195539 matches found
Splunk Enterprise 安全漏洞
Splunk Enterprise is a suite of data collection and analytics software from Splunk, Inc. in the United States. A security vulnerability exists in Splunk Enterprise versions 9.3.x prior to 9.3.1, 9.2.x prior to 9.2.3, and 9.1.x prior to 9.1.6, which originates from a low-privileged user being able...
Django 安全漏洞
Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django version 5.1 up to and including version 5.1.1,...
Fortinet FortiOS 安全漏洞
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. Fortinet FortiOS suffers from a...
Wiki.js 安全漏洞
Wiki.js is a suite of open source Wiki software from the Requarks.io team based on Node.js and written in the JavaScript language. A security vulnerability exists in Wiki.js versions prior to 2.5.303, which stems from a vulnerability that allows an attacker to inject malicious JavaScript into the...
Eclipse Dataspace Components 安全漏洞
Eclipse Dataspace Components is a development connector for Eclipse Dataspace Components open source. A security vulnerability exists in Eclipse Dataspace Components versions 0.2.1 through 0.6.2. An attacker exploiting this vulnerability could obtain OAuth2 client secrets from the repository...
WordPress plugin WordPress Backup & Migration security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...
WordPress Plugin Video.js 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
D-Link DVG-G5402SP 操作系统命令注入漏洞
The D-Link DVG-G5402SP is a wireless router from China-based AUO D-Link. An operating system command injection vulnerability exists in the D-Link DVG-G5402SP firmware version GE1.03, which stems from its Maintenance function that allows an attacker to implement command injection...
Fortinet FortiOS 信息泄露漏洞
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A security vulnerabili...
Google TensorFlow 安全漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. Google TensorFlow suffers from a security vulnerability that stems from the fact that it crashes when mlir::tfg::ConvertGenericFunctionToFunctionDef is given the null...
Microsoft Windows 安全漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows Autopilot. The following products and editions are affected: Windows 10 Version 21H1 for x64-based Systems,Window...
Cobbler 安全漏洞
Cobbler is a network installation server suite that is primarily used to quickly set up Linux network installation environments. security vulnerabilities exist in versions of Cobbler prior to 3.3.1, stemming from files in /etc/cobbler that are publicly readable, two of which contain some sensitiv...
YetiForceCrm 输入验证错误漏洞
YetiForceCrm is an open source crm system from the Polish company YetiForce. Yetiforcecrm suffers from a processing logic error vulnerability, which stems from Yetiforcecrm being vulnerable to business logic errors. No detailed vulnerability details are currently available...
Siemens JT2GO和Siemens Teamcenter Visualization 缓冲区错误漏洞
JT2Go, a 3D JT viewing tool, and Teamcenter Visualization software enable companies to enhance their Product Lifecycle Management PLM environments with a comprehensive family of visualization solutions. The software allows business users to access documents, 2D drawings and 3D models in a single...
Statamic 跨站脚本漏洞
Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows for storing all content, templates, assets, and settings in files rather than in a database. Versions of Statamic 6.0.0 to 6.2.3 had a cross-site scripting vulnerability, which originated from stored cross-site...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper resource cleanup in the probe error path, which could lead to the disclosure of warning messages...
WordPress plugin Extensions for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress plugin Persian Nested Show/Hide Text 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin Elements kit Elementor addons security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
VISAM VBASE 代码问题漏洞
VISAM VBASE is a data acquisition and monitoring system from VISAM Germany. A security vulnerability exists in VISAM VBASE Automation Base versions prior to 11.7.5 that stems from the presence of an information leak...
Apache Superset 跨站脚本漏洞
A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation. The vulnerability stems from a failure of the upload data form to properly render user input, which could be exploited by an attacker to cause a cross-sit...
Siemens Teamcenter Visualization 和 JT2Go 缓冲区错误漏洞
Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. Siemens JT2GO is a JT file viewer. Siemens Teamcenter Visualization and JT2Go are vulnerable to a memory corruption vulnerability that could be exploited by an attacker to...
Bank Management System 跨站脚本漏洞
Bank Management System is a bank management system. A cross-site scripting vulnerability exists in SourceCodester Blood Bank Management System version 1.0, which stems from an unknown function in the index.php?page=users file of its User Registration Handler component that operates on the paramet...
Vela 安全漏洞
Github Vela is an application open-sourced by Github in the United States. It provides an automation framework. Vela suffers from a security vulnerability that stems from its insecure default configuration that allows an attacker to achieve container escape...
Bento4 安全漏洞
Bento4 is an open source C++ library for reading and writing MP4 files. A denial of service vulnerability exists in Bento4 version 1.6.0-639, which stems from excessive memory consumption in the AP4DataBuffer::ReallocateBuffer function in Core/Ap4DataBuffer.cpp. An attacker can exploit the...
Honeywell Saia Burgess PG5 PCD 加密问题漏洞
The Honeywell Saia Burgess PG5 PCD is a Honeywell USA solution that includes SBC Instrumentation, Control, and Automation ICA device implementation and operational automation. A cryptographic issue vulnerability exists in all versions of the Honeywell Saia Burgess PG5 PCD that stems from a...
Pimcore SQL注入漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A SQL injection vulnerability exists in Pimcore...
HashiCorp go-getter 输入验证错误漏洞
HashiCorp go-getter is a library for HashiCorp's Go golang for downloading files or directories from various sources using URLs as the primary form of input. An input validation error vulnerability exists in HashiCorp go-getter version 2.0.2 and prior versions, which stems from the inability to...
WSO2 多个产品跨站脚本漏洞
WSO2 API Manager and others are products of WSO2, Inc.WSO2 API Manager is an API lifecycle management solution.WSO2 Dashboard Server is a dashboard server.WSO2 Identity Server IS is an identity server. A security vulnerability exists in several WSO2 products that stems from incorrect output...
Siemens Jt2go 安全漏洞
Siemens Jt2go, a JT file viewer, and Siemens Teamcenter Visualization, software that provides team collaboration capabilities for designing 2D and 3D scenes, are vulnerable to a denial-of-service vulnerability in Siemens Jt2go and Teamcenter Visualization, which stems from TiffLoader.dll is...
SuiteCRM 代码问题漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM Suitecrm team. A security vulnerability exists in SuiteCRM that stems from SuiteCRM prior to 7.11.19 that allows remote code execution to be set via the system settings log file name. An attacker can exploit the vulnerability...
jose-node-esm-runtime 安全漏洞
npm jose-node-esm-runtime is an application from npm, Inc. json web almost everything uses the Node.jscrypto module for JWA, JWS, JWE, JWT, JWK with no dependencies. jose-node-esm-runtime is a security vulnerability in jose-node-esm-runtime prior to version 3.11.4 that arises from a significant...
MiniClaw 路径遍历漏洞
MiniClaw is an AI memory and evolution tool developed by a 8421bit individual developer. MiniClaw has a path traversal vulnerability, which stems from the function isPathInside in the executeSkillScript component’s src/kernel.ts file. This vulnerability may lead to path traversal attacks...
Calibre-Web Automated 安全漏洞
Calibre-Web Automated is a self-hosted digital library management tool developed by CrocodileStick’s individual developer. Versions of Calibre-Web Automated prior to 4.0.6 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization in the generateauthtoken functi...
Pimcore SQL注入漏洞
Pimcore is an open-source web content management platform developed by the Austrian company Pimcore. This platform integrates applications such as web content management, e-commerce frameworks, and product information management. Version 12.3.3 of Pimcore has a SQL injection vulnerability. This...
WordPress plugin Livemesh Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
Efacec QC 安全漏洞
Efacec QC is a series of electric vehicle charging posts from Efacec Portugal. A security vulnerability exists in Efacec QC that stems from a lack of privilege control over user XXX, which could lead to unlimited privilege elevation...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper handling of i2cdesignware device interrupts, which could lead to null pointer dereferences...
Joomla! 授权问题漏洞
Joomla! is a free, open source content management system open-sourced by Joomla! An authorization issue vulnerability exists in Joomla! that stems from an insufficient status check that results in bypassing two-factor authentication checks...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from staging: r8188eu in rtwwxsetscan could lead to a -Ssid overflow...
Cisco RoomOS Software和Cisco TelePresence Collaboration Endpoint Software 安全漏洞
Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software are both products of Cisco Corporation.Cisco RoomOS Software is a set of automated management software for Cisco devices. The software is mainly used for upgrading and managing the motherboard firmware of Cisco...
WordPress plugin File Upload Types by WPForms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin File Upload Typ...
Livewire 输入验证错误漏洞
Livewire is Livewire open source a full stack framework for Laravel that allows you to build dynamic UI components without leaving PHP. An input validation error vulnerability exists in Livewire prior to version v3.5.2, which stems from unvalidated actual file extensions for filenames...
WordPress plugin MDTF SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
Next.js Security Vulnerability
Next.js is a React framework open-sourced by Vercel. A security vulnerability exists in versions of Next.js prior to 13.4.0 through 13.5 that stems from the presence of a denial-of-service DoS condition, which could affect server availability...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a vulnerability in the drivers:perf module...
WordPress Plugin MasterStudy LMS 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Silverpeas Security Vulnerabilities
Silverpeas is an open source business collaboration platform. The platform includes applications for project management, blogs, forums, and document management. A security vulnerability exists in Silverpeas Core version 6.3.1, which stems from the fact that the notification/messaging function doe...
Graylog 代码问题漏洞
Graylog is a centralized log management solution from Graylog USA. The product supports capturing, storing, and analyzing logs in real-time, among other things. Graylog suffers from a code issue vulnerability that stems from the fact that in a multi-node Graylog cluster, after a user is explicitl...
Rizin 输入验证错误漏洞
Rizin is a free open source reverse engineering framework from the Rizin organization. It is used for analyzing binary files, disassembling code, debugging programs, as a forensic tool, as a scriptable command-line hex editor capable of opening disk files, and more. An input validation error...