195539 matches found
Rancher Labs Rancher 安全漏洞
Rancher Labs Rancher is an open source enterprise container management platform from Rancher Labs, Inc. in the United States. A security vulnerability exists in Rancher Labs Rancher versions 2.6.0 through 2.6.13 and 2.7.0 through 2.7.4, which stems from improper privilege management in SUSE Ranch...
IBM QRadar WinCollect Agent 安全漏洞
IBM QRadar WinCollect Agent is an agent program from International Business Machines IBM that collects and sends Windows event logs. A security vulnerability exists in IBM QRadar WinCollect Agent versions 10.0 through 10.1.3. An attacker could exploit the vulnerability to elevate system privilege...
WordPress plugin Newsletter Popup 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
Sitecore Experience Platform 路径遍历漏洞
Sitecore Experience Platform XP is a suite of customer digital experience platforms from Sitecore, Denmark. A security vulnerability exists in Sitecore Experience Platform 10.2 and prior versions, which stems from a directory traversal vulnerability that could allow an authenticated, remote...
Belkin Smart Outlet 缓冲区错误漏洞
Belkin Smart Outlet is a smart outlet from Belkin USA. A security vulnerability exists in Belkin Smart Outlet version V2 that stems from the presence of a stack-based buffer overflow that allows an attacker to cause a denial of service DoS via a crafted UPNP request...
Cisco DNA Center 安全漏洞
Cisco DNA Center is a network management and command center service from Cisco USA. Cisco DNA Center is vulnerable to an authorization issue. The vulnerability stems from improper authorization of API requests and can be exploited by an authenticated, remote attacker to read information from a...
Cisco Identity Services Engine 路径遍历漏洞
Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. An input validation error vulnerability exists ...
WordPress plugin Product Addons & Fields for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Wordpress plugin WP Search Analytics 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Wordpress plugin Wholesale Suite 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. Wordpress plugin Wholesale Suite...
Microsoft Windows MSHTML Platform 安全漏洞
Microsoft Windows MSHTML Platform is an application from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows MSHTML Platform. The following products and editions are affected:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windo...
UCMS 跨站脚本漏洞
UCMS is a content management system written in PHP. A cross-site scripting vulnerability exists in UCMS version 1.6.0, which stems from a problem with the file saddpost.php, where incorrect manipulation of the parameter strorder can lead to cross-site scripting...
Xen 代码问题漏洞
Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen has a security vulnerability that stems...
Schneider Electric Easy UPS Online Monitoring Software 访问控制错误漏洞
Schneider Electric Easy UPS Online Monitoring Software is a power monitoring software from Schneider Electric France. The Schneider Electric Easy UPS Online Monitoring Software suffers from an access control error vulnerability that stems from an authentication vulnerability that lacks critical...
Schneider Electric Easy UPS Online Monitoring Software 操作系统命令注入漏洞
Schneider Electric Easy UPS Online Monitoring Software is a power monitoring software from the French company Schneider Electric. The Schneider Electric Easy UPS Online Monitoring Software suffers from an operating system command injection vulnerability that stems from a mishandled case-sensitive...
Adobe Substance 3D Designer 缓冲区错误漏洞
Adobe Substance 3D Designer is a 3D design software from Adobe. A buffer error vulnerability exists in Adobe Substance 3D Designer version 12.4.0 and prior versions, which stems from an out-of-bounds write vulnerability that could lead to the execution of arbitrary code in the current user's...
Microsoft OLE DB Provider for SQL Server 安全漏洞
Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation that allows access to data from a variety of sources in a unified way. A security vulnerability exists in Microsoft OLE DB Provider for SQL Server. The following products and versions are affected: Windows Server...
Trellix Agent 缓冲区错误漏洞
Trellix Agent is a client component of FireEye USA Trellix, Inc. provides secure communication between McAfee ePolicy Orchestrator McAfee ePO and hosted products. A security vulnerability exists in Trellix Agent Windows and Linux version 5.7.8 and earlier. An attacker can exploit the vulnerabilit...
WordPress Plugin WordPress Ping Optimizer 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress plugin HT Portfolio 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
DataGear SQL注入漏洞
DataGear is an open source and free data visualization and analysis platform from DataGear. A SQL injection vulnerability exists in DataGear versions prior to 4.5.1, which stems from a problem with the file /analysisProject/pagingQueryData, where manipulation of the parameter queryOrder can lead ...
Moodle 跨站脚本漏洞
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle. An attacker exploited the vulnerability to perform a cross-site scripting attack...
IBM Aspera 代码问题漏洞
IBM Aspera is an IBM FASP protocol-based fast file transfer and streaming solution from International Business Machines IBM. IBM Aspera Faspex version 4.4.2 is vulnerable to XML external entity injection, which stems from not setting the correct filter to allow references to external entities whe...
Dell BIOS 输入验证错误漏洞
Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell, Inc. A security vulnerability exists in Dell BIOS, which arises from an incorrect input validation vulnerability that can be exploited by a locally authenticated attacker with administrator privileges to...
Adobe Dimension 资源管理错误漏洞
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. A memory misreference vulnerability exists in Adobe Dimension, which can be exploited by an attacker to execute arbitrary code in the context of the current user...
WordPress Plugin Cristian Client Portal – Private user pages and login 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Cristian Client Portal -...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is a U.S. GitHub open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.7. An attacker...
FlatPress 安全漏洞
FlatPress is a Php-based blog builder without database support from the FlatPress community. A security vulnerability exists in FlatPress versions prior to 1.3. An attacker exploited the vulnerability to change file names or file paths...
QEMU Guest Agent 安全漏洞
QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A security vulnerability exists in QEMU Guest Agent. An attacker can exploit the vulnerability to elevate privileges...
Intel Integrated Baseboard Management Controller 安全漏洞
Intel Integrated Baseboard Management Controller is an integrated baseboard management controller from Intel Corporation USA. A security vulnerability exists in Intel Integrated Baseboard Management Controller BMC. An attacker could exploit this vulnerability to cause a denial of service on the...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is a large commercial database system from Microsoft that is used on Microsoft Windows systems. A security vulnerability exists in SQL Server. The following products and versions are affected:Microsoft SQL Server 2017 for x64-based Systems GDR,Microsoft SQL Server 2014 Servic...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is a large commercial database system from Microsoft that is used on Microsoft Windows systems. A security vulnerability exists in SQL Server. The following products and versions are affected:Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems CU 4,Microsoft SQL Serve...
Microsoft 3D Builder 安全漏洞
Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...
Theonedev Onedev 安全特征问题漏洞
Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev A security signature iss...
PDF-XChange Editor 缓冲区错误漏洞
Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. A security vulnerability exists in PDF-XChange Editor that originates from a problem with the parsing of certain JP2 files...
PDF-XChange Editor 缓冲区错误漏洞
Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. A security vulnerability exists in PDF-XChange Editor that stems from a problem with the parsing of certain U3D files...
Plesk Obsidian 输入验证错误漏洞
Plesk Obsidian is a hosting control panel from Plesk Switzerland. An input validation error vulnerability exists in Plesk Obsidian version 18.0.49 and prior versions. An attacker could exploit this vulnerability to redirect users to a malicious website via the host request header...
Mangboard SQL注入漏洞
Mangboard is an e-commerce website of the South Korean company Mangboard. A SQL injection vulnerability exists in Mangboard versions prior to 2.0.4. The vulnerability stems from an unchecked input value, which is an SQL injection vulnerability that can be exploited by an attacker to execute...
Shopware 代码问题漏洞
Shopware is a suite of open source e-commerce software from the German company Shopware. A code issue exists in Shopware where a vulnerability exists because the administrative session expiration date is set to one week, which allows an attacker to use the session for a long period of time if the...
Microsoft Windows 竞争条件问题漏洞
Microsoft Windows is a windowed operating system developed by Microsoft Corporation in the United States. An elevation of privilege vulnerability exists in Microsoft Windows Malicious Software Removal Tool. An attacker can exploit this vulnerability to gain elevation of privilege...
Microsoft Office 安全漏洞
Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A remote code execution vulnerability exists in Microsoft Office. An attacker could exploit this vulnerability to execute code on the target host...
Microsoft 3D Builder 安全漏洞
Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...
snoyberg Keter 跨站脚本漏洞
snoyberg Keter is Michael Snoyman's personal developer's deployment system for web applications, originally used to host Yesod applications. A cross-site scripting vulnerability exists in snoyberg Keter version 1.8.1 and prior versions, which stems from cross-site scripting due to incorrect...
Google Android 缓冲区错误漏洞
Google Android is a Linux-based open source operating system from Google, Inc. Google Android suffers from a security vulnerability that stems from a problem with a Qualcomm closed-source component...
memos 访问控制错误漏洞
memos is an open source hosted memo center with knowledge management and social features. An access control error vulnerability exists in versions prior to memos 0.9.1, which can be exploited by an attacker to edit and delete all other user shortcuts...
IBM AIX 安全漏洞
IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX suffers from a denial-of-service vulnerability that can be exploited by unauthorized local attackers to achieve a denial of service via the AIX SMB...
OpenImageIO 代码问题漏洞
OpenImageIO is OpenImageIO open source an image processing library . With an easy to use interface and a large number of supported image formats. A code issue vulnerability exists in OpenImageIO version v2.4.4.2, which stems from a denial of service in the ZfileOutput::close function, where a...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
FreeBSD 安全漏洞
FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD. An attacker exploiting this vulnerability could trigger a denial of service and possibly run code by triggering a FreeBSD buffer overflow via ping...
WordPress plugin Squirrly SEO 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...