195539 matches found
SoftIron HyperCloud 安全漏洞
SoftIron HyperCloud is an intelligent cloud architecture from SoftIron. A security vulnerability exists in SoftIron HyperCloud versions 2.5.0 through 2.6.3 that stems from incorrectly adding a user SSH key to an administrator-level authorization key, which could lead to unauthorized elevation of...
WordPress plugin Responsive Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
Contao 安全漏洞
Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 5.3.38 and versions prior to 5.6.1, which stems from an unfiltered protected...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by a lack of permission checking in handleBondStateChanged of AdapterService.java. An attacker can exploit this vulnerability to obtain sensitive...
Komari 跨站脚本漏洞
Komari is a simple server monitoring tool from the Komari Moniter open source. A cross-site scripting vulnerability exists in versions prior to Komari 1.0.4-fix1, which stems from the WebSocket updater disabling origin checking, and could lead to cross-site WebSocket hijacking and remote code...
Copier 路径遍历漏洞
Copier is a Copier open source library for rendering project templates. A path traversal vulnerability exists in Copier versions prior to 7.1.0 through 9.9.1, which stems from the fact that templates can be written to files outside of the target path, potentially leading to arbitrary file...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uninitialized device structure that could cause the kernel to crash...
soosyze 安全漏洞
soosyze is Soosyze open source a content management system . soosyze has a brute force vulnerability , the vulnerability stems from the /user/login endpoint lack of rate limiting and locking mechanism , an attacker can use this vulnerability to cause brute force attack...
Pearcleaner 安全漏洞
Pearcleaner is a mac application cleaner tool by the individual developer Alin Lupascu. A security vulnerability exists in Pearcleaner versions 4.4.0 through 4.5.1, which stems from the XPC service exposing the Execute Arbitrary Command method, which could lead to elevation of privilege...
Copyparty 跨站脚本漏洞
Copyparty is a portable file server for ed individual developers. A cross-site scripting vulnerability exists in Copyparty 1.18.4 and earlier versions, which stems from improper cleaning of the multimedia tags of music files and could lead to the execution of arbitrary JavaScript code...
WordPress 安全漏洞
WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress versions 3.5 through 6.8.2, which stems from mishandling of...
RuoYi 安全漏洞
RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi 4.8.1 and earlier versions, which originates from the incorrect operation of the File parameter File in the function uploadFile in the file...
RT-Thread 缓冲区错误漏洞
RT-Thread is an open source IoT real-time operating system RTOS from RT-Thread Open Source. A buffer error vulnerability exists in RT-Thread 5.1.0 and earlier versions, which stems from a memory corruption and could lead to a local attack...
Elecom多款产品 操作系统命令注入漏洞
Elecom WRC-X3000GS and others are a router from Elecom Japan. An operating system command injection vulnerability exists in the Elecom WRC-X3000GS, Elecom WRC-X3000GSA, and Elecom WRC-X3000GSN, which stems from a Connection Diagnostics page command injection leading to arbitrary OS command...
KnowledgeGPT 安全漏洞
KnowledgeGPT is a Sasmitha Individual Developer to provide accurate answers and instant citations for your documents. A security vulnerability exists in KnowledgeGPT version V.0.0.5, which stems from a flaw in the Document Display Component that could lead to remote execution of arbitrary code...
mezzanine 跨站脚本漏洞
mezzanine is a Django CMS framework by stephenmcd individual developers. A cross-site scripting vulnerability exists in mezzanine versions prior to 6.1.1, which stems from insufficient cleanup of the displayablelinksjs function and could lead to a stored cross-site scripting attack...
OpenNext opennextjs/cloudflare 安全漏洞
OpenNext opennextjs/cloudflare is an OpenNext open source Next.js adapter. A security vulnerability exists in OpenNext opennextjs/cloudflare that stems from a server-side request forgery issue that could result in loading arbitrary remote content...
FreeScout 跨站脚本漏洞
FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that stems from not filtering the payload when creating translated phrases, no details of the vulnerability are...
WordPress plugin Save as Image Plugin by Pdfcrowd 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Victure RX1800 安全漏洞
The Victure RX1800 is a wireless router from Victure. A security vulnerability exists in the Victure RX1800 ENV1.0.0r12110933 version, which stems from improper access control and could result in SSH and Telnet services being enabled without authentication...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a null pointer dereference in dpuplanevirtualatomiccheck...
Snowflake snowflake-connector-nodejs 安全漏洞
Snowflake snowflake-connector-nodejs is a Snowflake connector for NODEJS from Snowflake, Inc. A security vulnerability exists in Snowflake snowflake-connector-nodejs versions prior to 1.10.0 through 2.0.4, which stems from a TOCTOU competitive condition that could result in log configuration bein...
SourceCodester Web-based Pharmacy Product Management System 代码问题漏洞
SourceCodester Web-based Pharmacy Product Management System is a SourceCodester open source Web-based pharmacy product management system. A code issue vulnerability exists in version 1.0 of the SourceCodester Web-based Pharmacy Product Management System, which stems from insufficient validation o...
Siemens TeleControl Server Basic SQL注入漏洞
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from an SQL injection vulnerability that originates from an SQL injection in the UnlockTraceLevelSettings method, which can be exploited by an attacker to bypass...
WordPress plugin FS Poster 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
GraphicsMagick 安全漏洞
GraphicsMagick is GraphicsMagick open source set of simple image processing tools. It provides resizing, rotation, highlighting, and more. A security vulnerability exists in GraphicsMagick versions prior to 8e56520, which stems from a heap buffer over-read...
FoxCMS 安全漏洞
FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS Company. A security vulnerability exists in FoxCMS version 1.25, which originates from improper authorization...
Adobe Illustrator 安全漏洞
Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A security vulnerability exists in Adobe Illustrator versions 29.2.1, 28.7.4 and earlier, which originates from a stack buffer overflow that can be exploited by an attacker to cause arbitra...
Adobe Illustrator 代码问题漏洞
Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A null pointer dereference vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to cause a denial of service...
Cordaware bestinformed 安全漏洞
Cordaware bestinformed is a mass notification system from Cordaware, Germany. A security vulnerability exists in Cordaware bestinformed that stems from a server address modification permission issue that could result in local privileges being elevated to SYSTEM...
OpenPanel 安全漏洞
OpenPanel is a web hosting panel from OpenPanel, Inc. A security vulnerability exists in OpenPanel v0.3.4, which originates in the File Manager component of OpenPanel, and can be exploited to access and view a directory traversal operation by constructing a malicious HTTP request and utilizing th...
1000 Projects Employee Task Management System SQL注入漏洞
1000 Projects Employee Task Management System is an open source employee task management system from 1000 Projects. A SQL injection vulnerability exists in 1000 Projects Employee Task Management System version 1.0, which is caused by SQL injection due to parameter email...
SAP NetWeaver AS SQL注入漏洞
SAP NetWeaver AS is a SAP web application server from SAP, Germany. SAP NetWeaver AS suffers from a SQL injection vulnerability that originates from a program that does not properly check for authorization, which could be exploited by an attacker to gain control over data in an Informix database,...
WordPress plugin Dominion 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin Asgard Security Scanner 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Drupal 安全漏洞
Drupal is an open source content management system developed in the Drupal community using the PHP language. A security vulnerability exists in Drupal OAuth & OpenID Connect Single Sign On - SSO OAuth/OIDC Client versions 3.0.0 through 3.44.0, and 4.0.0 through 4.0.19, which stems from improperly...
WordPress plugin Error Log Viewer By WP Guru 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in...
Chat2DB 安全漏洞
Chat2DB is an AI-driven SQL client open-sourced by CodePhiliaX. A security vulnerability exists in Chat2DB version v0.3.5, which stems from the presence of XML external entity injection in the component /datagrip/upload, allowing an attacker to execute arbitrary code by providing crafted XML inpu...
Adobe After Effects 安全漏洞
Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. Adobe After Effects suffers from a buffer overflow vulnerability that...
WordPress plugin Redirects 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
GL.iNet多款产品 安全漏洞
GL.iNet AX1800 and others are products of China Guanglian Zhitong GL.iNet company.GL.iNet AX1800 is a wireless router.GL.iNet AXT1800 is a router.GL.iNet MT6000 is a router.GL.iNet AXT1800 is a router.GL.iNet MT6000 is a router.GL.iNet MT6000 is a router. A security vulnerability exists in severa...
Botan 安全漏洞
Botan is a C++ cryptographic library by the individual developer Jack Lloyd. A security vulnerability exists in versions of Botan prior to 3.6.0, which stems from a compiler-caused secret dependency operation when compiling with some versions of GCC. An addition operation could be skipped if the...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a null pointer dereference due to post-release reuse in hsci...
WordPress plugin BuddyForms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PowerDNS 安全漏洞
PowerDNS is an open source DNS server from PowerDNS. PowerDNS uses Access mdb file to record DNS information under Win32, and MySQL to record DNS information under Linux/Unix. Whether it is mdb or MySQL, backup is very convenient. A security vulnerability exists in PowerDNS that allows an attacke...
TEM Opera Plus FM Family Transmitter 跨站请求伪造漏洞
The TEM Opera Plus FM Family Transmitter is a frequency modulation FM transmitter device from TEM. A cross-site request forgery vulnerability exists in TEM Opera Plus FM Family Transmitter version 35.45, which originates from allowing a user to perform certain actions via HTTP requests without...
Autel Energy MaxiCharger AC Elite Business C50 安全漏洞
Autel Energy MaxiCharger AC Elite Business C50 is a car charger from Autel Energy USA. A security vulnerability exists in the Autel Energy MaxiCharger AC Elite Business C50 that stems from an issue with the inclusion of a use of hard-coded credentials in BLE...
Proxmox Virtual Environment 安全漏洞
Proxmox Virtual Environment Proxmox VE is an open source server virtualization environment Linux distribution from Proxmox. A security vulnerability exists in Proxmox Virtual Environment, which stems from insufficient protection against malicious API response values, and allows an authenticated...
Kastle Access Control System 安全漏洞
Kastle Access Control System is an access control system from Kastle USA. A security vulnerability exists in Kastle Access Control System versions prior to 20240501 that stems from storing machine credentials in plaintext, which allows an attacker to access sensitive information...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE versions prior to 16.4 through...