195539 matches found
D-Link多款产品 命令注入漏洞
D-Link DNS-320, etc., are products of D-Link Corporation, a Chinese company. The D-Link DNS-320 is a NAS Network Attached Storage device. The D-Link DNS-120 is a network storage adapter. The D-Link DNS-315L is a network attached storage device. Several D-Link products have command injection...
PX4-Autopilot 安全漏洞
PX4-Autopilot is an open-source drone autopilot system developed by PX4. Versions prior to PX4-Autopilot 1.17.0-rc2 contained security vulnerabilities. These vulnerabilities stemmed from logical errors in the FTP session verification of PX4 Autopilot MAVLink. As a result, unverified attackers cou...
WordPress plugin Sprout Clients 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Parse Server 安全漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.6.0-alpha.12 and 8.6.38 contain security vulnerabilities. These vulnerabilities stem from unvalidated user identifier formats,...
WordPress plugin ProfilePress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin Builderall Builder for WordPress 代码注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
File Browser 信息泄露漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.61.0 contained a vulnerability related to information leakage. This...
WordPress plugin Seraphinite Accelerator 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin WP Recipe Maker 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
FreeRDP 安全漏洞
FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.23.0 contained security vulnerabilities. These vulnerabilities stemmed from the xfclipboardformatequal function, which allowed reusing of freed memory after it was released...
Progress Telerik UI 安全特征问题漏洞
Progress Telerik UI is a UI control suite for application development developed by the American company Progress. Versions of Progress Telerik UI for AJAX prior to version 2026.1.225 contained security feature vulnerabilities, which were caused by insufficient entropy in the RadAsyncUpload...
Intego Personal Backup 后置链接漏洞
Intego Personal Backup is a backup tool developed by the Intego company. Intego Personal Backup has a post-installation vulnerability that stems from the fact that backup task definitions are stored in a location that can be written to by non-privileged users. However, these tasks are processed...
AMD多款产品 安全漏洞
AMD EPYC and other products are developed by American semiconductor company AMD. AMD EPYC is a high-performance server processor. Amd Epyc™ Embedded Processors are embedded processors. AMD EPYC Processors are a series of multi-core processors. Several AMD products have security vulnerabilities;...
AutoGPT 代码问题漏洞
AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. Previous versions of AutoGPT, including autogpt-platform-beta-v0.6.34, had code vulnerabilities. These vulnerabilities stemmed from the use of the third-party library urllib.request.urlopen...
Geopandas security vulnerabilities
Geopandas is an open-source Python tool for processing geospatial data. Versions of geopandas prior to 1.1.2 contained a security vulnerability. This vulnerability stemmed from a flaw in the topostgis function, which could allow attackers to access sensitive information when writing GeoDataFrames...
Malcontent security vulnerabilities
Malcontent is a supply chain attack detection tool developed by Chainguard. Versions prior to 1.20.3 of Malcontent contain security vulnerabilities. These vulnerabilities arise from the possibility of exposing Docker registry credentials during the scanning of specially crafted OCI image referenc...
OpenProject data falsification vulnerability
OpenProject is an open-source web-based project management software. In versions 17.0.0 to 17.0.2 of OpenProject, there was a data manipulation vulnerability. This vulnerability stemmed from the BlockNote editor extension not properly verifying work package IDs, allowing arbitrary GET requests to...
Kargo security vulnerabilities
Kargo is an open-source continuous delivery tool developed by Akuity. Versions of Kargo prior to 1.8.7, 1.7.7, and 1.6.3 contained security vulnerabilities. These vulnerabilities stemmed from defects in the authentication checks for the GetConfig and RefreshResource API endpoints, which could all...
ibaPDA security vulnerabilities
ibaPDA is an industrial process data acquisition and analysis system developed by the German company iba. There is a security vulnerability in ibaPDA, which allows unauthorized operations on the file system under certain conditions. This vulnerability may affect the confidentiality, integrity, or...
XDocReport security vulnerabilities
XDocReport is an open-source XML document reporting software developed by opensagres. There are security vulnerabilities in the XDocReport version 1.0.0 to 2.1.0; these vulnerabilities stem from server-side template injection in the FreeMarker component, which may allow arbitrary code to be...
Cal.com 安全漏洞
Cal.com is an open source scheduling software from Cal.com Open Source. A security vulnerability exists in Cal.com versions 3.1.6 through prior to 6.0.7, which stems from a flaw in the custom NextAuth JWT callback that could allow an attacker to gain full authentication access to any user account...
Microsoft Windows Ancillary Function Driver for WinSock 安全漏洞
Microsoft Windows Ancillary Function Driver for WinSock is an ancillary function driver for Winsock from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Windows Ancillary Function Driver for WinSock, which is caused by freeing memory in the WinSock Ancillary Function...
TinyOS 安全漏洞
TinyOS is an operating system in the TinyOS open source. A security vulnerability exists in TinyOS 2.1.2 and earlier versions, which stems from improper use of the strcpy and strcat functions in the mcp2200gpio utility, and could lead to stack memory corruption and application crashes...
pypdf 安全漏洞
pypdf is py-pdf open source a free open source pure python PDF library . Able to split , merge , crop and convert pages of PDF files . pypdf versions prior to 6.6.0 has a security vulnerability , the vulnerability stems from the processing of incorrectly formatted startxref entries may generate a...
iccDEV 安全漏洞
iccDEV is a color configuration codebase open-sourced by the International Color Consortium ICC. A security vulnerability exists in iccDEV versions prior to 2.3.1.2, which stems from undefined behavior caused by passing a null pointer to memcpy in CIccTagSparseMatrixArray...
WordPress plugin WING WordPress Migrator 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the rsi driver not checking the state of the WoWlan configuration in a shutdown hook, which could result in ...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from sysfs changing group attribute ownership without checking visibility, which could result in a warning message...
WordPress plugin Fancy Product Designer 信息泄露漏洞
WordPress Fancy Product Designer plugin is an e-commerce plugin designed for the WordPress platform, mainly used to implement the product online customization function. WordPress Fancy Product Designer plugin has an information disclosure vulnerability, the vulnerability stems from the url...
D-Link DCS-F5614-L1 安全漏洞
The D-Link DCS-F5614-L1 is a network camera from China Youxun D-Link. A security vulnerability exists in the D-Link DCS-F5614-L1 that originates from unauthenticated access to camera configuration information, including account credentials, when accessing a specific URL...
Xinhu RockOA 安全漏洞
Xinhu RockOA is an office OA system of China Xinhu Company. A security vulnerability exists in Xinhu RockOA version 2.7.0, which originates from the incorrect operation of the function phpinisaveAction in the file webmain/system/cogini/coginiAction.php on the parameter a, which may result in the...
WordPress plugin Kallyas 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an out-of-bounds memory read in the xfs symbolic link fix, which could lead to a system crash...
Apache SkyWalking 安全漏洞
Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A cross-site scripting vulnerability exists in Apache SkyWalking version 10.2.0 and earlier, which stems from not...
ASUS Router 安全漏洞
ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. An authentication bypass vulnerability exists in ASUS Router, which stems from an unexpected side effect of Samba functionality...
Roo Code 命令注入漏洞
Roo Code is an AI-based autonomous coding agent from Roo Code. A command injection vulnerability exists in Roo Code versions prior to 3.26.7 that stems from an authentication error and could lead to the execution of unauthorized commands...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. AXIS OS has a security vulnerability that stems from insufficient validation of ACAP configuration file inputs, which could lead to path traversal attacks and elevation of privilege...
DedeBIZ 安全漏洞
DedeBIZ is a content management system from China Muyun Intelligence DedeBIZ company. A security vulnerability exists in DedeBIZ 6.3.2 and earlier versions, which stems from an incorrect manipulation of the parameter orderby in the file /admin/freelistmain.php, which could lead to a SQL injection...
WordPress plugin Polylang 安全漏洞
WordPress Polylang plugin is a multilingual WordPress plugin for creating and managing multilingual websites, supports switching from 1 to 10 or more languages, the core functionality is fully integrated with WordPress built-in features e.g. taxonomies without additional dependency on external...
IPFire 安全漏洞
IPFire is an open source Linux distribution from the IPFire organization. It is primarily used as a router and firewall. A security vulnerability exists in IPFire versions prior to 2.29 that stems from insufficient cleaning and escaping of the CONNECTIONNAME parameter, which could lead to an SQL...
Flock Safety Android Collins 安全漏洞
Flock Safety Android Collins is an application module for managing cameras from Flock Safety USA. A security vulnerability exists in Flock Safety Android Collins version 6.35.31, which stems from a lack of authentication and could lead to denial of service, information disclosure, and remote code...
LlamaIndex 安全漏洞
LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex version 0.12.44 and earlier, which stems from the use of hard-coded paths and lack of security controls in the getcachedir function, which could lead to model stealin...
Novakon P series 安全漏洞
Novakon P series is a series of industrial panel PC operating pages from Taiwan, China-based Speedcom Novakon. A security vulnerability exists in Novakon P series version V2001.A.C518o2, which stems from improper authentication and could allow an unauthenticated attacker to upload and download...
SoftIron HyperCloud 安全漏洞
SoftIron HyperCloud is an intelligent cloud architecture from SoftIron. A security vulnerability exists in SoftIron HyperCloud versions 2.5.0 through 2.6.3 that stems from incorrectly adding a user SSH key to an administrator-level authorization key, which could lead to unauthorized elevation of...
WordPress plugin Responsive Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
Contao 安全漏洞
Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 5.3.38 and versions prior to 5.6.1, which stems from an unfiltered protected...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by a lack of permission checking in handleBondStateChanged of AdapterService.java. An attacker can exploit this vulnerability to obtain sensitive...
Komari 跨站脚本漏洞
Komari is a simple server monitoring tool from the Komari Moniter open source. A cross-site scripting vulnerability exists in versions prior to Komari 1.0.4-fix1, which stems from the WebSocket updater disabling origin checking, and could lead to cross-site WebSocket hijacking and remote code...
Copier 路径遍历漏洞
Copier is a Copier open source library for rendering project templates. A path traversal vulnerability exists in Copier versions prior to 7.1.0 through 9.9.1, which stems from the fact that templates can be written to files outside of the target path, potentially leading to arbitrary file...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uninitialized device structure that could cause the kernel to crash...