195539 matches found
VMware Fusion Security Vulnerability
VMware Fusion is a suite of virtual machine software from VMware, Inc. designed to run Windows applications on Macs. A security vulnerability exists in VMware Fusion versions 13.x through 13.5 and earlier, which stems from a local elevation of privilege vulnerability...
WordPress Plugin ldap-login-for-intranet-sites Access Control Error Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control error...
WordPress Plugin ldap-ad-staff-employee-directory-search Access Control Error Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An access control error vulnerabili...
AMD DXE Driver Security Vulnerability
AMD DXE driver is a driver from UltraMicroelectronics AMD. A security vulnerability exists in AMD DXE Driver, which stems from improper initialization of variables in the driver, and could allow a privileged user to disclose sensitive information via local access...
NVIDIA DGX Buffer Error Vulnerability
NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A buffer error vulnerability exists in the NVIDIA DGX H100 BMC. An attacker could exploit this vulnerability to cause arbitrary kernel code execution, denial of service, privilege escalation, information...
SQLpage Information Disclosure Vulnerability
SQLpage is an SQL-only web application builder. It is designed to help data scientists, analysts, and business intelligence teams quickly build powerful data-centric applications without having to worry about any traditional Web programming languages and concepts. An information disclosure...
Microsoft Excel 安全漏洞
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel, which can be exploited by attackers to obtain sensitive information...
Microsoft Windows GDI Security Vulnerability
Microsoft Windows GDI+ is a graphical device interface for the Windows operating system from Microsoft USA. The software is part of the .NET Framework and is responsible for drawing graphical images and displaying information on screens and printers. A security vulnerability exists in Microsoft...
SAP PowerDesigner 代码注入漏洞
SAP PowerDesigner is a database design software from SAP Germany. A code injection vulnerability exists in SAP PowerDesigner version 16.7 that originates from allowing an unauthenticated attacker to inject VBScript code into a document. An attacker could exploit this vulnerability to cause...
Foxconn FOX LiveUpdate Utility Security Vulnerability
Foxconn FOX LiveUpdate Utility is a series of motherboard utilities from Foxconn China. A security vulnerability exists in Foxconn FOX LiveUpdate Utility version 2.1.6.26, which stems from a security issue discovered in the MmMapIoSpace routine that allows a local attacker to elevate privileges...
SaltStack Salt Security Vulnerabilities
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to 3005.2 or 3006.2, which stems from the Git provider progra...
vm-memory buffer error vulnerability
vm-memory is a software package that enables access to virtual machine memory. A buffer error vulnerability exists in versions of vm-memory prior to 0.12.2, which stems from the presence of out-of-bounds memory access...
GNU Binutils 安全漏洞
GNU Binutils is a set of open source tools for working with binaries such as target files, executables, libraries, etc., mainly used in the areas of compilation, debugging, reverse engineering and so on. A denial of service vulnerability exists in GNU Binutils. An attacker can exploit this...
WordPress plugin Extensions for Leaflet Map 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress Plugin Forminator – Contact Form, Payment Form & Custom Form Builder 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...
D-Link DIR-823G 安全漏洞
The D-Link DIR-823G is a home dual-band Gigabit wireless router with second-generation 802.11ac Wi-Fi5 technology designed for medium- to high-speed broadband networks. The D-Link DIR-823G suffers from a buffer overflow vulnerability that stems from a buffer overflow vulnerability in the URL fiel...
Apache Airflow 参数注入漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. A remote code execution vulnerability exists in Apache Airflow ODBC Provider, which can be exploited by an attacker to cause command execution...
WordPress Plugin PI Websolution Conditional cart fee 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Trend Micro Apex One 安全漏洞
Trend Micro Apex One is an endpoint protection software from Trend Micro. An elevation of privilege vulnerability exists in Trend Micro Apex One, which can be exploited by a local attacker to elevate privileges and write arbitrary values to specific entries...
tgstation-server 信息泄露漏洞
tgstation-server is a toolset for managing production BYOND servers. An information disclosure vulnerability exists in TGstation versions prior to 5.12.5, which originates from a username that can be discovered by forcing a login to the endpoint with an invalid password...
WordPress plugin WP User Switch 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress plugin BadgeOS 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
Dental Clinic Appointment Reservation System 跨站脚本漏洞
Dental Clinic Appointment Reservation System is a Dental Clinic Appointment Reservation System by jkev Personal Developer. A cross-site scripting vulnerability exists in SourceCodester Dental Clinic Appointment Reservation System version 1.0 due to an unknown function in the file /admin/service.p...
WordPress plugin Auto Prune Posts 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress plugin Mega Addons For WPBakery Page Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
OpenSearch 安全漏洞
OpenSearch Project is OpenSearch Project open source a community-driven, Apache 2.0 licensed open source search and analytics suite. Making it easy to access, search, visualize and analyze data. A security vulnerability exists in OpenSearch versions 1.3.10 and 2.7.0 that stems from a problem with...
Weaver E-Office 代码问题漏洞
Weaver E-Office is a collaborative office system from China's Panmicro Technology Weaver. A code issue vulnerability exists in Weaver E-Office version 9.5, which stems from the presence of an unknown function in App/Ajax/ajax.php?action=mobileuploadsave, which leads to unrestricted uploads via th...
WordPress plugin WP BaiDu Submit 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin vSlider Multi Image Slider for WordPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
Rails 安全漏洞
Rails is a set of open source web application frameworks based on the Ruby language by the American Rails team. A security vulnerability exists in versions prior to Rails v6.1.7.3, which stems from insufficient cleansing of user-supplied data, that could allow a remote attacker to trick a victim...
phpMyFAQ 跨站脚本漏洞
phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ Cross-Site Scripting Vulnerability. No information about this vulnerability is available at this time, so stay tuned to CNNVD or vendor...
WordPress Plugin WPCode Lite 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
SourceCodester Employee and Visitor Gate Pass Logging System SQL注入漏洞
Employee and Visitor Gate Pass Logging System is an employee and visitor pass logging system by Carlo Montero, an individual developer. SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 suffers from a SQL injection vulnerability that stems from a problem in the file...
Jenkins Plugin Image Tag Parameter 信任管理问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Fortinet FortiPresence 访问控制错误漏洞
Fortinet FortiPresence is a comprehensive data analytics solution from Fortinet, Inc. Fortinet FortiPresence suffers from an authentication error vulnerability that stems from a lack of authentication for critical functions, which can be exploited by an attacker to gain access to Redis and MongoD...
HGiga MailSherlock 操作系统命令注入漏洞
Hgiga MailSherlock is an enterprise email auditing system from China Henderson Technology Hgiga. HGiga MailSherlock version 4.5 suffers from an operating system command injection vulnerability, which originates from an insufficient filtering of user input by the query function. An attacker could...
WordPress plugin HT Portfolio 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
Uniview IP Camera 授权问题漏洞
Uniview IP Camera is a camera from China Uniview Technology Uniview. A security vulnerability exists in the Uniview IP Camera that stems from a failure of identification and authentication in the web-based management interface...
kylinos kylin-system-updater 操作系统命令注入漏洞
kylinos kylin-system-updater is an operating system component from China Kylin Software kylinos. An operating system command injection vulnerability exists in kylin-system-updater version 1.4.20kord and earlier versions. An attacker could exploit this vulnerability to conduct a command injection...
wallabag 授权问题漏洞
wallabag is a web application that allows you to save web pages for later reading. An authorization issue vulnerability exists in versions prior to wallabag 2.5.4 that stems from improper authorization management...
Directus 代码问题漏洞
Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A code issue vulnerability exists in Directus versions prior to 9.23.0 that stems from the presence of a server-side request forgery SSRF vulnerability, which can be exploited by an attacker to acces...
XWiki Platform 访问控制错误漏洞
XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. An access control error vulnerability exists in XWiki Platform that originates from the possibility of exploiting the privileges of existing document content authors to execute...
Real Time Logic FuguHub 代码注入漏洞
Real Time Logic FuguHub is a consumer product from Real Time Logic developed using the Barracuda Application Server SDK. A security vulnerability exists in Real Time Logic FuguHub v8.1 and prior versions that stems from an operational Remote Code Execution RCE vulnerability...
phpMyFAQ 安全漏洞
phpMyFAQ is a multilingual, fully database-driven FAQ system. phpMyFAQ versions prior to 3.1.11 contain a security vulnerability that stems from an uncaught exception. No detailed vulnerability details are currently available...
Yugabyte YugabyteDB Managed 安全漏洞
YugabyteDB Managed is Yugabyte's fully managed YugabyteDB-as-a-Service, eliminating the operational overhead of managing a database. A security vulnerability exists in Yugabyte YugabyteDB Managed. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the...
WordPress plugin Interactive Geo Maps 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
WordPress plugin Stream 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Dompdf 安全漏洞
Dompdf is a HTML to PDF converter. A security vulnerability exists in Dompdf version 2.0.1. An attacker exploiting the vulnerability can use any protocol to call any URL...
多款WordPress theme 代码问题漏洞
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. Multiple WordPress themes suffer from a code issue vulnerability that stems from the fact that several themes...
rubygem-activerecord 安全漏洞
rubygem-activerecord is an application of rubygems open source. A security vulnerability exists in rubygem-activerecord that stems from the presence of a denial of service...