195539 matches found
WordPress plugin JoomSport SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Apple macOS 后置链接漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 and earlier contained a backlink vulnerability, which was caused by improper handling of symbolic links. This vulnerability could allow applications to...
Axios 安全漏洞
Axios is an open-source HTTP client developed by Axios. Versions prior to 0.32.0 and 1.16.0 of Axios contain security vulnerabilities. These vulnerabilities stem from two prototype pollution tools that may cause upstream dependencies to pollute Object.prototype, allowing Axios to silently use the...
Vim 代码注入漏洞
Vim is an open-source, cross-platform text editor developed by Vim developers. Prior to Vim 9.2.0597, there was a code injection vulnerability. This vulnerability stemmed from Python’s omni-completion feature, which used exec to execute function and class definitions reconstructed from the curren...
Netty 资源管理错误漏洞
Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.135.Final and 4.2.15.Final contained a resource management vulnerability. This...
ImageMagick 缓冲区错误漏洞
ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-24 contained a buffer error vulnerability. This vulnerability could occur when using the...
ImageMagick 安全漏洞
ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained security vulnerabilities. These vulnerabilities stemmed...
National Security Agency Ghidra 路径遍历漏洞
National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Prior to version 12.1 of National Security Agency Ghidra, there was a path traversal vulnerability. This vulnerability stemmed from SameDirDebugInfoProvider failing to valida...
National Security Agency Ghidra 资源管理错误漏洞
National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to version 12.1 contained a resource management vulnerability. This vulnerability stemmed from the use of the...
National Security Agency Ghidra 路径遍历漏洞
National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to 12.0.2 contained a path traversal vulnerability. This vulnerability stemmed from the extended installer’s failure to...
QNAP QTS 路径遍历漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have path traversal vulnerabilities, which allow remote attackers to access unexpected files or system data after...
VMware Spring Data REST 访问控制错误漏洞
VMware Spring Data REST is a data interface provided by the American company VMware. It is used to build domain models based on Spring Data repositories, and to expose hypermedia-driven HTTP resources for aggregates contained within those models. VMware Spring Data REST versions 3.7.0 and earlier...
WordPress plugin WPZOOM Portfolio 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
bit7z 路径遍历漏洞
bit7z is a file compression/uncompression tool developed by Riccardo as an individual project. Versions of bit7z prior to 4.0.12 contained a path traversal vulnerability. This vulnerability stemmed from a one-byte error in the SafeOutPathBuilder::restoreSymlink function, which could allow attacke...
National Security Agency Ghidra 路径遍历漏洞
National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to 12.0.4 contained a path traversal vulnerability. This vulnerability stemmed from the theme import feature not verifying...
VMware Spring Data KeyValue和VMware Spring Data Redis 安全漏洞
VMware Spring Data KeyValue and VMware Spring Data Redis are both products of the American company VMware. VMware Spring Data KeyValue is a key-value storage data access framework. VMware Spring Data Redis is a Redis data access framework. Both VMware Spring Data KeyValue and VMware Spring Data...
Nimiq 安全漏洞
Nimiq is an open-source implementation of the Albatross protocol in Rust. Prior versions of the Nimiq network-libp2p 1.4.0 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of the kad get-record query, where incorrect validation of records resulted in...
SpiceDB 授权问题漏洞
SpiceDB is a fine-grained permission database developed by the Authzed team. In versions 1.15.0 to 1.52.0 of SpiceDB, there was an authorization vulnerability. This vulnerability stemmed from the caveat structure, which contained nested lists, potentially leading to improper caching reuse...
Umbraco 输入验证错误漏洞
Umbraco is an open-source content management system CMS written in C by the Danish company Umbraco. Versions of Umbraco before 13.14.0 and 17.4.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from some Surface controllers failing to validate the redirect...
VMware Spring Data Commons 资源管理错误漏洞
VMware Spring Data Commons is a data access abstraction framework developed by VMware Corporation. There is a resource management vulnerability in VMware Spring Data Commons, which may lead to a StackOverflowException during the parsing of Sort parameters, resulting in a denial-of-service attack...
Nimiq 数据伪造问题漏洞
Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.4.0 had a data manipulation vulnerability. This vulnerability stems from a logical flaw in the BlockInclusionProof::isblockproven function, causing it to return true without performing any...
QNAP file station 异常处理不当漏洞
QNAP Systems File Station 6 is a file management software developed by QNAP Systems, a company based in Taiwan, China. There is a code vulnerability in QNAP Systems File Station 6, which stems from a null pointer dereferencing. This vulnerability could allow remote attackers to launch a...
BSimVis 跨站脚本漏洞
BSimVis is a binary program similarity analysis and visualization tool developed by the MISP Project. Versions of BSimVis up to v0.2.0 contained a cross-site scripting vulnerability. This vulnerability allowed attackers to execute operations as victims, access data that the victims could access, ...
National Security Agency Ghidra 安全漏洞
National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to version 11.2 contained security vulnerabilities. These vulnerabilities were caused by an undefined static initialization...
QNAP QTS 安全漏洞
QNAP Systems QTS is a software with data storage and management capabilities developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems QTS prior to 5.2.7.3256 contained a security vulnerability. This vulnerability stemmed from command injection, which could allow remot...
VMware Spring Data Relational 安全漏洞
VMware Spring Data Relational is a relational database access framework developed by VMware, Inc. There is a security vulnerability in VMware Spring Data Relational, which stems from the improper escaping of external control inputs when using StringMatcher in Query By Example. Attackers can use...
Concrete CMS 代码问题漏洞
Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS prior to 9.5.2 had code vulnerabilities. These vulnerabilities stemmed from calls to the unserialize function in the Permission, Cache, and Search components, which could allow unauthorize...
Metrics::Any::Adapter::SignalFx 注入漏洞
Metrics::Any::Adapter::SignalFx is a Perl metric collection adapter module developed by PEVANS’ personal developers. Versions of Metrics::Any::Adapter::SignalFx prior to version 0.04 contained an injection vulnerability. This vulnerability occurred because the labels function did not check for li...
Erlang/OTP 安全漏洞
Erlang/OTP is an open-source JavaScript library for handling exceptions, developed by Erlang/OTP. This library can catch exceptions caused by Node.js’s built-in APIs. Erlang/OTP ssh versions prior to 6.0.0 had a security vulnerability. This vulnerability stemmed from the sshauth module’s use of...
Frappe Learning Management System 注入漏洞
Frappe Learning Management System is an easy-to-use open-source learning management system developed by Frappe. Versions of the Frappe Learning Management System prior to 2.53.0 had a injection vulnerability. This vulnerability allowed authenticated users to provide malicious content in certain...
Roxy-WI 代码问题漏洞
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier have a code vulnerability. This vulnerability stems from the /smon/agent/route function directly passing URL path components to requests.get, which may all...
Fission 安全漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contain security vulnerabilities. These vulnerabilities stem from the SanitizeFilePath function, which uses string prefix checks instead of directory boundary checks. As a result,...
NSA Ghidra 安全漏洞
NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Previous versions of NSA Ghidra, up to version 12.1.1, contained security vulnerabilities. These vulnerabilities stemmed from the Mach-O binary parser,...
Jenkins 输入验证错误漏洞
Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have a vulnerability related...
QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability stems from command injection, which...
Palo Alto Networks Cortex XSIAM CommvaultSecurityIQ Marketplace和Palo Alto Networks Cortex XSOAR CommvaultSecurityIQ Marketplace 安全漏洞
Palo Alto Networks Cortex XSIAM CommvaultSecurityIQ Marketplace and Palo Alto Networks Cortex XSOAR CommvaultSecurityIQ Marketplace are both products of Palo Alto Networks. The Palo Alto Networks Cortex XSIAM CommvaultSecurityIQ Marketplace is a security operations integration extension package...
WordPress plugin Newsletters SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
ESP-IDF 输入验证错误漏洞
ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.5.4 and 6.0 of ESP-IDF contain input validation vulnerabilities. These vulnerabilities stem from issues with the security service wrapper component in the esptee module, which...
Dulwich 操作系统命令注入漏洞
Dulwich is a Python-based Git repository management interface developed by Jelmer Vernooij. Versions of Dulwich from 0.24.0 to 1.2.5 had a vulnerability related to operating system command injection. This vulnerability stemmed from ProcessMergeDriver’s ability to replace file paths into the merge...
Dulwich 路径遍历漏洞
Dulwich is a Python-based Git repository management interface developed by Jelmer Vernooij. Versions of Dulwich prior to 1.2.5 contained a path traversal vulnerability. This vulnerability occurred when deriving patch file names from the commit message, without properly cleaning path separators an...
SQLAlchemy Admin 安全漏洞
SQLAlchemy Admin is an open-source SQLAlchemy model management interface tool developed by Smithy HQ. Versions of SQLAlchemy Admin prior to 0.25.1 contained a security vulnerability. This vulnerability stemmed from the ajaxlookup endpoint in the application.py file, which bypassed the isaccessibl...
Weblate 代码问题漏洞
Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 2026.6 had code-related vulnerabilities. These vulnerabilities stemmed from the improper handling of some transition IPv6 ranges, multicast addresses, and partially...
Fission 访问控制错误漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained a access control vulnerability. This vulnerability stemmed from the Fission Function’s access webhook verifying that the spec.secrets.namespace and spec.configmaps.namespace...
WordPress plugin Easy Image Collage 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Palo Alto Networks Prisma Access Agent for Linux 安全漏洞
Palo Alto Networks Prisma Access Agent for Linux is a Linux terminal security access client provided by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks Prisma Access Agent for Linux, which stems from a security control bypass. This vulnerability could allow local...
FTL 竞争条件问题漏洞
FTL is an open-source network advertising interception and statistics tool developed by Pi-hole. Versions of FTL prior to 6.6.1 contained a race condition vulnerability, which stems from race conditions in the HTTP session management subsystem. This vulnerability could allow attackers to perform...
Kanidm 安全漏洞
Kanidm is a simple and secure identity management platform developed by Kanidm itself. Versions of Kanidm prior to 1.9.3 contained security vulnerabilities. These vulnerabilities were caused by the recursive descent PEG parser in SCIM endpoints, which led to a stack overflow when processing neste...
lmdeploy 代码注入漏洞
lmdeploy is a toolkit developed by InternLM for compressing, deploying, and serving LLMs. Versions of lmdeploy prior to 0.12.3 have a code injection vulnerability, which stems from the hard-coded trustremotecode=True setting. This vulnerability could lead to remote code execution within the...
lmdeploy 代码注入漏洞
lmdeploy is a toolkit developed by InternLM for compressing, deploying, and serving LLMs. Versions of lmdeploy prior to 0.12.3 have a code injection vulnerability. This vulnerability stems from the hardcoding of trustremotecode=True at multiple HuggingFace model loading points, which may allow...
BoxLite 安全漏洞
BoxLite is an open-source embedded microvirtual machine runtime developed by BoxLite. It provides hardware-isolated secure sandboxes for AI agents and code execution scenarios. Versions of BoxLite 0.8.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from using a...