195539 matches found
Sealos 安全漏洞
Sealos is a cloud operating system designed for managing cloud-native applications. A security vulnerability exists in Sealos 4.2.0 and prior versions that stems from a privilege flaw where the billing interface can expose resource information...
Trend Micro Apex One 安全漏洞
Trend Micro Apex One is an endpoint protection software from Trend Micro. An elevation of privilege vulnerability exists in Trend Micro Apex One, which can be exploited by a local attacker to elevate privileges and write arbitrary values to specific entries on an affected installation...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a code issue vulnerability that can be exploited by an attacker to cause a local privilege escalation without the need for additional execute privileges...
Siemens CP-8031 信任管理问题漏洞
The SICAM A8000 RTUs Remote Terminal Units series is a modular device family for remote control and automation applications in all areas of energy supply. A hard-coded credentials vulnerability exists in the Siemens SICAM A8000 Devices CPCI85 Firmware, which can be exploited by an attacker to log...
Linux kernel 缓冲区错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has an elevation of privilege vulnerability that originates from an out-of-bounds access to physical memory beyond the end of the buffer in the file iouring, which...
IBM QRadar WinCollect Agent 安全漏洞
IBM QRadar WinCollect Agent is an agent program from International Business Machines IBM that collects and sends Windows event logs. A security vulnerability exists in IBM QRadar WinCollect Agent versions 10.0 through 10.1.3. An attacker could exploit the vulnerability to elevate system privilege...
WordPress plugin Add to Feedly 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
Cilium 安全漏洞
Cilium is an open source software. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. Cilium suffers from a security vulnerability that stems from the fact that wildcard rules will be...
Liferay Portal和Liferay DXP 跨站脚本漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
Apache InLong 代码问题漏洞
Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. A code execution vulnerability exists in Apache InLong versions 1.4.0 through 1.6.0, which can be exploited by an attacker to execute arbitrary code on a system...
Cisco DNA Center 输入验证错误漏洞
Cisco DNA Center is a network management and command center service from Cisco USA. A command execution vulnerability exists in Cisco DNA Center Software. The vulnerability stems from the application's inadequate validation of user-supplied input in API request parameters and can be exploited by ...
Cisco DNA Center 安全漏洞
Cisco DNA Center is a network management and command center service from Cisco USA. Cisco DNA Center is vulnerable to an authorization issue. The vulnerability stems from improper authorization of API requests and can be exploited by an authenticated, remote attacker to read information from a...
WordPress plugin Product Addons & Fields for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Lost and Found Information System 跨站脚本漏洞
Lost and Found Information System is a lost and found information system by oretnom23 individual developer. A cross-site scripting vulnerability exists in Lost and Found Information System version 1.0, which stems from cross-site scripting due to incorrect manipulation of the parameter page...
WordPress plugin BBSpoiler 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin IMPress Listings 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Cybonet PineApp Mail Secure 跨站脚本漏洞
Cybonet PineApp Mail Secure from Israel's Cybonet blocks most malicious email threats at the network perimeter while providing a range of additional options for comprehensive security and message control. A security vulnerability exists in Cybonet PineApp Mail Secure that stems from the use of...
Qualcomm Chipsets 输入验证错误漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets, which stems from a memory corruption in the computer vision module due to improper array index validation...
Lightbend Alpakka Kafka 安全漏洞
Lightbend Alpakka Kafka is a powerful connector from Lightbend USA. A security vulnerability exists in Lightbend Alpakka Kafka versions prior to 5.0.0 that stems from log files containing sensitive information...
UCMS 跨站脚本漏洞
UCMS is a content management system written in PHP. A cross-site scripting vulnerability exists in UCMS version 1.6.0, which stems from a problem with the file saddpost.php, where incorrect manipulation of the parameter strorder can lead to cross-site scripting...
Expo 安全漏洞
Expo is an open source platform from Expo for creating React Native apps, which provides a number of tools and services that make it easier to develop React Native apps. Expo has a security vulnerability. An attacker exploited the vulnerability to take over an account and steal configuration file...
WordPress Plugin Transbank Webpay REST SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Transbank...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a series of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets. An attacker exploiting this vulnerability could cause memory corruption...
Qualcomm Chipsets 输入验证错误漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption due to an integer overflow when synx bind and synx signal are called together...
Microsoft Message Queuing 安全漏洞
Microsoft Message Queuing is a solution for implementing asynchronous and synchronous scenarios that require high performance. A security vulnerability exists in Microsoft Message Queuing. An attacker could exploit this vulnerability to remotely execute code. The following products and editions a...
Microsoft Dynamics 跨站脚本漏洞
Microsoft Dynamics is a suite of ERP business solutions for multinational organizations from Microsoft USA. The product includes financial management, production management and business intelligence management. A security vulnerability exists in Microsoft Dynamics 365 Customer Voice. No informati...
svelte 跨站请求伪造漏洞
svelte is a new way to build Web applications from Svelte Open Source. A cross-site request forgery vulnerability exists in Svelte versions prior to 1.15.2, which stems from the ability to bypass cross-site request forgery CSRF protection via the Content-Type header...
discordrb操作系统命令注入漏洞
discordrb is Shard Lab's personal developer's repository for implementing the Discord API using Ruby. Discordrb suffers from an operating system command injection vulnerability that stems from the encoder.rb file insecurely constructing a shell string using the file parameter, which leaves the...
HGiga MailSherlock 安全漏洞
Hgiga MailSherlock is an enterprise mail auditing system from China Henderson Technology Hgiga. A security vulnerability exists in HGiga MailSherlock version 4.5, which stems from an insufficient access control issue. The vulnerability can be exploited by an attacker to access parts of other user...
Cisco Access Point 安全漏洞
Cisco Access Point is a network access point device from Cisco, Inc. It provides high-density wireless connectivity for small offices. A security vulnerability exists in Cisco Access Point that stems from insufficient input validation of user-supplied commands...
TeamPass SQL注入漏洞
TeamPass is an open source password manager from the individual developer Nils Laumaillé. A SQL injection vulnerability exists in versions prior to teampass 3.0.0.23, which stems from the presence of SQL injection...
WordPress Plugin WooCommerce Multiple Customer Addresses & Shipping 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Dell BIOS 输入验证错误漏洞
Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell, Inc. A security vulnerability exists in Dell BIOS, which arises from an incorrect input validation vulnerability that can be exploited by a locally authenticated attacker with administrator privileges to...
Linux kernel 代码问题漏洞
The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel prior to version 5.16.3, which stems from the drivers/scsi/ufs/ufs-mediatek.c file incorrectly handling the return value of regulatorget...
Keycloak 输入验证错误漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Keycloak that stems from the presence of an open redirection vulnerability...
vantage6 安全漏洞
vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in vantage6 versions prior to 3.8.0 that stems from the presence of an information leak...
Pixelfed 信息泄露漏洞
Pixelfed is a free and ethical photo sharing platform from the individual developers of Pixelfed. An information disclosure vulnerability exists in versions of Pixelfed prior to 0.11.4. An attacker exploiting this vulnerability could gain access to sensitive information...
Intel Media SDK 安全漏洞
Intel Media SDK is a multimedia SDK Software Development Kit from Intel Corporation. The product is primarily used for video encoding, decoding and processing in Windows and embedded Linux applications. A security vulnerability exists in IntelR Media SDK prior to version 22.2.2, which is caused b...
HP Factory Preinstalled Windows 10 Images 安全漏洞
HP Factory Preinstalled Windows 10 Images is a factory preinstalled image of HP from Hewlett-Packard HP USA. A security vulnerability exists in HP Factory Preinstalled Windows 10 Images version 20H2 and prior versions. An attacker can exploit the vulnerability to elevate privileges...
GitLab 信息泄露漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from an information disclosure vulnerability that stems from th...
Cockpit 安全漏洞
Cockpit is an interactive server management interface. A security vulnerability exists in Cockpit. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor announcement...
SwagPayPal 数据伪造问题漏洞
SwagPayPal is an open source PayPal integration for Shopware, a store software/platform. SwagPayPal suffers from a data forgery issue vulnerability that stems from the fact that the list of amounts and items sent to PayPal may not match those in the created order...
Cisco Small Business RV340 代码问题漏洞
The RV340, RV340W, RV345, and RV345P are all small business VPN routers from Cisco. A binary vulnerability exists in several Cisco products, which can be exploited by an attacker to upload files for overwrite operations...
Apache InLong 缓冲区错误漏洞
Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. An information disclosure vulnerability exists in Apache InLong. An attacker can exploit this vulnerability to read arbitrary files on the system...
WordPress Plugin LearnPress SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin LearnPress...
WordPress plugin The GeoDirectory 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Plesk Obsidian 输入验证错误漏洞
Plesk Obsidian is a hosting control panel from Plesk Switzerland. An input validation error vulnerability exists in Plesk Obsidian version 18.0.49 and prior versions. An attacker could exploit this vulnerability to redirect users to a malicious website via the host request header...
Harbor 访问控制错误漏洞
Harbor is an open source container image repository project designed for enterprise users. VMware Harbor has an unauthorized access vulnerability, which stems from an access control error in Harbor and can be used by attackers to construct malicious data for unauthorized access attacks without...
Linksys WUMC710 操作系统命令注入漏洞
The Linksys WUMC710 is a universal media connector from Linksys USA. A command injection vulnerability exists in the Linksys WUMC710 Wireless-AC Universal Media Connector version 1.0.02 build3 and prior versions. The vulnerability stems from the dosetNTP function in the httpd binary that uses...