195539 matches found
D-Link DGS-1100-08PD 安全漏洞
The D-Link DGS-1100-08PD is an 8-port Gigabit intelligent management switch from D-Link Corporation. Version 1.00.006 of the D-Link DGS-1100-08PD contains a security vulnerability. This vulnerability stems from improper handling of the /etc/boa.conf file within the Web Interface component, which...
Gun 访问控制错误漏洞
Gun is an open-source Erlang HTTP client developed by Nine Nines that supports HTTP/1.1, HTTP/2, and WebSocket. In versions 2.0.0 to 2.4.0 of Gun, there was a access control vulnerability. This vulnerability stemmed from a source validation error in the gunhttp2 module, which could allow...
Znuny 安全漏洞
Znuny is a ticket system of the Znuny company. Versions of Znuny prior to 7.3.3 contained security vulnerabilities; these vulnerabilities stemmed from user preference settings stored in the system, which could lead to cross-site scripting attacks...
TRAC PDBM 安全漏洞
TRAC PDBM is an industrial automation process database management software developed by the Slovenian company TRAC. TRAC PDBM has a security vulnerability that stems from the use of static, hard-coded keys. This vulnerability could allow attackers to decrypt credentials stored in configuration...
JetBrains PyCharm 跨站脚本漏洞
JetBrains PyCharm is an integrated development environment IDE for Python language developed by the Czech company JetBrains. Versions of JetBrains PyCharm prior to 2025.3.4 contained a cross-site scripting vulnerability, which originated from Markdown cells in Jupyter notebooks, where a...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. There is a security vulnerability in Keycloak. This vulnerability stems from the fact that authenticated administrators with the manage-clients role can exploit the vulnerability in the name-based...
WordPress plugin Frontend Admin by DynamiApps 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CodeWhale 代码问题漏洞
CodeWhale is a terminal coding tool developed by Hunter Bown. Versions of CodeWhale prior to 0.8.22 contained code vulnerabilities. These vulnerabilities stemmed from the fetchurl tool’s ability to validate the IP address of the initial URL. However, the HTTP client was configured to follow...
XCharge C6 安全漏洞
XCharge C6 is a series of intelligent electric vehicle DC charging stations developed by the German company XCharge. There is a security vulnerability in the XCharge C6, which stems from a configuration flaw in the device’s remote management service. This flaw allows for the establishment of...
Northern.tech Mender Server 安全漏洞
Northern.tech Mender Server is an IoT server-side software developed by the American company Northern.tech. Versions of Northern.tech Mender Server such as 4.1.0, 4.0.1, and earlier have security vulnerabilities, which are due to a vulnerability that makes the system susceptible to directory...
pam_usb 安全漏洞
pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.0 contain security vulnerabilities; these vulnerabilities stem from the lack of mandatory verification of the system-side pad file, which could allow...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. In versions of Google Chrome on Android prior to 148.0.7778.216, there was a resource management vulnerability. This vulnerability stemmed from the WebGL component’s tendency to reuse resources after they were released, which could allow...
WordPress plugin Yoast SEO 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
DotCMS 安全漏洞
DotCMS is an open-source content management system written in Java, developed by DotCMS Inc. It is used to manage content and content-driven websites and applications. There are security vulnerabilities in the DotCMS Core version 25.11.04-1 to 26.04.28-02. These vulnerabilities stem from the...
WordPress plugin WPComplete 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an out-of-bound MMIO read performed by the queue reader/writer index exceeding the REMOTEQUEUESIZE rang...
Jenkins LDAP Plugin 安全漏洞
The Jenkins LDAP Plugin is an open-source Jenkins directory service identity authentication plugin developed by Jenkins. The Jenkins LDAP Plugin version 807.v7d7de30930cf and earlier versions have security vulnerabilities, which stem from unvalidated deserialization of LDAP reference data...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an invalid dereference of rawdata when the exportbinary function is not set properly. This could lead t...
Gradio 安全漏洞
Gradio is an open-source Python library developed by Google. It provides a user-friendly web interface for demonstrating machine learning models. Prior to version 6.15.0, Gradio had a security vulnerability. This vulnerability stemmed from the use of shared module-level HTTP clients, which allowe...
WordPress plugin CM Ad Changer 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
B&R Industrial Automation PPT30 Operating System 安全漏洞
The B&R Industrial Automation PPT30 Operating System is an industrial control terminal operating system developed by B&R Industrial Automation in Austria. Versions of the B&R Industrial Automation PPT30 Operating System prior to 1.8.0 contained security vulnerabilities. These vulnerabilities...
luci-app-https-dns-proxy 命令注入漏洞
Luci-app-https-dns-proxy is an OpenWrt DNS-over-HTTPS proxy with a web management interface, developed by Stan Grishin. Versions of Luci-app-https-dns-proxy dated back to December 29, 2025, and earlier have a command injection vulnerability. This vulnerability stems from command injection in the...
SourceCodester Hospitals Patient Records Management System SQL注入漏洞
SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability stems from...
WordPress plugin NextGEN Gallery SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
vm2 安全漏洞
vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 have security vulnerabilities; these vulnerabilities stem from sandbox boundary violations. During...
Playwright Capture 代码问题漏洞
Playwright Capture is an open-source web capture tool based on Playwright developed by Lookyloo. Versions of Playwright Capture prior to 1.39.6 contained code vulnerabilities. These vulnerabilities stemmed from insufficient restrictions on navigation and resource requests initiated by rendered...
Netty 资源管理错误漏洞
Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contained a resource management vulnerability. This...
Microsoft Win32k 资源管理错误漏洞
Microsoft Win32k is a system file used by Microsoft for multi-user management in Windows operating systems. There is a resource management vulnerability in Microsoft Windows Win32K-ICOMP. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
Auth 授权问题漏洞
Auth is a user authentication and management system open sourced by Supabase. There were vulnerabilities related to authorization in versions of Auth from 1.18.0 to 1.25.2, and from 2.0.0 to 2.1.2. This vulnerability stemmed from the Patreon OAuth provider, which mapped all authenticated Patreon...
Dapr 路径遍历漏洞
Dapr is a portable, serverless, event-driven runtime developed by Dapr Open Source. Versions of Dapr from 1.3.0 to 1.15.14, as well as versions from 1.16.0-rc.1 to 1.16.14 and from 1.17.0-rc.1 to 1.17.5, have a path traversal vulnerability. This vulnerability stems from the use of reserved URL...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the component NSSF, specifically the function...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of signed integers in bloblen and nummon functions within cephmonmapdecode. This can lead...
Axios 安全漏洞
Axios is an open-source HTTP client developed by Axios. Versions of Axios from 1.0.0 to 1.15.2 contained security vulnerabilities. These vulnerabilities stemmed from five configuration properties in the HTTP adapter being accessed directly through property access without the protection of...
ZTE Cloud PC client uSmartView 代码问题漏洞
ZTE Cloud PC client uSmartView is a cloud desktop remote access client software developed by ZTE Corporation. There is a code vulnerability in ZTE Cloud PC client uSmartView, which stems from a DLL hijacking vulnerability. Since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful...
Siemens Mendix Studio Pro 安全漏洞
Siemens Mendix Studio Pro is a visualization model-driven IDE developed by the German company Siemens. Versions of Siemens Mendix Studio Pro 11.8.0 Beta and earlier contained security vulnerabilities. These vulnerabilities were caused by incorrect authorization configurations, which could allow...
Apache Wicket 路径遍历漏洞
Apache Wicket is an open-source, lightweight, component-based framework developed by the Apache Foundation in the United States. It provides an object-oriented approach for developing web-based dynamic UI applications. Versions 8.0.0 to 8.17.0, 9.0.0 to 9.22.0, and 10.0.0 to 10.8.0 of Apache Wick...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.15 contained security vulnerabilities. These vulnerabilities stemmed from capturing a resolved bearer-auth configuration during initialization, which could allow revoked tokens ...
Redis 安全漏洞
Redis is an open-source database developed by Redis Technologies in the United States. It is written in ANSI C, supports networking, and can be implemented as either in-memory or persistent storage systems. It also provides APIs in multiple languages. Versions of Redis 8.6.3 and earlier contained...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.14 contained security vulnerabilities. These vulnerabilities stemmed from the reuse of authorized environments within queue batches. This allowed messages from different senders...
PhpSpreadsheet 代码问题漏洞
PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. Code vulnerabilities exist in versions 1.30.2 and earlier, as well as versions 2.0.0 to 2.1.14, 2.2.0 to 2.4.3, 3.3.0 to 3.10.3, and 4.0.0 to 5.5.0 of PhpSpreadsheet. These vulnerabilities...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities were caused by environmental variable injection, allowing malicious workarea.env files to set runtime control...
Claude SDK for TypeScript 安全漏洞
Claude SDK for TypeScript is an open-source development toolkit by Anthropic, designed for calling the Claude API using TypeScript. There were security vulnerabilities in versions of Claude SDK for TypeScript from 0.79.0 to 0.91.1. These vulnerabilities stemmed from BetaLocalFilesystemMemoryTool...
JeecgBoot 代码问题漏洞
JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of parameters in the OpenApiController.add/OpenApiController.call...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the function smbinheritdacl does not verify the numaces value. This can lead to...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a bypass vulnerability in the webhook signature processing mechanism. The vulnerability allowed attacke...
多款产品安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from insufficient boundary checks in the depth computing functions of the Irdma driver, potentially...
Oracle MySQL Server 安全漏洞
Oracle MySQL Server is a relational database management system developed by Oracle Corporation. Vulnerabilities exist in versions 8.0.0 to 8.0.45, 8.4.0 to 8.4.8, and 9.0.0 to 9.6.0 of Oracle MySQL Server. These vulnerabilities stem from issues with the Server: Optimizer component, allowing...
Microsoft Windows Kerberos 授权问题漏洞
Microsoft Windows Kerberos is a software developed by Microsoft for authentication in network clusters. As a network authentication protocol, Kerberos aims to provide robust authentication services for client/server applications through a key system. There are authorization vulnerabilities in...
Piwigo 安全漏洞
Piwigo is a web-based open-source image library software developed by Piwigo contributors. This software includes functions such as image management, image classification, and permission management. Versions of Piwigo prior to 16.3.0 contained security vulnerabilities. These vulnerabilities stemm...