195539 matches found
Hugo 路径遍历漏洞
Hugo is a framework based on the Go language used by the Gohugoio community for quickly generating static websites. Versions of Hugo from 0.43 to 0.161.0 had a path traversal vulnerability. This vulnerability occurred due to the lack of restrictions on file system access when calling Node tools,...
Adobe Commerce 代码问题漏洞
Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a code vulnerability in Adobe Commerce, which stems from server-side request forgeing. This vulnerability may allow security features to be bypassed, enabling...
Microsoft Windows Ancillary Function Driver for WinSock 安全漏洞
The Microsoft Windows Ancillary Function Driver for WinSock is a accessibility driver for Winsock from Microsoft Corporation. There are security vulnerabilities associated with the Microsoft Windows Ancillary Function Driver for WinSock. Attackers can exploit these vulnerabilities to gain elevate...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have security vulnerabilities; these...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
Control Web Panel 操作系统命令注入漏洞
Control Web Panel is a Linux virtual host control panel. Versions of Control Web Panel prior to 0.9.8.1209 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the key parameter in /admin/index.php, allowing unauthenticated...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of signed integers in bloblen and nummon functions within cephmonmapdecode. This can lead...
ZTE Cloud PC client uSmartView 代码问题漏洞
ZTE Cloud PC client uSmartView is a cloud desktop remote access client software developed by ZTE Corporation. There is a code vulnerability in ZTE Cloud PC client uSmartView, which stems from a DLL hijacking vulnerability. Since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from insufficient blacklists for execution environment policy environment variables, which might allow...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the uninitialized payload of NLMSGDONE in the nfnetlinklog, leading to a leak of kernel heap data...
Code-MCP 路径遍历漏洞
Code-MCP is an AI-integrated tool for terminal and file operations developed by Steven Yu. Versions of Code-MCP 4cfc4643541a110c906d93635b391bf7e357f4a8 and earlier have a path traversal vulnerability. This vulnerability stems from a problem with the MCP File Handler component in the issafepath...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from improper implementations in Cast, and could allow remote attackers with access to the damaged rendering process to bypass...
PhpSpreadsheet 代码问题漏洞
PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. Code vulnerabilities exist in versions 1.30.2 and earlier, as well as versions 2.0.0 to 2.1.14, 2.2.0 to 2.4.3, 3.3.0 to 3.10.3, and 4.0.0 to 5.5.0 of PhpSpreadsheet. These vulnerabilities...
Python Notebook MCP 路径遍历漏洞
Python Notebook MCP is an interactive tool developed by Usama Khatab, allowing AI assistants to operate Jupyter notebooks. Python Notebook MCP has a path traversal vulnerability, which stems from issues with the functions createnotebook/readnotebook/editcell/addcell in the file server.py,...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities were caused by environmental variable injection, allowing malicious workarea.env files to set runtime control...
Oracle MCP Server Helper Tool SQL注入漏洞
The Oracle MCP Server Helper Tool is a server assistance tool developed by Oracle Corporation. Versions 1.0.1 to 1.0.156 of the Oracle MCP Server Helper Tool contain SQL injection vulnerabilities. These vulnerabilities stem from issues with the helper tool component, allowing unauthenticated...
Claude SDK for TypeScript 安全漏洞
Claude SDK for TypeScript is an open-source development toolkit by Anthropic, designed for calling the Claude API using TypeScript. There were security vulnerabilities in versions of Claude SDK for TypeScript from 0.79.0 to 0.91.1. These vulnerabilities stemmed from BetaLocalFilesystemMemoryTool...
Apache Neethi 代码问题漏洞
Apache Neethi is a policy processing framework library developed by the Apache Foundation. Apache Neethi has code-related vulnerabilities; these vulnerabilities arise from the lack of restrictions on URIs when manually retrieving remote policy references via the PolicyReference API. This could le...
Wireshark 代码问题漏洞
Wireshark is a set of network packet analysis tools developed by the Wireshark team. The software’s function is to capture network packets and display detailed data for analysis. Versions of Wireshark from 4.6.0 to 4.6.4 had code vulnerabilities that could lead to a denial-of-service attack due t...
zserio 输入验证错误漏洞
Zserio is an open-source framework for efficiently serializing structured data by Navigation Data Standard e.V. Versions of Zserio prior to 2.18.1 contained a vulnerability related to input validation errors. This vulnerability occurred due to the setBitPosition boundary check in the...
GNU C Library 安全漏洞
The GNU C Library is an open-source, free C-language compiler program published by the GNU community under the LGPL license. Versions of the GNU C Library from 2.7 to 2.43 contained security vulnerabilities. These vulnerabilities stemmed from the use of %mc and format specifiers with a width...
phpBB 安全漏洞
phpBB is a set of web forum software developed by Ariefibis. Version phpBB 3.3.15 has a security vulnerability, which stems from cross-site request forgery in the login function and authentication mechanism. This vulnerability could allow for the execution of arbitrary code...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the fal provider image-generation-provider.ts component...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by attackers to cause network acquisition and disk writes to be forced by unauthorized senders...
WWBN AVideo 跨站请求伪造漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF token verification at the administrator plugin configuration endpoint...
Netty 环境问题漏洞
Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.132.Final and 4.2.10.Final contained environmental issues. These issues were caused by...
Wallos 代码问题漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.7.0 had code vulnerabilities. These vulnerabilities stemmed from incomplete SSRF protections, and the save endpoint did not apply the validatewebhookurlforssrf protection. This allowe...
Craft CMS 安全漏洞
Craft CMS is an open-source content management system developed by Craft CMS. Versions prior to 4.17.8 and 5.9.14 of Craft CMS had security vulnerabilities. These vulnerabilities stemmed from lack of resource-based authorization verification, which could allow unauthorized access to private asset...
Nexxt Solutions Nebula 300+ 安全漏洞
The Nexxt Solutions Nebula 300+ is a wireless router produced by the American company Nexxt Solutions. Versions of the Nebula 300+ prior to 12.01.01.37 contain security vulnerabilities. These vulnerabilities stem from the lack of cross-site request forgery protection in the status change manageme...
WordPress plugin Multi Post Carousel by Category 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Admidio 安全漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio 5.0.6 and earlier have security vulnerabilities; these vulnerabilities st...
OPEXUS eComplaint和OPEXUS eCASE 安全漏洞
OPEXUS eComplaint and OPEXUS eCASE are products of the American company OPEXUS. OPEXUS eComplaint is a complaint and appeal management platform. OPEXUS eCASE is an case management system. There were security vulnerabilities in versions of OPEXUS eComplaint and OPEXUS eCASE before 10.2.0.0. These...
SuiteCRM SQL注入漏洞
SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Versions of SuiteCRM prior to 7.15.1 and 8.9.3 contained an SQL injection vulnerability. This vulnerability occurred when creating or editing reports, where the fieldfunction parameter in the POST data was saved...
WordPress plugin Sprout Clients 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Inductive Automation Ignition 代码问题漏洞
Inductive Automation Ignition is an integrated software platform developed by Inductive Automation in the United States, designed for SCADA systems. This platform supports SCADA Supervisory Control and Data Acquisition and HMI Human Machine Interface applications. Inductive Automation Ignition ha...
Parse Server 安全漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.6.0-alpha.12 and 8.6.38 contain security vulnerabilities. These vulnerabilities stem from unvalidated user identifier formats,...
WordPress plugin Court Reservation 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Vulnerabilities exist in versions 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and...
Ibexa eZ Platform 安全漏洞
Ibexa eZ Platform is a content management system and website building tool provided by the Norwegian company Ibexa. The Ibexa eZ Platform 2.x version has a security vulnerability, which stems from improper access control in the REST API. This vulnerability could allow unverified attackers to acce...
GitHub Copilot CLI 操作系统命令注入漏洞
GitHub Copilot CLI is a terminal AI programming assistant open sourced by GitHub. Versions of GitHub Copilot CLI 0.0.422 and earlier had an operating system command injection vulnerability. This vulnerability stemmed from defects in shell security assessments, which could lead to arbitrary code...
OliveTin 数据伪造问题漏洞
OliveTin is an open-source web application developed by OliveTin. Versions of OliveTin prior to 3.00.11.1 had a data manipulation vulnerability. This vulnerability stemmed from the lack of enforcing the audience value during JWT authentication configuration, which could lead to authentication usi...
WordPress plugin Seraphinite Accelerator 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
OpenEXR 安全漏洞
OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions 3.3.0 to 3.3.6 and 3.4.0 to 3.4.4 of OpenEXR contain security vulnerabilities. These vulnerabilities stem from integer underflow during the parsing of malformed EXR...
WordPress plugin Grand Conference 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...
WordPress plugin iThemes Sync 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin User Submitted Posts – Enable Users to Submit Posts from the Front End 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...
melange 操作系统命令注入漏洞
Melange is a software developed by Chainguard for building APKs from source code. Versions of Melange from 0.10.0 to 0.40.3 had an operating system command injection vulnerability. This vulnerability stemmed from the patch pipeline incorrectly referencing or verifying input-derived values when...
WordPress Plugin Interactions: Cross-Site Script Vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
Linux Kernel Security Vulnerabilities
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the issue of not releasing device references when binding and unbinding devices. This vulnerabili...
Microsoft Windows Remote Assistance 安全漏洞
Microsoft Windows Remote Assistance is a windows feature from Microsoft Corporation USA for viewing or controlling a remote Windows computer to solve a problem without having to touch the device directly. A security vulnerability exists in Microsoft Windows Remote Assistance. An attacker exploiti...