195539 matches found
Adobe Substance3D Sampler 缓冲区错误漏洞
Adobe Substance3D Sampler is a rendering software for 3D scenes developed by Adobe Inc. Versions of Adobe Substance3D Sampler 6.0.0 and earlier contain a buffer error vulnerability. This vulnerability stems from an out-of-bounds write vulnerability, which could allow arbitrary code to be executed...
Adobe Acrobat Reader 安全漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have security vulnerabilities. These...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
VMware Micrometer 资源管理错误漏洞
VMware Micrometer is an application monitoring metric collection framework developed by the American company VMware. Versions 1.16.0 to 1.16.5 and 1.15.0 to 1.15.11 of VMware Micrometer contain resource management vulnerabilities. These vulnerabilities stem from the ability for users to submit...
Microsoft Office 缓冲区错误漏洞
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a security vulnerability in Microsoft Office, which stems from a heap buffer overflow...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
WordPress plugin WpMobi 跨站请求伪造漏洞
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed to enhance the functionality of the platform. The wpMobi plugin has a...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iouring/waitid operation not clearing the waitid information before copying it to the user...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of checks for whether minregionsz is a power of two in the damonstart function. This...
FastApiAdmin 跨站脚本漏洞
FastApiAdmin is a full-stack rapid development platform based on FastAPI, developed by the individual developer fastapiadmin. Version 2.2.0 of FastapiAdmin contains a cross-site scripting vulnerability. This vulnerability stems from the AI assistant chat feature, which has a cross-site scripting...
VMware Spring Framework 路径遍历漏洞
VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, a US-based company. This framework helps developers build high-quality applications. Versions of VMware Spring Framework from 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48...
bookcars 访问控制错误漏洞
Bookcars is a car rental management platform developed by Akram El Assas. Version 8.3 of Bookcars contains an access control vulnerability, which stems from improper permission settings. This vulnerability could allow authenticated attackers to elevate user permissions from the user level to the...
OpenSSL 代码问题漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incomplete handling of rlimits by the AppArmor module regarding POSIX CPU timers. This could...
Microsoft Office 缓冲区错误漏洞
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. Microsoft Office has a buffer overflow vulnerability, which stems from out-of-bounds reading,...
Microsoft Office Excel 数字错误漏洞
Microsoft Excel is a spreadsheet software within the Office suite developed by the American company Microsoft. There is a code execution vulnerability in Microsoft Excel, and attackers can exploit this vulnerability to execute code locally...
QNAP QTS 缓冲区错误漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are both products of QNAP Systems Corporation. QNAP Systems QTS is an entry-level operating system. QNAP Systems QuTS hero is another operating system. Both QNAP Systems QTS and QNAP Systems QuTS hero have security vulnerabilities; these vulnerabilities...
Microsoft Windows Kernel Mode Drivers 缓冲区错误漏洞
Microsoft Windows is an operating system used on personal devices by the American company Microsoft. There are security vulnerabilities in Microsoft Windows. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affected: Windows Server 202...
WordPress plugin AJAX Report Comments 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Tenda W20E 安全漏洞
Tenda W20E is a router produced by the Chinese company Tenda. The Tenda W20E has a buffer overflow vulnerability in the formCropAndSetWewifiPic function, specifically with respect to the picCropName parameter. An attacker can exploit this vulnerability to cause a denial-of-service attack...
Adobe InDesign Desktop 安全漏洞
Adobe InDesign Desktop is a professional publishing layout and page design software, primarily used for printing and digital publication creation. Adobe InDesign Desktop has a stack buffer overflow vulnerability, which stems from insufficient input validation, leading to out-of-bound writing of...
WordPress plugin Wow Forms SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Student-Management-System 访问控制错误漏洞
Student-Management-System is an open-source student information management system developed by Cyber-III. There is a security vulnerability in Student-Management-System, which stems from improper handling of the parameter “stimg” in the file service/RegisterService.php on the registration endpoin...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of untrusted inputs...
SourceCodester Class and Exam Timetabling System 注入漏洞
SourceCodester Class and Exam Timetabling System is an open-source classroom and exam scheduling system developed by SourceCodester. Version 1.0 of the SourceCodester Class and Exam Timetabling System has a SQL injection vulnerability, which arises from incorrect handling of the parameter "sy" in...
jshERP(华夏ERP) 代码问题漏洞
jshERP Huaxia ERP is a domestic ERP system developed by Jishan Hua. Versions of jshERP 3.6 and earlier contained code vulnerabilities. These vulnerabilities stemmed from improper handling of the parameter platformValue in the platformConfig Add endpoint, specifically in the insertPlatformConfig...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability, which stems from the reuse of WebCodecs after they are released...
Apache HTTP Server 安全漏洞
Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Vulnerabilities exist in Apache HTTP Server versions 2.4.0 to 2.4.67. These vulnerabilities ste...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of untrusted inputs...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the drm/vkms module’s conversion of the vblank timer into DRM. This conversion removes the...
Snipe-IT 安全漏洞
Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability for non-administrator users to have the "users.edit" permission, allowing them to...
Flowise 访问控制错误漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a access control vulnerability. This vulnerability stemmed from insufficient server-side verification and authorization checks at the chat stream upda...
CodeAstro Student Attendance Management System 注入漏洞
The CodeAstro Student Attendance Management System is a student attendance management system developed by CodeAstro Corporation. Version 1.0 of the CodeAstro Student Attendance Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. There is a security vulnerability in Google Chrome, which stems from insufficient implementation of network policies...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reuse of resources after Bluetooth is released...
Apache HTTP Server 资源管理错误漏洞
Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. There was a resource management vulnerability in Apache HTTP Server versions 2.4.0 to 2.4.67...
SourceCodester Inventory System 安全漏洞
The SourceCodester Inventory System is an open-source inventory system developed by SourceCodester. Version 1.0 of the SourceCodester Inventory System contains a security vulnerability. This vulnerability stems from the operation of the ROLE parameter in the Account Creation Handler component...
TP-Link Archer MR600 操作系统命令注入漏洞
The TP-Link Archer MR600 is a wireless router produced by TP-Link Corporation. The TP-Link Archer MR600 v5 version has a vulnerability related to operating system command injection. This vulnerability stems from improper handling of user-controlled inputs in the web management interface, leading ...
wacrm 安全漏洞
WACRM is a self-hosted CRM template based on WhatsApp, developed by Arnas Donauskas. The version WACRM 73041bf previously had a security vulnerability. This vulnerability stemmed from an authorization bypass issue in the automation engine, which could allow authentication attackers to access and...
itsourcecode Hospital Management System 跨站脚本漏洞
itsourcecode Hospital Management System is an open-source hospital management system developed by itsourcecode. Version 1.0 of itsourcecode Hospital Management System has a cross-site scripting vulnerability. This vulnerability stems from the handling of the patientid parameter in the billing.php...
grepai 加密问题漏洞
grepai is a semantic search-based code understanding tool developed by Yoan Bernabeu. Version 0.35.0 of grepai has an encryption vulnerability. This vulnerability stems from improper handling of files in the Qdrant backend component’s file indexer/chunker.go file, which may lead to the use of wea...
Tenda AC18 缓冲区错误漏洞
The Tenda AC18 is a router produced by the Chinese company Tenda. The version 15.03.05.05 of the Tenda AC18 contains a buffer error vulnerability. This vulnerability stems from improper handling of parameters in the sub45304 function of the goform/getRebootStatus file within the Web Management...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reusing of resources after they are released...
Checkmk 安全漏洞
Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.5.0p5 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization in the user message dashboard widgets. As a result, the message retrieval endpoint would return...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the process of virtual device separation in genpd, and it may lead to null pointer dereferencing...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from RTNL assertion warnings in the txgbe driver, potentially leading to system crashes...
Code-Projects Online Music Site 注入漏洞
Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of the Code-Projects Online Music Site has a vulnerability due to incorrect handling of parameters in the file /Administrator/PHP/AdminDeleteAlbum.php. This vulnerability may lead to...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reusing of resources after they are released...
CodeAstro Student Attendance Management System 注入漏洞
CodeAstro Student Attendance Management System is a student attendance management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Student Attendance Management System has a SQL injection vulnerability. This vulnerability arises from incorrect operations with the parameter classId ...
GL.iNet多款产品 加密问题漏洞
GL.iNet MT3000 and other products are developed by GL.iNet Corporation. The GL.iNet MT3000 is a portable router that uses the Wi-Fi 6 protocol. The GL.iNet AX1800 is a wireless router. The GL.iNet A1300 is a Wi-Fi 5 travel router. Several of GL.iNet’s products have encryption vulnerabilities, whi...