195539 matches found
Flowise 安全漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a security vulnerability, which stemmed from issues with batch assignment during dataset creation and updating. This vulnerability could lead to...
Nginx Proxy Manager 操作系统命令注入漏洞
Nginx Proxy Manager is an open-source Docker container developed by Nginx Proxy Manager. It is used to manage Nginx proxy hosts through a simple and powerful interface. Version 2.9.14 to 2.15.1 of Nginx Proxy Manager has a vulnerability related to operating system command injection. This...
student_management_system 跨站脚本漏洞
studentmanagementsystem is a student information management tool personally developed by Vivek Singh. studentmanagementsystem has a cross-site scripting vulnerability. This vulnerability stems from improper handling of parameters such as name, address, and fname by an unknown function in the...
SourceCodester Class and Exam Timetabling System 注入漏洞
SourceCodester Class and Exam Timetabling System is an open-source classroom and exam scheduling system developed by SourceCodester. Version 1.0 of the SourceCodester Class and Exam Timetabling System has a SQL injection vulnerability, which stems from improper handling of the parameter "Password...
UTT HiPER 2610G 缓冲区错误漏洞
UTT HiPER 2610G is a high-end router designed for small and medium-sized enterprise networks by UTT Corporation. Versions of UTT HiPER 2610G 3.0.0-171107 and earlier contain a buffer overflow vulnerability. This vulnerability stems from the strcopy function in the...
CodeAstro Student Attendance Management System 注入漏洞
The CodeAstro Student Attendance Management System is a student attendance management system developed by CodeAstro Corporation. Version 1.0 of the CodeAstro Student Attendance Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ...
HCL Digital Experience和HCL Digital Experience Compose 安全漏洞
HCL Digital Experience and HCL Digital Experience Compose are both products of the Indian company HCL. HCL Digital Experience is a digital experience platform and content delivery solution. HCL Digital Experience Compose is an enterprise-level content creation and digital experience management...
Cloud Foundry windows-utilities-release 安全漏洞
Cloud Foundry Windows-Utilities-Release is a collection of Windows platform maintenance tools provided by the Cloud Foundry company. There are security vulnerabilities in Cloud Foundry Foundation Windows-Utilities-Release; these vulnerabilities stem from the use of a predictable random number...
Mint 安全漏洞
Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.2.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the HTTP/2 server’s ability to insert unlimited entries through the PUSHPROMISE frame, which could lead to memo...
Sony PlayStation 4 安全漏洞
The Sony PlayStation 4 is a home video game console developed by the Japanese company Sony. There were security vulnerabilities in the versions 13.00 to 13.02 of the Sony PlayStation 4. These vulnerabilities stemmed from the BD-J sandbox feature, which could allow an abnormal JAR file to escape,...
OpenTelemetry eBPF Instrumentation 安全漏洞
OpenTelemetry eBPF Instrumentation is an open-source eBPF-based lightweight telemetry data collection tool developed by OpenTelemetry. Versions of OpenTelemetry eBPF Instrumentation prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the Postgres protocol parser’...
OTRS 安全漏洞
OTRS is a service management solution developed by the German company OTRS. Versions 8.0.X, 2023.X, 2024.X, 2025.X, and 2026.X up to version 2026.4.X of OTRS contained security vulnerabilities. These vulnerabilities were due to uncontrolled resource allocation during email processing, which could...
Waterfall WF-500 操作系统命令注入漏洞
The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 RX Host contains an operating system command injection vulnerability. This...
arcane 操作系统命令注入漏洞
Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane 1.18.1 and earlier contain a vulnerability related to operating system command injection. This vulnerability stems from the path cleaner in the GET /environments/id/volumes/volumeName/browse endpoint not...
PHP-SHOP 跨站请求伪造漏洞
PHP-SHOP is an online shopping system developed by joeyrush, based on PHP. Version 1.0 of PHP-SHOP has a cross-site request forgeing vulnerability. This vulnerability stems from the lack of verification of the request source, which may allow unauthenticated attackers to add administrative users...
MENNEKES AMTRON 安全漏洞
MENNEKES AMTRON is a series of electric vehicle AC charging stations and wall-mounted charging systems from MENNEKES Corporation. Versions of MENNEKES AMTRON 5.22.3 and earlier contain security vulnerabilities. These vulnerabilities stem from authentication bypasses, which may allow unauthenticat...
WordPress plugin Photo Gallery by 10Web SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Casdoor 安全漏洞
Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained a security vulnerability. This vulnerability stemmed from logical flaws in the social login binding process, allowing users to...
Music Player Daemon 安全漏洞
Music Player Daemon is an open-source music playback daemon. Versions of Music Player Daemon prior to 0.24.11 contained a security vulnerability. This vulnerability stemmed from the pcmunpack24be function in src/pcm/Pack.cxx, which had a stack buffer overflow issue. This could allow unauthorized...
InHand IR Series 安全漏洞
The InHand IR Series is a series of industrial-grade cellular wireless routers produced by InHand Corporation in the United States. The InHand IR Series contains a security vulnerability, which stems from command injection in the WireGuard VPN function. This vulnerability may allow attackers to...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of prohibition for private IOCTL commands in the atomic ISP driver, potentially leading ...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an issue with the switch case statement in the loongsongpufixupdmahang function within LoongArch...
WordPress plugin WPBakery Page Builder Addons by Livemesh 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application add-on. The WordPre...
OpenStack Swift 安全漏洞
OpenStack Swift is an open-source distributed object storage system under OpenStack. There were security vulnerabilities in versions of OpenStack Swift prior to 2.36.2 and 2.37.2. These vulnerabilities stemmed from the s3api middleware handling truncated aws-chunked PUT request bodies, leading to...
WordPress plugin Smart Online Order for Clover 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin WPComplete 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞
MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...
WordPress plugin ShopLentor - WooCommerce Builder for Elementor & Gutenberg 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
Craft CMS 安全漏洞
Craft CMS is an open-source content management system CMS developed by Craft CMS. Versions of Craft CMS 5.9.5 and earlier contained security vulnerabilities, which were caused by a lack of authorization verification at the migrate endpoint...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the pushbuf relocation boundary check in the nouveau driver. This vulnerability results in an...
Dozzle 代码问题漏洞
Dozzle is a small, lightweight application developed by Amir Raminfar as an individual project. Versions of Dozzle prior to 10.5.2 had code vulnerabilities. These vulnerabilities stemmed from the fact that the POST /api/notifications/test-webhook endpoint was not authenticated during default...
IBM Db2 日志信息泄露漏洞
IBM Db2 is a relational database management system developed by IBM. Versions 11.5.0 to 11.5.9 and 12.1.0 to 12.1.4 of IBM Db2 contain a vulnerability related to log information leakage. This vulnerability stems from the storage of potentially sensitive information in log files, which may allow...
Joomla! CMS 路径遍历漏洞
Joomla! CMS is a content management system developed under the open source Joomla! framework. Joomla! CMS has a path traversal vulnerability, which stems from improper input validation provided to users, potentially leading to local file inclusion...
mistune 跨站脚本漏洞
Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune 3.2.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the renderfigure function in src/mistune/directives/image.py, which directly concatenated the...
eml_parser 安全漏洞
EmlParser is an open-source Python library for parsing email files, developed by GOVCERT.LU. Versions of EmlParser prior to 3.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of EmlParser.getrawbodytext, which performed unrestricted recursive processing on nested...
Tiandy Easy7 Integrated Management Platform 授权问题漏洞
Tiandy Easy7 Integrated Management Platform is a video surveillance integrated management platform from Tiandy, China. An authorization issue vulnerability exists in Tiandy Easy7 Integrated Management Platform version 7.17.0, which originates from the handling of the file...
OutSystems Lifetime 安全漏洞
OutSystems Lifetime is a low-code platform management control center from OutSystems USA. A security vulnerability exists in OutSystems Lifetime versions prior to 11.28.2.3955, which stems from the presence of the ApplicationID parameter to bypass authorization via a user control key, which could...
Edimax EW-7438RPn 操作系统命令注入漏洞
The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Versions of Edimax EW-7438RPn prior to 1.31 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the formWizSurvey function in the webs component files or...
GNU SASL 代码问题漏洞
GNU SASL is a simple authentication and security layer framework from the GNU community in the United States, which implements several common SASL mechanisms. Versions of GNU SASL prior to 2.2.3 had code vulnerabilities; these vulnerabilities stemmed from a null pointer dereferencing in the...
Yakamara Media Redaxo CMS Mediapool Addon 安全漏洞
Yakamara Media Redaxo CMS Mediapool Addon is an extension for media resource management within the REDAXO content management system developed by Yakamara Media. Versions of Yakamara Media Redaxo CMS Mediapool Addon prior to version 5.5.1 contained security vulnerabilities. These vulnerabilities...
Microsoft Entra 安全漏洞
Microsoft Entra is an identity and access management system developed by the American company Microsoft. There is a security vulnerability in Microsoft Entra, which stems from using alternative paths or channels to bypass authentication. This could allow unauthorized attackers to gain elevated...
Sunshine 信任管理问题漏洞
Sunshine is an Open Source Moonlight-based autonomous gaming streaming host developed by LizardByte. Earlier versions of Sunshine, such as 2026.516.143833, had vulnerabilities related to trust management. These vulnerabilities stemmed from improper handling of OpenSSL verification results. Custom...
Dell PowerFlex Manager 安全漏洞
Dell PowerFlex Manager is a software-defined infrastructure deployment and lifecycle management platform developed by the American company Dell. Versions of Dell PowerFlex Manager prior to 4.6.2 contain security vulnerabilities. These vulnerabilities stem from the exposure of directory list...
Netatalk 操作系统命令注入漏洞
Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.1.0 to 4.4.2 of Netatalk have a vulnerability related to operating system command injection. This vulnerability stems fr...
PowerDNS Authoritative 命令注入漏洞
PowerDNS Authoritative is a DNS server software developed by PowerDNS Corporation. PowerDNS Authoritative has a command injection vulnerability, which stems from insufficient name validation during the AXFR process...
Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...
HCL BigFix Service Management 安全漏洞
HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a security vulnerability, which stems from configuration issues. Using outdated or insecure base images may introduce known vulnerabilitie...
Veritas Technologies Infoscale Operations Manager 跨站请求伪造漏洞
Veritas Technologies Infoscale Operations Manager is a software developed by Veritas Technologies in the United States, used for managing the entire InfoScale deployment. This software offers features such as multi-cluster management, custom interfaces, and centralized audit logging. Version 9.1....
WordPress plugin Email Encoder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the possibility for low-privilege users to bypass security controls and disable the implicit flow of OIDC clients, potentially leading to the leakage o...