195539 matches found
OpenClaw 数据伪造问题漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a data forgery issue vulnerability that can be exploited by an attacker to inject forged Feishu events and trigger execution by downstream tools...
Mastodon 安全漏洞
Mastodon is an open-source social networking server based on ActivityPub, developed by Mastodon. There are security vulnerabilities in versions prior to Mastodon 4.5.8, specifically the 4.5.x branch, and versions prior to Mastodon 4.4.15, specifically the 4.4.x branch. These vulnerabilities stem...
phpseclib 安全漏洞
phpseclib is an open-source PHP security communication library developed by phpseclib. Versions of phpseclib starting from 1.0.26, 2.0.0 to 2.0.51, and 3.0.0 to 3.0.49 contain security vulnerabilities. These vulnerabilities stem from a timing attack that occurs when using the AES CBC mode...
OPEXUS eComplaint和OPEXUS eCASE 安全漏洞
OPEXUS eComplaint and OPEXUS eCASE are products of the American company OPEXUS. OPEXUS eComplaint is a complaint and appeal management platform. OPEXUS eCASE is an case management system. There were security vulnerabilities in versions of OPEXUS eComplaint and OPEXUS eCASE before 10.2.0.0. These...
WordPress plugin KiviCare 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
aaPanel 安全漏洞
aaPanel is a simple yet powerful web-based control panel, open source. Version 7.57.0 of aaPanel has a security vulnerability that stems from an issue with arbitrary file uploads, which may allow for the execution of arbitrary code...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.75 contained a buffer overflow vulnerability. This vulnerability stemmed from out-of-bounds writes in Skia, which could allow remote attackers to execute out-of-bounds memory access via a special...
itsourcecode Online Doctor Appointment System SQL注入漏洞
itsourcecode Online Doctor Appointment System is an open-source online doctor appointment system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability, which stems from incorrect handling of the patientid parameter in the file admin/patientaction.php. This...
Wallos 代码问题漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 had code vulnerabilities, as the url parameters could be used to access local system files...
chia-blockchain 安全漏洞
chia-blockchain is a Python library for Chia Network, open-source software. Version 2.1.0 of chia-blockchain contains a security vulnerability, which stems from incorrect handling of the /sendtransaction file. This vulnerability may lead to cross-site request forgery attacks...
OpenEXR 安全漏洞
OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions 3.3.0 to 3.3.6 and 3.4.0 to 3.4.4 of OpenEXR contain security vulnerabilities. These vulnerabilities stem from integer underflow during the parsing of malformed EXR...
WordPress plugin Booking Calendar 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
NVIDIA Nemo Framework 代码注入漏洞
NVIDIA Nemo Framework is a framework developed by NVIDIA Corporation in the United States for building and deploying generative AI models. The NVIDIA Nemo Framework has a code injection vulnerability. This vulnerability allows attackers to potentially execute remote code, leading to code executio...
Microsoft HTTP.sys 安全漏洞
Microsoft HTTP.SYS is an HTTP application protocol developed by Microsoft Corporation. There are security vulnerabilities in Microsoft HTTP.SYS. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affected: Windows Server 2025 Server Core...
OpenSTAManager 操作系统命令注入漏洞
OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager 2.9.8 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the P7M file decoding function’s...
vCluster Platform security vulnerabilities
vCluster Platform is an open-source virtual cluster manager developed by vCluster. Vulnerabilities existed in versions prior to vCluster Platform 4.6.0, 4.5.4, 4.4.2, and 4.3.10. These vulnerabilities were due to a potential bypass of range restrictions, which could lead to access to resources th...
Google Go 安全漏洞
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A denial of service vulnerability exists in Google Go, which stems from an unrestricted number of query parameters, which can be exploited by an attacker to cause excessive memory...
Seroval security vulnerabilities
Seroval is a formatted Java library developed by Alexis H. Munsayac. Versions of Seroval 1.4.0 and earlier contain security vulnerabilities, which stem from improper input validation during JSON deserialization, potentially leading to prototype pollution...
Oracle Solaris security vulnerabilities
Oracle Solaris is a UNIX operating system developed by the American company Oracle. There is a security vulnerability in Oracle Solaris 11 version. This vulnerability allows unverified attackers to access the system via TCP networks, potentially leading to unauthorized access to certain data...
Vivotek IP7137 路径遍历漏洞
The Vivotek IP7137 is an IP camera from China's Vivotek Communications Vivotek. A path traversal vulnerability exists in the Vivotek IP7137 version 0200a, which can be exploited by an authenticated attacker to access resources outside of the web root directory via a direct HTTP request, potential...
Nanjing Hanyuan HY511 POE 安全漏洞
Nanjing Hanyuan HY511 POE is an embedded smart display panel from Nanjing Hanyuan, China. A security vulnerability exists in Nanjing Hanyuan HY511 POE versions prior to 2.1 and plugins prior to 0.1, which stems from insufficient device cookie validation, and could lead to an attacker downloading...
WordPress plugin WING WordPress Migrator 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the existence of post-release reuse of the btsdioremove function...
CacheCloud 代码注入漏洞
CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which originates from an incorrect operation of the function doQuartzList in the file...
SAP Web Dispatcher和SAP Internet Communication Manager 安全漏洞
SAP Web Dispatcher and SAP Internet Communication Manager SAP ICM are both products from SAP, Germany.SAP Web Dispatcher is a core component of Load Balancing, which supports load balancing and provides reverse proxy functionality to enable external users to access internal applications. SAP Web...
Windu CMS 跨站请求伪造漏洞
Windu CMS Windu CMS is a lightweight web content management system CMS from Windu. A cross-site request forgery vulnerability exists in Windu CMS version 4.1, which stems from insufficient protection against cross-site request forgery and could lead to the deletion of users...
OneFlow 安全漏洞
Oneflow is a deep learning framework open-sourced by Oneflow. A security vulnerability exists in OneFlow version v0.9.0 that stems from improper input validation and could lead to a segmentation violation when adding Python sequences during broadcast or type conversion...
SAMSUNG多款产品 安全漏洞
SAMSUNG Exynos is a range of processors from South Korean company Samsung SAMSUNG. A security vulnerability exists in a number of SAMSUNG products, which stems from mishandling of 5G NRMM packets and could lead to a denial of service. The following products are affected: Exynos 2100, 1280, 2200,...
WordPress plugin Polylang 安全漏洞
WordPress Polylang plugin is a multilingual WordPress plugin for creating and managing multilingual websites, supports switching from 1 to 10 or more languages, the core functionality is fully integrated with WordPress built-in features e.g. taxonomies without additional dependency on external...
IPFire 安全漏洞
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the TLSHOSTNAME parameter, which can be exploited by an attacker to inject...
DCMTK 安全漏洞
DCMTK is a collection of libraries and applications that implement most of the DICOM standards from the DCMTK open source. Software for inspecting, building, and converting DICOM image files, processing offline media, sending and receiving images over a network connection, and demonstrating image...
RSUPPORT RemoteCall Remote Support Program 代码问题漏洞
RSUPPORT RemoteCall Remote Support Program is a remote assistance software from the Korean company RSUPPORT. A code issue vulnerability exists in RSUPPORT RemoteCall Remote Support Program versions prior to 5.1.0, which stems from an uncontrolled search path element that could lead to the executi...
Microsoft Windows Network Driver Interface Specification 缓冲区错误漏洞
The Microsoft Windows Network Driver Interface Specification is one of the core components of a Windows network architecture from Microsoft Corporation USA. A buffer error vulnerability exists in the Microsoft Windows Network Driver Interface Specification, which can be exploited by an attacker t...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability which is caused due to missing security attributes in the encrypted session SSL cookie. No details of the vulnerability are provided at this time...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. in the United States, with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE and EE...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an integer overflow in the iwlwritetouserbuf function, which could lead to a heap overflow...
smsboom 代码注入漏洞
smsboom is an SMS bombing software by the individual developer of QuitDropdatabaseFalse. A code injection vulnerability exists in smsboom 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674 and prior versions, which stems from a misuse of the parameter hm in the file dy.php, and could lead to a cross-site...
Novakon P series 安全漏洞
Novakon P series is a series of industrial panel PC operating pages from Taiwan, China-based Speedcom Novakon. A security vulnerability exists in Novakon P series version V2001.A.C518o2, which stems from improper authentication and could allow an unauthenticated attacker to upload and download...
Mesh Connect JS SDK 跨站脚本漏洞
Mesh Connect JS SDK is a Java library from Mesh open source. A cross-site scripting vulnerability exists in Mesh Connect JS SDK versions prior to 3.3.2, which stems from the createLink.openLink function not being cleaned up for the URL protocol, which could lead to the execution of arbitrary...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly handling routine rq reactivation after an XSK socket shutdown, which could result in reading...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the az6027i2cxfer function not handling null pointers correctly, which could lead to null pointer...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to set a new vector length before reallocating the SVE status buffer, which could lead to memory...
Zabbix 安全漏洞
Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. A security vulnerability exists in Zabbix that stems from not properly cleaning up the smart.disk.get parameter, which could lead to the...
WordPress plugin PhpList Subber 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
Xen 安全漏洞
Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. Xen has a security vulnerability that can be exploited by...
FFmpeg 安全漏洞
FFmpeg is a complete solution for recording, converting, and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg that stems from a heap buffer overflow that could lead to remote code execution or denial of service...
Citrix NetScaler ADC和Citrix NetScaler Gateway 安全漏洞
Citrix NetScaler ADC and Citrix NetScaler Gateway are both products of Citrix Corporation, U.S.A. Citrix NetScaler ADC is an application delivery and security platform.Citrix NetScaler Gateway is a secure remote access solution. A security vulnerability exists in Citrix NetScaler ADC and Citrix...
hippo4j 安全漏洞
hippo4j is an asynchronous thread pooling framework from opengoofy open source. A security vulnerability exists in hippo4j versions 1.0.0 through 1.5.0, which stems from the use of hard-coded keys in JWT creation, which could lead to the forgery of valid access tokens...
my-site 安全漏洞
my-site is WinterChenS individual developer's personal website based on springboot 2.0 development, integrated with: personal home page, personal blog, personal works. A security vulnerability exists in my-site version 6c79286, which stems from an authentication bypass that could lead to...
WordPress plugin Responsive Posts Carousel WordPress Plugin Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...