195539 matches found
Office Server Document Converter 缓冲区错误漏洞
Antenna House Office Server Document Converter Osdc is an office server document converter from Antenna House USA. It is used to batch convert Word, Excel, and Powerpoint into high-quality Pdf or image formats that are easy to share and look accurate on any screen. A buffer error vulnerability...
NEC Corporation CLUSTERPRO 和 EXPRESSCLUSTER 缓冲区错误漏洞
Nec Expresscluster X is a specialized high availability cluster software from Nec Corporation of Japan. It is used to initiate a fast restore function and continuously protect critical applications and data.NEC Corporation CLUSTERPRO is a HA cluster software from NEC. A buffer error vulnerability...
Huawei Imanager NetEco 代码注入漏洞
Huawei Imanager NetEco is a professional energy infrastructure management platform from Huawei China. Huawei iManager NetEco suffers from a CSV injection vulnerability, which stems from insufficient input validation of certain parameters and can be exploited to inject CSV files into the target...
GitLab 权限许可和访问控制问题漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. GitLab suffers from a Permission Permission and Access...
Cisco IOS 缓冲区错误漏洞
Cisco IOS XE Software is an operating system from the U.S. company Cisco Cisco. A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity.Cisco IOS XE Software is vulnerable to an authentication bypass...
Faad2 缓冲区错误漏洞
Freeware Advanced Audio Decoder 2 FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder licensed under the GPLv2 license. a heap buffer overflow vulnerability exists in the stszin function in mp4read.c in FAAD2 version 2.10.0 and earlier. An attacker could exploit this vulnerability to execute co...
UReport 代码注入漏洞
UReport is a high-performance pure Java reporting engine based on the Spring architecture. ureport version 2.2.9 contains an arbitrary file creation vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...
WordPress 插件跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Per page, which stems from a lack of proper...
atftp 安全漏洞
atftp is a client implementation of the TFTP protocol. A security vulnerability exists in tftpdfile.c in ATFTP 0.7.4 and earlier versions, which stems from buffer size handling that does not properly account for combinations of data, OACK, and other options...
Cisco UCS Manager 资源管理错误漏洞
A denial-of-service vulnerability exists in the way Cisco UCS Manager handles SSH sessions, which can be exploited by an attacker to open a large number of SSH sessions to cause the internal Cisco UCS Manager software process to crash and restart...
Dolibarr 授权问题漏洞
Dolibarr is a software application. A modern software package to help manage your organization's activities. A security vulnerability exists in Dolibarr versions v2.8.1 through v13.0.2 that allows a low-privileged attacker to reset the password of any user in the affected application using the...
Google TensorFlow 代码问题漏洞
Google TensorFlow is an end-to-end open source machine learning platform. a null pointer dereference vulnerability exists in the rowpartitiontypes of the tf.rawops.RaggedTensorToTensor API in versions prior to Google TensorFlow 2.6.0. An attacker can exploit this vulnerability by sending invalid...
Siemens Solid Edge 资源管理错误漏洞
Siemens Solid Edge is a 3D CAD software from Siemens, a German company. The software can be used in industries such as part design, assembly design, sheet metal design, welding design, etc. A security vulnerability exists in Siemens Solid Edge, which stems from the lack of proper validation of th...
Jupyter Notebook 跨站脚本漏洞
Jupyter Notebook is a suite of open source web applications for creating and sharing code and illustrative text documents. Jupyter Notebook suffers from a cross-site scripting vulnerability that stems from the fact that in the affected version, untrusted notes can execute code on load and Jupyter...
WordPress 代码问题漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code issue vulnerability exists in WordPress theme Workreap that stems from...
Rust 安全漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation.A denial-of-service vulnerability exists in the appendix box of Mozilla Rust versions prior to November 15, 2020, which can be exploited by an attacker to cause data contention by sending a specially crafted...
Google Android 缓冲区错误漏洞
Google Android is a Linux-based open source operating system from Google, Inc. Google Android wifi driver information disclosure vulnerability can be exploited by remote attackers to obtain sensitive information...
Hashicorp HashiCorp Consul 输入验证错误漏洞
Hashicorp HashiCorp Consul is a suite of distributed, highly available data center-aware solutions from HashiCorp Hashicorp USA. The product is used to connect and provision applications across a dynamically distributed infrastructure. HashiCorp Consul and Consul Enterprise suffers from an input...
Microsoft Exchange Server 授权问题漏洞
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voice mail, email filtering and screening, and other features. An authorization issue vulnerability exists in Microsoft Exchange Server. The...
Joomla! 跨站脚本漏洞
A cross-site scripting vulnerability exists in versions 3.0.0 to 3.9.27, which could be exploited to lure users into clicking on and executing client-side code to steal user cookie credentials...
Joomla! CMS 跨站脚本漏洞
A cross-site scripting vulnerability exists in versions 3.0.0 to 3.9.27 of Joomla!...
NVIDIA Jetson 缓冲区错误漏洞
Nvidia NVIDIA Jetson is an embedded system development module from Nvidia Corporation. NVIDIA Jetson suffers from a buffer error vulnerability that stems from Trusty including a vulnerability in the HDCP service TA that lacks the boundary check in Command 5. An attacker could exploit this...
Tor 缓冲区错误漏洞
Tor is a network of virtual tunnels. It allows individuals and groups to improve their privacy and security on the Internet. A buffer error vulnerability exists in Tor. The vulnerability arises from a networked system or product performing operations in memory without properly validating data...
Gallagher Command Centre Server SQL注入漏洞
Gallagher Command Center Server is a management system used by Gallagher of New Zealand to monitor and manage infrastructure in buildings. Gallagher Command Centre OPCUA Interface A SQL injection vulnerability exists due to a lack of validation of externally entered SQL statements in a...
HTMLDOC 资源管理错误漏洞
HTMLDOC is an open source program that converts HTML and Markdown files to EPUB, Indexed HTML, PostScript, and PDF formats.A resource management error vulnerability exists in HTMLDOC, which stems from the pspdfexport function in ps-pdf.cxx when processing JPEG images A boundary error exists. A...
McAfee Agent代码问题漏洞
The McAfee McAfee Agent MA is a set of client components from McAfee, Inc. that provides secure communications between ePolicy Orchestrator the antivirus management platform and managed products. A security vulnerability exists in McAfee Agent in versions prior to 5.7.3. The vulnerability stems...
Zettlr 跨站脚本漏洞
Zettlr is the most comprehensive editor for professional editing of Markdown files. Zettlr suffers from a cross-site scripting vulnerability that can be exploited by remote attackers to trick a victim into clicking on a specially crafted link and executing arbitrary HTML and script code in the...
Sourceforge PoDoFo 安全漏洞
PoDoFo is a free, portable and easy to use PDF parsing, modification and creation library. A security vulnerability exists in the PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp in PoDoFo version 0.9.7. An attacker can exploit the vulnerability to cause a stack overflow...
Istio 授权问题漏洞
Istio is a set of open platforms for connecting, managing, and securing microservices. Istio is vulnerable to an authorization issue. The vulnerability stems from the fact that when the istio gateway is configured in TLS mode "AUTOPASSTHROUGH", it is possible for an attacker to bypass authorizati...
多款Nvidia产品安全漏洞
NVIDIA GPU Display Driver for Linux is a product of NVIDIA Corporation.NVIDIA GPU Display Driver for Linux is a driver for interactive support of the graphics card display module in Linux systems.NVIDIA GPU Display Driver for Windows is a driver for interactive support of the graphics card displa...
Oracle VM VirtualBox 输入验证错误漏洞
Oracle VM VirtualBox is a virtual machine management software from Oracle. Oracle VM VirtualBox suffers from an input validation error vulnerability that stems from an input validation error in the core components of Oracle VM VirtualBox. No detailed vulnerability details are provided at this tim...
Oracle VM VirtualBox 输入验证错误漏洞
Oracle VM VirtualBox is a virtual machine management software from Oracle. Oracle VM VirtualBox suffers from an input validation error vulnerability that stems from an input validation error in the core components of Oracle VM VirtualBox. No detailed vulnerability details are provided at this tim...
Oracle Fusion Middleware 输入验证错误漏洞
Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collections, and other capabilities. Oracle Fusion Middleware Oracle Platform Security for Java OPSS...
Nextcloud 注入漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in the Nextcloud Desktop client, which stems from insufficient validation of input provided to a user passed through a URL....
froala editor 跨站脚本漏洞
Froala Editor is a Web-based WYSIWYG rich text editor . A cross-site scripting vulnerability exists in the hyperlink creation module in Froala Editor version 3.2.6. The vulnerability can be exploited to conduct cross-site scripting attacks via specially crafted base64 strings...
Apache Druid 安全漏洞
Apache Druid is a column-oriented, open source distributed database written in Java from the Apache Software Apache Foundation. A security vulnerability exists in Apache Druid 0.20.2, which can be exploited by an attacker to execute arbitrary code in the MYSQL process of the Druid server...
baserCMS 操作系统命令注入漏洞
BaserCMS is an open source enterprise-level content management system cms. An OS command injection vulnerability exists in BaserCMS versions prior to 4.4.5. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary OS commands...
Nimble 信任管理问题漏洞
Nimble is an open source package manager for the Nim programming language. A trust management issue vulnerability exists in Nimble versions 1.2.10 and 1.4.4, which can be exploited by an attacker to deliver a modified list of packages containing malware packages, leading to untrusted code executi...
Rohan Kumar kubernetes-client 路径遍历漏洞
Rohan Kumar kubernetes-client is an open source application by Rohan Kumar. Provides smooth DSL access to the full Kubernetes and OpenShift REST APIs. A security vulnerability exists in fabric8 kubernetes-client in version 4.2.0 and after, which stems from the copy command lifting files outside o...
Npm ps-kill 命令注入漏洞
Npm ps-kill is an application from Npm, Inc. Npm ps-kill is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands...
Sauwming pjproject 安全漏洞
Sauwming pjproject is a Sauwming open source application. It combines the signaling protocol SIP with a rich multimedia framework and NAT traversal capabilities into a portable, high-level API for almost all types of systems, from desktops and embedded systems to cell phones. A security...
Microsoft Office 安全漏洞
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A security vulnerability exists in Microsoft Office. The following products and editions are...
Siemens RUGGEDCOM RM1224 缓冲区错误漏洞
SCALANCE SC-600 devices SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C are used to protect trusted industrial networks from untrusted networks. SCALANCE M-800/S615 industrial routers are used for secure remote access to plants via mobilenetworks such as GPRS or UMTS for secure remote access to...
Directus Information Disclosure Vulnerability
Directus is a real-time Api and application dashboard. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus version 8.x prior to version 8.8.1, which can be exploited by an attacker to view all users in the CMS using API user id...
Dhowden Tag Input Validation Error Vulnerability
Dhowden Tag is a Go-based MP3/MP4/OGG/FLAC metadata parsing library by Dhowden's personal developer. A security vulnerability exists in dhowden tag versions prior to 2020-11-19, which allows "panic: runtime error: slice bounds out of range" via readTextWithDescrFrame...
Red Hat Wildfly Security Vulnerability
Red Hat Wildfly is a lightweight JavaEE-based open source application server from Red Hat, Inc. A security vulnerability exists in Red Hat Wildfly that stems from a potential memory leak in wildfly when using OpenTracing...
Gila CMS 代码问题漏洞
Gila CMS is an open source content management system CMS based on PHP and MySQL. A file upload vulnerability exists in Gila CMS 1.16.0. An attacker can exploit this vulnerability to upload a shell to the tmp directory, which can then be used to execute PHP files using .htaccess via the logging...
Soagen Apinizer 安全漏洞
Soagen Apinizer is an API management and API gateway platform developed by the Turkish company Soagen. Versions of Soagen Apinizer from 2026.04.0 to 2026.04.6 contained security vulnerabilities. These vulnerabilities were caused by improper handling of special elements in expressions language...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 had a security vulnerability due to improper handling of symbolic links, which could allow applications to access protected user data...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 代码问题漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were code vulnerabilities in versions prior to 18.10 through 18.10.8...