 to 3.4.4 of OpenEXR contain security vulnerabilities. These vulnerabilities stem from integer underflow during the parsing of malformed EXR...
WordPress plugin Complianz 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin Booking Calendar 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an alignment error in the virtnetinfo structure. This error may lead to memory access errors and...
Tenda TX9 安全漏洞
The Tenda TX9 is a wireless router produced by the Chinese company Tenda. The Tenda TX9 versions 22.03.02.10multi and earlier has a security vulnerability. This vulnerability stems from incorrect handling of the deviceList parameter in the function sub4223E0 located in the...
WordPress plugin Video Onclick 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
MediaTek Chipsets 安全漏洞
MediaTek Chipsets are a series of chips developed by MediaTek Corporation in China. The MediaTek Chipsets contain security vulnerabilities, which stem from improper handling of modem errors. These vulnerabilities may lead to remote denial-of-service attacks...
Open5GS security vulnerabilities
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of the function...
Google Go 安全漏洞
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A denial of service vulnerability exists in Google Go, which stems from an unrestricted number of query parameters, which can be exploited by an attacker to cause excessive memory...
Delta Electronics DIAView 安全漏洞
Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A security vulnerability exists in Delta Electronics DIAView that stems from failure to authenticate critical functions. No details of the vulnerability are available at this time...
编号撤回
SoX is a suite of open source audio processing tools. The product supports playing, converting and recording audio in multiple formats. A numeric error vulnerability exists in SoX version 14.4.2, which originates from a divide-by-zero error when processing a specially crafted WAV file, and may...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from ioestimatebvecsize truncating the number of computed segments, which could lead to data corruption...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from amdgpu powerplay not clearing memory when power state initialization fails, which could lead to a memory lea...
HP Image Assistant 安全漏洞
HP Image Assistant is a free tool from Hewlett-Packard HP that scans computers and installs recommended BIOS updates, drivers, and HP Business PC software. A security vulnerability exists in HP Image Assistant versions prior to 5.3.3, which stems from a competing condition in the installation of...
CKAN 授权问题漏洞
CKAN is an open source DMS Data Management System from CKAN Open Source. It is used to power data centers and data portals. An authorization issue vulnerability exists in CKAN versions prior to 2.10.9 and prior to 2.11.4, which stems from an attacker being able to fix session IDs, potentially...