195539 matches found
Autodesk AutoCAD 缓冲区错误漏洞
Autodesk AutoCAD is a suite of professional 3D drawing software from the American company Autodesk. A buffer error vulnerability exists in Autodesk AutoCAD DWF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the affected Autodesk AutoCAD. The...
WordPress SQL注入漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.A SQL injection vulnerability exists in versions of the WordPress TI WooCommerce Wishlist plugin prior to 1.40.1, which stem...
WordPress plugin AccessPress 安全漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin AccessPress Themes has a security vulnerability that stems from the existence of a backdoor in the vendor...
Siemens Simcenter Femap 缓冲区错误漏洞
Simcenter Femap is an advanced simulation application for creating, editing, and inspecting finite element models of complex products or systems.Siemens Simcenter Femap out-of-bounds write vulnerability can be exploited by attackers to execute code in the context of the current process...
HP Support Assistant 授权问题漏洞
HP Support Assistant is a solution from Hewlett-Packard HP that provides support and other functions for PCs and printers. HP Support Assistant is vulnerable to authorization issues, which stem from the product's failure to effectively authenticate users, and can be exploited by attackers to...
ImpressCMS 安全漏洞
ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums, and photo albums. ImpressCMS has a security vulnerability that stems from the fact that impress scms prior to 1.4.2 allows traversal of the origName or imageName directory b...
vm2 安全漏洞
Vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. vm2 suffers from a security vulnerability that stems from being susceptible to sandbox bypass attacks by directly...
Microsoft SharePoint 代码问题漏洞
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft Corporation USA. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. remot...
Qualcomm 多款产品安全漏洞
A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and is manufactured from time to time on the surface of semiconductor wafers. A security vulnerability exists in a number of Qualcomm products...
WordPress plugin 跨站脚本漏洞
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress WP HTML Mail plugin in version 3.0.9 and earlier is vulnerable to a cross-site scripting vulnerability tha...
Tp-link TP-Link AX10 环境问题漏洞
TP-Link AX10 is a router from China P&L Tp-link. A misconfiguration vulnerability exists in the TP-Link AX10v1 that stems from an HTTP/1.1 misconfiguration in the web interface of the TP-Link AX10v1 that could allow an attacker to send specially crafted HTTP/0.9 packets, which could lead to a cac...
WBCE CMS SQL注入漏洞
WBCE CMS is an open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in wbce cms, which stems from the vulnerability of wbce cms to improper neutralization of special elements used in SQL commands...
Google Android 资源管理错误漏洞
Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in the Google Android Kernel. The vulnerability stems from an out-of-bounds write in periodicioworkfunc in lwisperiodicio.c due to reuse after release. An attacker can exploit...
PortlandLabs Concrete Cms 代码问题漏洞
PortlandLabs Concrete Cms is an open source team-oriented content management system from PortlandLabs, Inc. PortlandLabs Concrete CMS is vulnerable to a code issue that could be exploited by attackers to obtain a Cloud IAAS AWS IAM key...
CKEditor 跨站脚本漏洞
CKEditor is a set of open source, web-based text editors.A cross-site scripting vulnerability exists in CKEditor, which allows attackers to bypass content cleanup to inject misformatted HTML, which could lead to the execution of JavaScript code. No detailed vulnerability details are currently...
NLnet Labs Routinator 资源管理错误漏洞
NLnet Labs Routinator is an RPKI Resource Public Key Infrastructure validator written in the Rust language from Stichting NLnet Stichting Nlnet Labs in the Netherlands. A security vulnerability exists in NLnet Labs Routinator that stems from improper design or implementation during code developme...
NEC Corporation CLUSTERPRO缓冲区错误漏洞
NEC Corporation CLUSTERPRO is an HA clustering software from NEC. A buffer error vulnerability exists in NEC Corporation CLUSTERPRO X version 1.0 and EXPRESSCLUSTER X version 1.0 that originates from a boundary error in the software transaction server. A remote attacker could exploit the...
Draytek VigorConnect 代码问题漏洞
VigorConnect is the local network management software for DrayTek devices.An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of the DownloadFileServlet in Draytek VigorConnect version 1.6.0-B3. An attacker could exploit the vulnerability to uplo...
Microsoft Excel 代码注入漏洞
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Excel. The vulnerability arises from a network system or product not properly filtering specific elements of externally entered data during t...
Microsoft Exchange Server 权限许可和访问控制问题漏洞
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voice mail, email filtering and screening. A vulnerability exists in Microsoft Exchange Server with privilege permission and access control...
GitLab 授权问题漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. An authorization issue vulnerability exists in GitLab EE, which can be exploit...
Xiuno BBS 跨站脚本漏洞
Xiuno BBS is an open source forum program based on PHP and MySQL. Xiuno BBS suffers from a cross-site scripting vulnerability that originates from the failure of the product/admin/?setting-base.htm page to properly handle data in the sitename field. An attacker can execute client-side code via th...
PHP 路径遍历漏洞
PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP that arises from a lack of effective privilege-granting and access-control measures in a networked system or product...
Moodle Shibboleth 授权问题漏洞
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment.Shibboleth is an open source SAML protocol web single sign-on system for Windows platforms from Shibboleth, UK. Moodle suffers from an...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...
object-path 安全漏洞
object-path is an Npm library for individual developers to access variables in data structures via paths. A security vulnerability exists in object-path, which stems from the vulnerability of object paths to uncontrolled modification of object prototype attributes prototype contamination...
Schneider Electric StruxureWare Data Center Expert 路径遍历漏洞
Schneider Electric StruxureWare Data Center Expert StruxureWare Data Center Management Expert is a monitoring software from the French company Schneider Electric Schneider Electric. It is suitable for a variety of organizations to monitor their company-wide power, cooling, security, and...
Appneta Tcpreplay 缓冲区错误漏洞
Tcpreplay is a set of GPLv3 licensed utilities for UNIX operating systems to edit and replay network traffic captured by tools such as tcpdump and Ethereal/Wireshark. The dochecksum function in checksum.c in Tcpreplay version 4.3.2 is vulnerable to a buffer overflow vulnerability. An attacker can...
Google TensorFlow 输入验证错误漏洞
Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in Google TensorFlow versions prior to 2.6.0. An attacker can exploit the vulnerability to execute arbitrary code on the system...
Rust 命令注入漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a command injection vulnerability that could be exploited by attackers to trigger undefined behavior and memory corruption...
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Woocommerce. The vulnerability stems from a lack o...
QEMU 缓冲区错误漏洞
QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A security vulnerability exists in QEMU for ATI VGA, which stems from a memory access out-of-bounds flaw found in QEMU's ATI VGA device...
GitLab 安全漏洞
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An access control error vulnerability exists in GitLab. An attacker can exploit this vulnerability ...
Addressable资源管理错误漏洞
Addressable is an application. alternative implementation of the URI implementation, which is part of the Ruby Standard Library. A security vulnerability exists in Addressable that stems from a maliciously crafted URI template implementation in Addressable that could lead to uncontrolled resource...
Palo Alto Networks Cortex XSOAR 安全漏洞
Palo Alto Networks Cortex XSOAR is a software application from Palo Alto Networks, Inc. It provides a security orchestration, automation, and response platform with threat intelligence management and a built-in marketplace. A security vulnerability exists in Palo Alto Networks Cortex XSOAR, which...
Sourceforge mbsync 代码问题漏洞
Sourceforge mbsync is an application from the Sourceforge community in the United States. Provides synchronization of remote IMAP mailboxes with local maildir style mailboxes A code issue vulnerability exists in Sourceforge mbsync, which arises from a boundary error when handling an unexpected...
Apache Dubbo 代码问题漏洞
Apache Dubbo is the Apache Foundation's Java-based high-performance open source RPC framework. A deserialization vulnerability exists in Apache Dubbo versions prior to 2.7.8 and 2.6.9. An attacker can use this vulnerability to further exploit by tampering with byte leading flags and specifying a...
SoloKeys Solo 加密问题漏洞
SoloKeys Solo is an open source security key. SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token suffers from a security vulnerability that stems from not enforcing the flash readout protection RDP level. This allows an attacker to lower the RDP level...
PostgreSQL 命令注入漏洞
PostgreSQL is a free object-relational database management system organized by Postgresql. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, etc. A remote code execution vulnerability exists in the pg partman extension in...
vmd 跨站脚本漏洞
vmd is a software application. Preview markdown files in a separate window A cross-site scripting vulnerability exists in vmd version 1.34.0 and earlier versions, which leaks div class="markdown-body"...
Acyba AcyMailing 输入验证错误漏洞
Acyba AcyMailing is a suite of newsletter and marketing automation software from the Acyba team in France. AcyMailing suffers from an input validation error vulnerability that stems from the redirect parameter not being cleared correctly when AcyMailing performs a subscription...
Foxit Reader 资源管理错误漏洞
Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...
Jenkins Config File Provider Plugin 安全漏洞
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Config File Provider Plugin is used in one of...
ImageMagick 输入验证错误漏洞
ImageMagick is a set of open-source image processing software from the American company ImageMagick. The software can read, convert, or write images in a variety of formats. An input validation error vulnerability exists in ImageMagick. No information about this vulnerability is available at this...
Microsoft Windows Console Driver 输入验证错误漏洞
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A denial of service vulnerability exists in the "console driver" in Microsoft Windows and Windows Server,...
Wordpress plugin Controlled Admin Access 访问控制错误漏洞
WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in multiple Wordpress plugins that allows an attacker to use this endpoint to add arbitrary data to predefined options in the wpoptions table. The following products and versions are affected: The...
GNU Chess 安全漏洞
GNU Chess is a chess game program. A buffer overflow vulnerability exists in the cmdpgnload and cmdpgnreplay functions in frontend/cmd.cc in GNU Chess version 6.2.7. An attacker can exploit this vulnerability to execute arbitrary code via specially crafted PGN data...
Automattic WooCommerce 跨站脚本漏洞
Automattic WooCommerce is an open source e-commerce platform based on WordPress from Automattic, Inc. in the United States. A security vulnerability exists in the WooCommerce WordPress plugin Advanced Order Export prior to version 3.1.8. The vulnerability stems from the tab parameter in the admin...
WonderLink Yomi-Search 跨站脚本漏洞
WonderLink Yomi-Search is a WonderLink application. A versatile search engine. A cross-site scripting vulnerability exists in version 4.22 of Yomi-Search Ver4.22, which originates from the ability to execute arbitrary script on the web browser of a user accessing a website that uses Yomi-Search. ...
Jenkins Matrix Authorization Strategy 安全漏洞
Jenkins Matrix Authorization Strategy is a Jenkins open source application plugin . The plug-in in Jenkins to achieve fine-grained access control . An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permissions to nested...