195539 matches found
CODESYS Development System 安全漏洞
CODESYS Development System is a set of programming tools developed by the German company CODESYS, used in the fields of industrial controllers and automation technology. There is a security vulnerability in the CODESYS Development System. This vulnerability stems from the use of insecure default...
PbootCMS 安全漏洞
PbootCMS is an open-source enterprise website content management system developed using the PHP language. Version PbootCMS 3.2.11 contains a security vulnerability, which stems from code injection in the site configuration function...
algernon 安全漏洞
Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.8 contained security vulnerabilities. These vulnerabilities stemmed from path traversal via the Host header when using the --domain option, potentially allowing arbitrary file reading, directory listing...
Joomla! CMS 访问控制错误漏洞
Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has a vulnerability related to access control, which stems from improper access checks. This vulnerability allows for privilege escalation through the comusers batch task...
Joomla! CMS SQL注入漏洞
Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has a SQL injection vulnerability, which stems from improper validation of sorting clauses. This vulnerability may lead to SQL injections within com tags...
WordPress plugin Paid Videochat Turnkey Site 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
SharpCompress 路径遍历漏洞
SharpCompress is a pure C compression library developed by Adam Hathcock. It is compatible with.NET Standard 2.0, 2.1,.NET Core 3.1, and.NET 5.0. Versions of SharpCompress prior to 0.47.4 contained a path traversal vulnerability; this vulnerability stemmed from the IArchive.WriteToDirectory...
archive-tar-new 安全漏洞
archive-tar-new is a Perl module developed by Jos Boumans, used for creating and manipulating tar files in memory. Versions of archive-tar-new prior to version 3.10 contained security vulnerabilities. These vulnerabilities stemmed from the readtar function, which did not set an upper limit when...
GnuTLS 安全漏洞
GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. GnuTLS libgnutls has a security vulnerability that stems from the transmission of extremely short pre-master keys during RSA key exchanges. This...
banks 安全漏洞
“banks” is a template language tool developed by Massimiliano Pippi as an individual tool for generating LLM prompts. Versions of “banks” prior to 2.4.2 contained security vulnerabilities. These vulnerabilities stemmed from the use of unshaded jinja2.Environment for rendering prompt templates. Wh...
Tiandy Easy7 Integrated Management Platform SQL注入漏洞
Tiandy Easy7 Integrated Management Platform is a video surveillance integrated management platform from China Tiandy Company. A SQL injection vulnerability exists in Tiandy Easy7 Integrated Management Platform version 7.17.0, which originates from the operation of the parameter strTBName in the...
SourceCodester Student Grades Management System 授权问题漏洞
SourceCodester Student Grades Management System is SourceCodester open source a student grades management system . SourceCodester Student Grades Management System version 1.0 has an authorization issue vulnerability , the vulnerability stems from the operation of the parameter studentid in the fi...
Edimax BR-6428nS 命令注入漏洞
The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. Version 1.10 of the Edimax BR-6428nS contains a command injection vulnerability. This vulnerability stems from improper handling of the parameter “repeaterSSID” in the formWlbasic function within the POST request processing...
SourceCodester Hospitals Patient Records Management System SQL注入漏洞
SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability stems from...
Microsoft Office SharePoint 代码问题漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. There is a code vulnerability in Microsoft Office SharePoint, which stems from deserializing untrusted data, potentially allowing authorized attackers to execute...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from using Render to render arbitrary HTML. This can lead to an unexpected HTML tree, and...
Trend Micro Apex One 访问控制错误漏洞
Trend Micro Apex One is a terminal protection software developed by Trend Micro, a US-based company. Trend Micro Apex One has an access control vulnerability, which stems from a source verification error. This vulnerability may allow local attackers to gain elevated privileges...
WordPress plugin Avada (Fusion) Builder 注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress plugin Divi Form Builder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
Trend Micro Apex One和TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞
Trend Micro Apex One and TrendAI Vision One Endpoint Security – Standard Endpoint Protection are products of Trend Micro, a US-based company. Trend Micro Apex One is a terminal protection software. TrendAI Vision One Endpoint Security – Standard Endpoint Protection is an enterprise terminal...
Concrete CMS 跨站请求伪造漏洞
Concrete CMS is an open-source content management system developed by Concrete CMS. Versions prior to Concrete CMS 9.5.0 had a cross-site request forgeing vulnerability, which was exploited through the concrete/controllers/dialog/page/bulk/design code...
Nimiq 安全漏洞
Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq 1.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from malicious network peer nodes publishing specially crafted Kademlia DHT records where the length of the signature field is...
WordPress plugin Decent Comments 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
Kieback & Peter多款产品 跨站脚本漏洞
The Kieback & Peter DDC Building Controllers are a series of DDC controllers developed by the German company Kieback & Peter, aimed at building automation and building equipment control. Several products from Kieback & Peter have cross-site scripting vulnerabilities. These vulnerabilities stem fr...
Yii 输入验证错误漏洞
Yii is a high-performance PHP framework developed by the YII team. It is designed for developing large-scale web applications using components. Yii 2 versions 2.0.54 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from a logical flaw in the cor...
AMD多款产品 安全漏洞
AMD Ryzen and AMD EPYC are both products of American semiconductor company AMD. AMD Ryzen is a central processing unit CPU. AMD EPYC is a high-performance server processor. Several AMD products have security vulnerabilities. These vulnerabilities stem from improper input validation, which may all...
ExifReader 安全漏洞
ExifReader is a image metadata extraction library developed by Mattias Wallander. Versions of ExifReader prior to 4.39.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size restrictions when decompressing PNG zTXt metadata, which could lead to the generation of...
Bert-VITS2 路径遍历漏洞
Bert-VITS2 is a core text-to-speech model developed by Fish Audio. Bert-VITS2 has a path traversal vulnerability, which stems from the getallmodels function in the hiyoriUI.py file within the Model Handler component. Attackers could potentially exploit this vulnerability remotely...
OpenSolution Quick.CMS 跨站脚本漏洞
OpenSolution Quick.CMS is a lightweight website content management system developed by the Polish company OpenSolution. Version 6.7 of OpenSolution Quick.CMS contains a cross-site scripting vulnerability. This vulnerability stems from a cross-site scripting flaw in the sliders form, allowing...
Flexense VX Search 代码问题漏洞
Flexense VX Search is a rule-based automatic file search solution provided by Flexense Corporation. It allows users to search for files based on file type, category, file name, size, location, extension, regular expressions, text and binary patterns, creation, modification, and last access dates,...
Huawei HarmonyOS 权限许可和访问控制问题漏洞
Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. Huawei HarmonyOS has vulnerabilities related to permission management and access control. These vulnerabilities stem from issues wit...
Open WebUI 信息泄露漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.9 contained a vulnerability related to information leakage. This vulnerability occurred when non-administrator users logged in, causing the application to send...
Open WebUI 授权问题漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.5.7 had an authorization issue vulnerability. This vulnerability stems from the ability for users to change access permissions during editing, potentially leading to...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.6.19 contained security vulnerabilities. These vulnerabilities stemmed from the IDOR in the channel message management system, allowing authenticated users to modify...
Open WebUI 跨站脚本漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-xss attacks, which could allow users with model creation permissions to...
DHTMLX Diagram 路径遍历漏洞
DHTMLX Diagram is a JavaScript chart component developed by DHTMLX Corporation that supports interactive organizational charts, flowcharts, mind maps, and other chart types. Versions of DHTMLX Diagram prior to 1.1.1 had a path traversal vulnerability. This vulnerability stemmed from path traversa...
Fleet 安全漏洞
Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.80.1 contained security...
hatchet 安全漏洞
Hatchet is an open-source backend task and AI workflow orchestration engine developed by Hatchet. Versions of Hatchet prior to 0.83.39 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization instructions for the GET /api/v1/stable/dags/tasks endpoint,...
Gotenberg 安全漏洞
Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.31.0 contained security vulnerabilities. These vulnerabilities stemmed from a flaw where only whether the tag was “FileName”...
PostgreSQL 安全漏洞
PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Security vulnerabilities existed in versions prior to PostgreSQL...
gst-plugins-good 数字错误漏洞
GStreamer-plugins-good is a GStreamer plugin developed under open source. Versions of GStreamer-plugins-good prior to 1.28.2 contained a numerical error vulnerability. This vulnerability stemmed from the qtdemuxaudiocaps function in the isomp4 plugin, which did not properly validate atomic data...
Verint Verba 跨站脚本漏洞
Verint Verba is an enterprise-level compliance communication recording and interaction archiving platform developed by Verint Corporation in the United States. Verint Verba has a cross-site scripting vulnerability. This vulnerability stems from a lack of input sanitization in the login logging...
WordPress plugin Career Section 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the use of autocompletion features for certain input fields. This may lead to sensitive information being stored in the browser, potentially causing...
F5 BIG-IP 安全漏洞
F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP. This vulnerability stems from virtual...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of disabling preemption between the scxclaimexit and trigger-assisted work processes,...
Fleet 安全漏洞
Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. There is a security vulnerability in Fleet, which stems...
WordPress plugin ProfileGrid 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Next.js 安全漏洞
Next.js is a React framework open source by Vercel. Versions of Next.js from 14.2.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities stem from improperly partitioning response variants when using React Server Components, which can lead to cache...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the xHCI controller failing to clear interrupts when reporting host controller errors, potentiall...