195539 matches found
F5 BIG-IP 资源管理错误漏洞
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG-IP Advanced WAF and ASM MySQL database denial of service vulnerability is associated with a policy on Virtul Serve...
D-Link DSL-2750U安全漏洞
The D-Link DSL-2750U is a wireless N 300 ADSL2 modem router.An unauthorized configuration modification vulnerability exists in the D-Link DSL-2750U ME1.16 and earlier versions. An attacker could use this vulnerability to modify the configuration without authorization...
Adobe Connect 跨站脚本漏洞
Adobe Connect is an online video conferencing software. A reflected cross-site scripting vulnerability exists in Adobe Connect 11.2.2 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...
Bento4 代码问题漏洞
Bento4 is a C class library and tool for reading and writing ISO-MP4 files. A null pointer dereference vulnerability exists in the AP4StszAtom::WriteFields function in Ap4StszAtom.cpp in Bento4 1.6.0-636 and earlier versions. An attacker could exploit this vulnerability to cause a denial of servi...
WordPress SQL注入漏洞
WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Quiz Maker plugin is an application plugin for WordPress. A SQL injection vulnerability exists in WordPress Quiz Maker...
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Woocommerce. The vulnerability stems from a lack o...
Joomla! 跨站脚本漏洞
A cross-site scripting vulnerability exists in versions 3.0.0 to 3.9.27, which could be exploited to lure users into clicking on and executing client-side code to steal user cookie credentials...
Industrial Light and Magic OpenEXR 缓冲区错误漏洞
OpenEXR is an image file format for high dynamic range HDR images.A security vulnerability exists in OpenEXR, which stems from a flaw in the ImfDeepScanLineInputFile functionality. An attacker could use the upstairs to trigger an out-of-bounds read by submitting a harmful file to an application...
Jenkins 跨站请求伪造漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . The Jenkins XebiaLabs XL Deploy Plugin suffers from a cross-site request forgery vulnerability that stems from a...
Microsoft Office SharePoint 信息泄露漏洞
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. An information...
多款Huawei产品输入验证错误漏洞
Huawei S12700 and others are an enterprise-class switch product from Huawei China. A number of Huawei products command injection vulnerability, attackers can use the vulnerability to send malicious parameters can be injected into the command line, affecting normal functionality...
Google Kubernetes 代码问题漏洞
Google Kubernetes is a set of open source Docker container cluster management system from the U.S. company Google Google. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. A code issue vulnerability exists ...
Microsoft Windows Codecs 缓冲区错误漏洞
Microsoft Windows Codecs is an operating system from Microsoft. It provides a multitasking graphical user interface. A buffer error vulnerability exists in the Microsoft Windows Codecs Library. The following products and versions are affected:Web Media Extensions...
Microsoft Internet Explorer 缓冲区错误漏洞
Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from Microsoft Corporation USA. A buffer error vulnerability exists in Internet Explorer. The following products and versions are affected: Internet Explorer 11, Internet Explorer 9...
NVIDIA Windows GPU Display Driver 代码问题漏洞
Nvidia NVIDIA Windows GPU Display Driver is a graphics processor GPU graphics card driver for the Windows platform from Nvidia. A code issue vulnerability exists in NVIDIA Windows GPU Display Driver for Windows, which stems from a flaw in the kernel driver, where a null pointer dereference could...
Oracle VM VirtualBox 输入验证错误漏洞
Oracle VM VirtualBox is a virtual machine management software from Oracle. Oracle VM VirtualBox suffers from an input validation error vulnerability that stems from an input validation error in the core components of Oracle VM VirtualBox. No detailed vulnerability details are provided at this tim...
Fibaro Home Center 2 安全漏洞
FIBARO Home Center 2 is an application system of the Polish company FIBARO. A system integration system. A security vulnerability exists in Fibaro Home Center 2 that stems from the fact that communications between users and devices can be eavesdropped on to hijack sessions, tokens, and passwords...
IMAGE CONQUEST DICOM SERVER 命令注入漏洞
IMAGE CONQUEST DICOM SERVER is IMAGE an open source application. It can store, validate, query and retrieve through programmable SQL database tables. A security vulnerability exists in CONQUEST DICOM SERVER before 1.5.0, which can be exploited by attackers to execute malicious code...
WonderLink Yomi-Search 跨站脚本漏洞
WonderLink Yomi-Search is a WonderLink application. A versatile search engine. A cross-site scripting vulnerability exists in version 4.22 of Yomi-Search Ver4.22, which originates from the ability to execute arbitrary script on the web browser of a user accessing a website that uses Yomi-Search. ...
Wordpress Modern Events Calendar Lite 访问控制错误漏洞
Wordpress Modern Events Calendar Lite is an open source application plugin for Wordpress. This plugin is the best tool for managing event websites. An access control error vulnerability exists in the WordPress Modern Events Calendar Lite plugin before 5.16.5, which stems from not properly...
Rafael França activerecord-session_store 安全漏洞
Rafael França activerecord-sessionstore is an open source application by Rafael França. A default class is provided, but any object with a textual sessionid and data attribute duck-typed into the Active Record Session class is sufficient. A security vulnerability exists in all versions of...
GE Digital HMI/SCADA iFIX Permission License and Access Control Issues Vulnerability
Genesys PureEngage Digital is an omni-channel customer interaction management platform from Genesys. The platform supports features such as online chat, email and SMS Short Message Service. A security vulnerability exists in GE Digital HMI/SCADA iFIX that originates from allowing a locally...
Cross-Site Scripting Vulnerability in Multiple NEC Aterm Products
The NEC Aterm WG2600HP and others are a wireless router from NEC Corporation of Japan. A cross-site scripting vulnerability exists in multiple Aterm products, which stems from a lack of proper validation of client-side data by the WEB application. The vulnerability can be exploited by an attacker...
Command Injection Vulnerability in Multiple NETGEAR Devices
Netgear NETGEAR is a router from the American company Netgear. It is a hardware device that connects two or more networks and acts as a gateway between networks. Certain NETGEAR devices are vulnerable to a command injection vulnerability that affects the following products and versions: D7800...
Google Asylo Buffer Error Vulnerability
Google Asylo is a framework for developing trusted applications from Google Inc. in the United States. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation. A security vulnerability exists in Asylo up to 0.6.0, which allows an...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the fact that the endpoint for batch role removal does not perform fine-grained permission checks. This could allow with limited permissions to remove...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. In versions prior to 149.0.7827.115, there was a resource management vulnerability. This vulnerability stemmed from a problem with reusing resources after they were released by the Network component. This could allow attackers with privilege...
ClipBucket V5 安全漏洞
ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3 – including version 133 – contained security vulnerabilities. These vulnerabilities were due to lack of authorization, which could allow ordinary authenticated users...
Quest Bot 信息泄露漏洞
Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.4 contained an information leakage vulnerability. This vulnerability stemmed from the logging feature not restricting channel access, allowing configured users to...
ClipBucket V5 操作系统命令注入漏洞
ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3 – including version 140 – contained an operating system command injection vulnerability. This vulnerability stemmed from the remote playback feature allowing direct...
MCP Server Kubernetes 参数注入漏洞
MCP Server Kubernetes is an MCP server for Kubernetes management, developed by Suyog Sonwalkar. Versions of MCP Server Kubernetes prior to 3.7.0 contained a parameter injection vulnerability. This vulnerability stemmed from the kubectl generic tool not performing a whitelist check on the tokens...
KanaDojo 操作系统命令注入漏洞
KanaDojo is an attractive and customizable Japanese learning platform developed by lingdojo. KanaDojo has a vulnerability related to operating system command injection. This vulnerability arises from command injection, and it could allow attackers with access to pull requests to execute arbitrary...
Summarize 代码问题漏洞
Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.17.0 contained code vulnerabilities. These vulnerabilities were caused by server-side request forgeing attacks. Attackers could exploit these vulnerabilities by providing maliciou...
GitLab 资源管理错误漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 12.0, 18.10.8, 18.11.5, and 19.0.2...
Google Cloud Platform Dialogflow CX 安全漏洞
Google Cloud Platform Dialogflow CX is a conversational AI development platform based on natural language understanding and generation technology, provided by Google, Inc. There is a security vulnerability in Google Cloud Platform Dialogflow CX. This vulnerability stems from the lack of...
WordPress plugin SliceWP 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
OpenClaw 权限许可和访问控制问题漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.27 had code-related vulnerabilities. These vulnerabilities stemmed from issues with code execution during the skill installation process. The workarea.env file could override th...
Brickcom多款产品 访问控制错误漏洞
Brickcom Cube, among others, are products of the Brickcom company. The Brickcom Cube is a series of indoor network surveillance cameras. The Brickcom Dome is a series of hemispherical network surveillance cameras. The Brickcom Bullet is a series of gun-type network surveillance cameras. Several o...
OpenClaw 授权问题漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.22 contained security vulnerabilities. These vulnerabilities stemmed from a location verification issue in the Control UI pairing mechanism. This allowed attackers with network...
Apple macOS 路径遍历漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 and earlier contained a path traversal vulnerability. This vulnerability stemmed from parsing issues with directory path handling, which could allow...
Axios 注入漏洞
Axios is an open-source HTTP client developed by Axios. Versions of Axios from 1.15.2 to 1.16.0 had a injection vulnerability. This vulnerability stemmed from the lack of hasOwnProperty checks on nested objects created by the utils.merge function. This could lead to prototype pollution and...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability, which was caused by improper implementation of the password function. This vulnerability could allow remote attackers to bypass site...
CyberArk Idira Endpoint Privilege Manager 信任管理问题漏洞
CyberArk Idira Endpoint Privilege Manager is a terminal privilege management agent developed by the American company CyberArk. Versions of CyberArk Idira Endpoint Privilege Manager prior to version 26.5 contained vulnerabilities related to trust management. These vulnerabilities stemmed from...
CodexBar 安全漏洞
CodexBar is an AI programming service usage monitoring tool developed by Peter Steinberger. Versions of CodexBar prior to 0.33.0 contained security vulnerabilities. These vulnerabilities stemmed from credential forwarding, which could allow network adjacent attackers to intercept sensitive...
Axios 代码注入漏洞
Axios is an open-source HTTP client developed by Axios. Versions of Axios from 0.19.0 to 0.31.1, as well as versions before 1.15.2, have a code injection vulnerability. This vulnerability stems from a prototype pollution tool present in request configuration processing, which may lead to the...
WordPress plugin JoomSport SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Axios 安全漏洞
Axios is an open-source HTTP client developed by Axios. Versions prior to 0.32.0 and 1.16.0 of Axios contain security vulnerabilities. These vulnerabilities stem from two prototype pollution tools that may cause upstream dependencies to pollute Object.prototype, allowing Axios to silently use the...
Vim 代码注入漏洞
Vim is an open-source, cross-platform text editor developed by Vim developers. Prior to Vim 9.2.0597, there was a code injection vulnerability. This vulnerability stemmed from Python’s omni-completion feature, which used exec to execute function and class definitions reconstructed from the curren...
Netty 资源管理错误漏洞
Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.135.Final and 4.2.15.Final contained a resource management vulnerability. This...
ImageMagick 缓冲区错误漏洞
ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-24 contained a buffer error vulnerability. This vulnerability could occur when using the...