195539 matches found
Headlamp 参数注入漏洞
Headlamp is an open source UI program for Kubernetes SIGs. A parameter injection vulnerability exists in versions of Headlamp prior to 0.31.1, which stems from command injection in the codeSign.js script and could lead to the execution of arbitrary commands...
Chall-Manager 路径遍历漏洞
Chall-Manager is an open source project from CTFer.io open source. A path traversal vulnerability exists in versions prior to Chall-Manager 0.1.4, which originates from unzipping a zip file without checking the path of the file, which may lead to arbitrary file overwriting...
Docusaurus gists plugin 信息泄露漏洞
Docusaurus gists plugin is an automation plugin by Webber Takken Personal Developer. An information disclosure vulnerability exists in Docusaurus gists plugin versions prior to 4.0.0, which stems from a GitHub token disclosure that could lead to credential disclosure...
WordPress plugin Contact Form 7 Hide Success Message security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress plugin Better Random Redirect 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Better Random Redirect plugin has a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data...
UNISOC Chipsets 安全漏洞
UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from insufficient input validation, which could lead to local elevation of privilege...
WordPress plugin Save as Image Plugin by Pdfcrowd 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin LightPress Lightbox 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
IBM i 信任管理问题漏洞
IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. IBM i is vulnerable to a trust management issue vulnerability that stems from improper handling of IBM i Netserver authentication, no details of the vulnerability are...
Drupal Sportsleague 安全漏洞
Drupal Sportsleague is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Sportsleague that stems from a problem with the project file that affects usability...
PHPGurukul Men Salon Management System 注入漏洞
PHPGurukul Men Salon Management System is a men's salon management system from PHPGurukul. An injection vulnerability exists in PHPGurukul Men Salon Management System version 1.0, which originates from SQL injection due to the manipulation of multiple parameters in file /admin/contact-us.php...
HCL Traveler 安全漏洞
HCL Traveler is a software from HCL India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. A security vulnerability exists in HCL Traveler that originates from a Windows application accidentally disclosing interna...
Autodesk AutoCAD 缓冲区错误漏洞
Autodesk AutoCAD is a suite of professional 3D drawing software from Autodesk, Inc. A security vulnerability exists in Autodesk AutoCAD that stems from a memory corruption vulnerability when parsing specially crafted SLDPRT files, which could lead to the execution of arbitrary code...
Adobe Illustrator 代码问题漏洞
Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An untrusted search path vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to execute arbitrary code...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the aspeedpinmuxsetmux function potentially dereferencing null pointers...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the mdfree and mdstop functions repeatedly releasing ioacctset, resulting in a double release...
Cordaware bestinformed 安全漏洞
Cordaware bestinformed is a mass notification system from Cordaware, Germany. A security vulnerability exists in Cordaware bestinformed that stems from a server address modification permission issue that could result in local privileges being elevated to SYSTEM...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper resource release on USB disconnection in the ALSA:usx2y module, which could lead to a memory leak...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a post-release reuse issue in the binder subsystem...
Adobe Acrobat Reader 代码问题漏洞
Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. Adobe Acrobat Reader has an XML External Entity Injection vulnerability that originates from a network system or product that is not set up with the correct filters ...
Google Pixel 安全漏洞
Google Pixel is a smartphone from Google, an American company. A security vulnerability exists in Google Pixel, which stems from a lack of bounds checking in getbinary in vendor/mediatek/proprietary/hardware/connectivity/gps/gpshal/src/datacoder.c, where out-of-bounds writes may exist...
Foxit PDF Reader 资源管理错误漏洞
Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A resource management error vulnerability exists in Foxit PDF Reader, which arises from manipulating AcroForms without verifying the existence of the object, which could lead to remote code execution...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by type confusion in V8. An attacker can exploit the vulnerability to execute arbitrary code on the system...
Shilpi Client Dashboard 安全漏洞
Shilpi Client Dashboard is a centralized dashboard from Shilpi. A security vulnerability exists in Shilpi Client Dashboard versions prior to 9.7.0, which stems from a lack of rate limiting and CAPTCHA protection for OTP requests in the API endpoints, and could lead to an OTP explosion on the targ...
TEM Opera Plus FM Family Transmitter 跨站请求伪造漏洞
The TEM Opera Plus FM Family Transmitter is a frequency modulation FM transmitter device from TEM. A cross-site request forgery vulnerability exists in TEM Opera Plus FM Family Transmitter version 35.45, which originates from allowing a user to perform certain actions via HTTP requests without...
Code-Projects Hospital Management System SQL注入漏洞
Code-Projects Hospital Management System is a Code-Projects open source hospital management system. Code-Projects Hospital Management System version 1.0 suffers from a SQL injection vulnerability, which originates from a SQL injection vulnerability contained in the index.php page...
Fortinet FortiOS 访问控制错误漏洞
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An access control error...
Zoom Meeting SDK and Zoom Workplace Path Traversal Vulnerability
Zoom Meeting SDK and Zoom Workplace are both products of Zoom, Inc.Zoom Meeting SDK is a development kit. Enables your company to accelerate the development and build of fully customizable video-based applications by leveraging the performance, scale, and reliability of Zoom's industry-leading...
Dolibarr ERP/CRM Security Breach
Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A security vulnerability exists in Dolibarr ERP/CRM version...
intellij Security Vulnerabilities
intellij is a plugin for the Bazel project. A security vulnerability exists in versions prior to intellij 2024.06.04.0.2, which stems from a dialog box for trusting the project not being displayed...
Microsoft Azure Backlink Vulnerability
Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from Microsoft Corporation USA. A backlink vulnerability exists in Microsoft Azure File Sync. An attacker could exploit the vulnerability to elevate privileges. The following products and versions are affected:Azure Fi...
WordPress plugin Swiss Toolkit For WP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...
WordPress plugin Swift Framework 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Siemens Parasolid 缓冲区错误漏洞
Parasolild Translators is a single-format translator toolkit for high-speed end-to-end translation between Parasolid and several industry formats such as STEP or IGES. An out-of-bounds read vulnerability exists in the Siemens PS/IGES Parasolid Translator component, which can be exploited by an...
Microsoft Edge 安全漏洞
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an information disclosure vulnerability, which is caused by an out-of-bounds read in the V8 API. An attacker can exploit this vulnerability to obtain sensitive information...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from memory reuse after release...
Microsoft OLE DB Provider for SQL Server 安全漏洞
Microsoft OLE DB Driver for SQL Server is a standalone data access application programming interface API for OLE DB. A remote code execution vulnerability exists in Microsoft OLE DB Driver for SQL Server, which can be exploited by an attacker to execute arbitrary code on the system...
Microsoft ODBC Driver 安全漏洞
Microsoft ODBC Driver is a driver from Microsoft Corporation USA. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in Microsoft ODBC Driver. An attacker could exploit the vulnerability to...
Byzro Networks Smart S80 代码问题漏洞
Byzro Networks Smart S80 is an Internet behavior management product from Byzro Networks. A code issue vulnerability exists in Byzro Smart S80 Management Platform 20240317 and prior versions, which stems from an unknown function in /useratte/userattestation.php that causes unrestricted uploads via...
iSulad 安全漏洞
iSulad is a lightweight container engine open-sourced by src-openEuler. A security vulnerability exists in iSulad version 2.0.18-13 version 2.1.4-1 and version 2.1.4-2, which stems from the presence of a race condition issue...
RSSHub 安全漏洞
RSSHub is an RSS feed generator written in Node.js, distributed under the MIT license and maintained by DIYgod and other GitHub users. A security vulnerability exists in RSSHub versions 1.0.0-master.cbbd829 through prior to 1.0.0-master.d8ca915, which stems from the presence of a cross-site...
phpseclib security vulnerability
phpseclib is a PHP secure communication library open-sourced by phpseclib. A security vulnerability exists in phpseclib versions prior to 1.0.23, 2.0.47, and 3.0.36, which stems from a potential denial of service when processing ASN.1 object identifiers for certificates...
WordPress plugin (Simply) Guest Author Name security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
SaltStack Salt 安全漏洞
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt that stems from an attacker being able to traverse a directory in order to...
WordPress Plugin MailMunch Constant Contact Forms Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Microsoft Office 安全漏洞
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office has a code execution vulnerability that can be exploited by an attacker to execute arbitra...
Gallagher Controller 6000 Security Vulnerability
The Gallagher Controller 6000 is an interface between the Gallagher Command Center server and distributed field hardware from Gallagher New Zealand. A security vulnerability exists in Gallagher Controller 6000 versions prior to 8.70 vCR8.70.231204a, v8.60 and earlier, which stems from the presenc...
Microsoft Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component is a graphics driver component from Microsoft Corporation USA. An information disclosure vulnerability exists in Microsoft Graphics Component msgraph-sdk-php that originates from a vulnerability that allows an attacker to craft HTTP requests to be able to access syste...
NVIDIA vGPU software security vulnerability
NVIDIA vGPU Software is a management software from NVIDIA that is used to provide GPU capabilities to virtual machines. The software supports multiple virtual machines to access the host's GPU, providing graphics performance and application compatibility for virtual machines. A security...
Microsoft Windows Power Management Service Security Vulnerability
Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows Power Management Service. An attacker could exploit this vulnerability to obtain sensitive information. The...