195539 matches found
WordPress plugin Fediverse Embeds 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.6 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass in Telegram interaction callbacks, allowing authenticated users to bypass the...
ClipBucket V5 SQL注入漏洞
ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3 – including version 132 – contained an SQL injection vulnerability. This vulnerability stemmed from the number parameter in the POST /actions/subtitleedit.php reques...
Sonatype Nexus Repository 安全漏洞
Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. There are security vulnerabilities in Sonatype Nexus Repository. These vulnerabilities stem from authentication endpoint issue...
Quest Bot 安全漏洞
Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.3 contained security vulnerabilities. These vulnerabilities stemmed from reminder messages that did not suppress mentions sent to @everyone or @here, potentially...
GitLab 处理逻辑错误漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions prior to 17.0, 18.11,...
Guzzle 输入验证错误漏洞
Guzzle is a PHP HTTP client developed by the guzzlehttp developer. It allows for easy sending of HTTP requests and seamless integration with web services. Prior to version 2.10.2, Guzzle had an input validation vulnerability. This vulnerability stemmed from allowing ASCII control characters,...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There are security vulnerabilities in versions of Apple macOS such as Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5. These vulnerabilities stem from permission issues, which may lead to...
VMware Spring Web Services 安全漏洞
VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are security vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the...
Cerebrate 信息泄露漏洞
Cerebrate is an open-source platform developed by Cerebrate. It aims to act as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there was a vulnerability involving information leakage, which stemmed from exposing...
GitLab Enterprise Edition(EE) 安全漏洞
GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. There were security vulnerabilities in versions prior to GitLab EE 13.9, as well as versions prior to 18.10.8, 18.11.5, and 19.0.2. These vulnerabilities stemmed from incorrect authorization...
GitLab 授权问题漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 12.0, 18.10.8, 18.11.5, and 19.0.2...
Summarize 安全漏洞
Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.17.0 contain security vulnerabilities. These vulnerabilities stem from resource exhaustion. A remote attacker can exploit these vulnerabilities by bypassing the mandatory size lim...
Vim 代码注入漏洞
Vim is an open-source, cross-platform text editor developed by Vim developers. Prior to Vim 9.2.0561, there was a code injection vulnerability. This vulnerability stemmed from the Python omni-completion script, which executed import and from statements in the current buffer through the Python...
VMware Spring for GraphQL 代码问题漏洞
VMware Spring for GraphQL is a GraphQL application development framework provided by the American company VMware. Versions of VMware Spring for GraphQL such as 2.0.0, 1.4.0, and 1.3.0 contain code vulnerabilities. These vulnerabilities stem from insecure deserialization during the processing of...
VMware Spring Boot 安全漏洞
VMware Spring Boot is an open-source framework developed by the American company VMware. There are security vulnerabilities in versions 4.0.0 to 4.0.6, 3.5.0 to 3.5.14, 3.4.0 to 3.4.16, 3.3.0 to 3.3.19, and 2.7.0 to 2.7.33 of VMware Spring Boot. These vulnerabilities stem from the use of fixed...
CyberArk Idira Secrets Manager Self-Hosted 访问控制错误漏洞
CyberArk Idira Secrets Manager Self-Hosted is an enterprise-level confidential information management platform developed by the CyberArk company. Versions of CyberArk Idira Secrets Manager Self-Hosted prior to 13.8.0 contained a access control vulnerability. This vulnerability stemmed from improp...
Quest Bot 信息泄露漏洞
Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.4 contained an information leakage vulnerability. This vulnerability stemmed from improper settings in the ticket recording channel, which could expose private...
Axios 信息泄露漏洞
Axios is an open-source HTTP client developed by Axios. Versions of Axios prior to 0.32.0 and 1.16.0 have a vulnerability known as information leakage. This vulnerability arises from the Node.js HTTP adapter, which may disclose proxy credentials during redirection, potentially leading to these...
boruta-server 安全漏洞
Boruta-Server is an open-source independent authorization server developed by Malach.it. Versions of Boruta-Server prior to 0.9.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of the Secure attribute for session cookies and remember-me cookies. In deployments whe...
Nimiq 安全漏洞
Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of LightBlockchain::rebranch, which only updated self.head when a fork chain was adopted, without updating...
Metrics::Any::Adapter::Statsd 注入漏洞
Metrics::Any::Adapter::Statsd is a Perl metric collection adapter module developed by PEVANS’s individual developers. Versions of Metrics::Any::Adapter::Statsd prior to version 0.04 contained an injection vulnerability. This vulnerability stemmed from the send method not verifying the content of...
WordPress plugin Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin aThemes Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPress...
NSA Ghidra SQL注入漏洞
NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Prior to version 12.1 of NSA Ghidra, there was a SQL injection vulnerability. This vulnerability stemmed from the BSim filter type, which directly...
Roxy-WI 跨站脚本漏洞
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of escaping of the wrapline and highlightword functions when...
National Security Agency Ghidra 代码问题漏洞
National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Previous versions of National Security Agency Ghidra, such as version 12.1, had code vulnerabilities. These vulnerabilities stemmed from insecure deserialization in the RMI...
Broadcom Layer7 API Gateway 代码问题漏洞
Broadcom Layer7 API Gateway is an enterprise-level API gateway platform provided by Broadcom Corporation. There are code-related vulnerabilities in the Broadcom Layer7 API Gateway. These vulnerabilities originate from the interaction between client applications and the API gateway server...
Fission 安全漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities arise from the exposure of spec.runtime.podSpec and spec.builder.podSpec in the Environment CRD during merging, without filterin...
NSA Ghidra 安全漏洞
NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Previous versions of NSA Ghidra, such as version 12.1, contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the...
Roxy-WI 输入验证错误漏洞
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from HAProxy saving unvalidated and unescaped JSON field values direct...
VMware Spring Data Commons 安全漏洞
VMware Spring Data Commons is a data access abstraction framework developed by VMware, Inc. There is a security vulnerability in VMware Spring Data Commons. This vulnerability stems from the internal property lookup cache, which permanently retains strings provided by attackers as cache keys...
TP-LINK Archer 操作系统命令注入漏洞
TP-LINK Archer is a series of routers produced by TP-LINK Corporation. The TP-LINK Archer has a vulnerability related to operating system command injection, which stems from improper filtering of special characters in the VPN module. This vulnerability may allow adjacent, authenticated attackers ...
Slate Digital Connect 安全漏洞
Slate Digital Connect is an audio plugin management and licensing client developed by Slate Digital. Version 1.37.0 of Slate Digital Connect contains a security vulnerability. This vulnerability stems from a check-time and usage-time race condition in the PID-based client authentication process. ...
QNAP qts 异常处理不当漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. There are code-related vulnerabilities in QNAP Systems QTS and QNAP Systems QuTS hero, which stem from null pointer...
Splunk Enterprise 输入验证错误漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...
Roxy-WI 安全漏洞
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.6.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of authorization checks for the GET /history/ route when the service is set to user...
Dulwich 操作系统命令注入漏洞
Dulwich is a Python-based Git repository management interface developed by Jelmer Vernooij. Versions of Dulwich from 0.24.0 to 1.2.5 had a vulnerability related to operating system command injection. This vulnerability stemmed from ProcessMergeDriver’s ability to replace file paths into the merge...
Fission 输入验证错误漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained a input validation vulnerability. This vulnerability stemmed from the HTTPTriggerSpec.Validate method, which ignored the RelativeURL and Prefix fields during validation. As a...
Roxy-WI 授权问题漏洞
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier have a vulnerability related to authorization. This vulnerability arises from using the API substring in the URL and unauthenticated /api/gpt endpoints,...
WordPress plugin Easy Twitter Feeds 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
BSimVis 跨站脚本漏洞
BSimVis is a binary program similarity analysis and visualization tool developed by the MISP Project. Versions of BSimVis up to v0.2.0 contained a cross-site scripting vulnerability. This vulnerability allowed attackers to execute operations as victims, access data that the victims could access, ...
QNAP file station 异常处理不当漏洞
QNAP Systems File Station 6 is a file management software developed by QNAP Systems, a company based in Taiwan, China. There is a code vulnerability in QNAP Systems File Station 6, which stems from a null pointer dereferencing. This vulnerability could allow remote attackers to launch a...
ImageMagick 安全漏洞
ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained security vulnerabilities. These vulnerabilities stemmed...
Shopware 安全漏洞
Shopware is a set of open-source e-commerce software developed by the German company Shopware. Versions prior to Shopware 6.6.10.18 and 6.7.10.1 contained security vulnerabilities. These vulnerabilities stemmed from scheduled attacks that could allow attackers to enumerate the usernames of...
Atril 命令注入漏洞
Atril is a simple multi-page document viewer developed under the MATE Desktop open source project. Versions of Atril prior to 1.26.3 and 1.28.4 contained a command injection vulnerability. This vulnerability stemmed from the evspawn function in shell/ev-application.c, which did not apply...
VMware Spring Data REST 安全漏洞
VMware Spring Data REST is a data interface provided by the American company VMware. It is used to build HTTP resources that drive hypermedia, based on Spring Data repositories. These resources are designed to manage domain models of applications and provide hypermedia-driven services for...
ImageMagick 安全漏洞
ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-23 contained security vulnerabilities. These vulnerabilities were caused by a lack of depth checks,...
Splunk多款产品 代码问题漏洞
Splunk is a product of the American company Splunk. Splunk is a suite of data collection and analysis software. The Splunk Cloud Platform offers powerful services for data collection, processing, and analysis. Splunk Enterprise is also a suite of data collection and analysis software. Several...
ESP-IDF 代码问题漏洞
ESP-IDF is an open-source development framework for Espressif’s Espressif SoC, supported on Windows, Linux, and macOS. Versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0 of ESP-IDF contain code vulnerabilities. These vulnerabilities stem from null pointer dereferencing in the WebSocket sub-protocol...