195539 matches found
twitter-clone SQL注入漏洞
twitter-clone is an application by Fiffe Individual Developers. twitter-clone uses + Vue 3 + light to go development + TailwindCSS + PostgreSQL + recapitulate Twitter-Clone version 1 suffers from a SQL injection vulnerability that stems from the injection of malicious code via the name parameter,...
TOTOLINK CA750-PoE 操作系统命令注入漏洞
The TOTOLINK CA750-PoE is a wireless network access device from China-based TOTOLINK Electronics TOTOLINK. The TOTOLINK CA750-PoE version 6.2c.510 suffers from an operating system command injection vulnerability, which originates from the Setting Handler component's setNetworkDiag function in the...
SB Admin SQL注入漏洞
SB Admin is a Bootstrap based open source admin backend template by Yash Pokharna individual developer. SB Admin has a SQL injection vulnerability that originates from the parameter FIRSTNAME/LastName/EMAIL operation of the function confirmloggedin in the file studenttrans.php, which could lead t...
Collectric CMU SQL注入漏洞
The Collectric CMU is a smart meter device from Collectric in the Netherlands that supports power metering with supporting communication extensions. A SQL injection vulnerability exists in Collectric CMU version 1.0, which stems from the presence of Boolean-based blind SQL injection in the lang...
Code-Projects Employee Management System SQL注入漏洞
Code-Projects Employee Management System is a Code-Projects open source employee management system . Code-Projects Employee Management System version 1.0 has a SQL injection vulnerability , the vulnerability stems from the wrong operation of the parameter ID in the file...
Edimax BR-6478AC 安全漏洞
Edimax BR-6478AC is a dual-band Gigabit router from China Xunzhou Edimax. A security vulnerability exists in Edimax BR-6478AC version 1.23, which originates from the operation of the function formL2TPSetup in the file /goform/formL2TPSetup in the POST Request Handler component/goform/formL2TPSetu...
WordPress plugin Stripe Payment Gateway for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
SourceCodester Student Grades Management System 授权问题漏洞
SourceCodester Student Grades Management System is SourceCodester open source a student grades management system . SourceCodester Student Grades Management System version 1.0 has an authorization issue vulnerability , the vulnerability stems from the operation of the parameter studentid in the fi...
TOTOLINK A8000RU 操作系统命令注入漏洞
The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the parameter enable of the function setStaticDhcpRules in the Web Management Interface compone...
Code-Projects Employee Management System 代码注入漏洞
Code-Projects Employee Management System is a Code-Projects open source employee management system . A code injection vulnerability exists in code-projects Employee Management System version 1.0, which originates from manipulation of the parameter ID in the file /empproject.php, and could lead to...
GNU LibreDWG 安全漏洞
GNU LibreDWG is a C language library for working with DWG files from the US GNU community. A security vulnerability exists in GNU LibreDWG version 0.14 and earlier versions, which stems from a heap buffer overflow in the read2004compressedsection function of the src/decode.c file in the Dwgread...
Roundcube Webmail 安全漏洞
Roundcube Webmail is a browser-based open source IMAP client from Roundcube open source, which supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.6.16 and 1.7.1, which originates from a poison bypa...
Roundcube Webmail 安全漏洞
Roundcube Webmail is a browser-based open source IMAP client from Roundcube that supports address book management, message searching, spell checking, and more. A security vulnerability exists in Roundcube Webmail versions 1.6.14 through 1.6.16 and prior to 1.7.1, which stems from the remote image...
Roundcube Webmail SQL注入漏洞
Roundcube Webmail is Roundcube open source a browser-based open source IMAP client, which supports address book management, message search, spell checking and so on. Roundcube Webmail 1.6.x versions prior to 1.6.16 and 1.7.x versions prior to 1.7.1 SQL injection vulnerability , the vulnerability...
Hackney 安全漏洞
Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions 0 through prior to 4.0.1, which stems from a URL query component that does not percentile encode CRLF characters, potentially resulting in HTTP request splitting...
Hackney 安全漏洞
Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions prior to 2.0.0 through 4.0.1, which stems from a WebSocket client that does not set an upper limit on memory consumption, potentially leading to resource exhaustion...
Hackney 安全漏洞
Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 0.9.0 through 4.0.1, which stems from a lack of CRLF sequence checking of the domain and path options in the cookie setup function, which could lead to HTTP response splitting...
Roundcube Webmail 跨站脚本漏洞
Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source that supports address book management, message searching, spell checking, and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.6.16 and prior to 1.7.1, which stems fro...
Roundcube Webmail 代码问题漏洞
Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source that supports address book management, message searching, spell checking and more. A code issue vulnerability exists in Roundcube Webmail versions 1.6.x 1.6.14 through 1.6.16 and versions prior to 1.7.x 1.7.1,...
Hackney 安全漏洞
Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions 2.0.0-beta.1 through prior to 4.0.1, which stems from the Alt-Svc response header parser's inability to guarantee forward progress, potentially leading to infinite loops and CPU exhaustion...
Apache Airflow 安全漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is characterized by scalability and dynamic monitoring. Apache Airflow suffers from a security vulnerability that stems from...
VMware Spring AI 安全漏洞
VMware Spring AI is a development framework from VMware that integrates Artificial Intelligence and Large Language Modeling capabilities in the Spring ecosystem. A security vulnerability exists in VMware Spring AI versions 1.1.0 through 1.1.x. The vulnerability stems from a failure to clean up...
Nord VPN 安全漏洞
Nord VPN is a proxy software from Nord VPN, Inc. A security vulnerability exists in Nord VPN version 6.14.31 that stems from a denial of service in the password field, which could allow an unauthenticated attacker to crash the application by submitting an extra-long string...
GNU LibreDWG 安全漏洞
GNU LibreDWG is a C language library for working with DWG files from the US GNU community. A security vulnerability exists in GNU LibreDWG version 0.14 and earlier versions, which stems from a heap buffer overflow in the decompressR2004section function of the src/decode.c file in the Dwgread...
Jimeng MCP 路径遍历漏洞
Jimeng MCP is an MCP server for cc individual developers that integrates i.e. Dream AI image and video generation. Jimeng MCP version 1.10.0 has a path traversal vulnerability , the vulnerability stems from the file src/api.ts function getFileContent/uploadCoverFile/generateImage/generateVideo on...
NEC Aterm 安全漏洞
NEC Aterm is a series of wireless routers from Nippon Electric NEC. A security vulnerability exists in NEC Aterm that stems from an OS command injection issue, which could allow execution of arbitrary OS commands over an adjacent network if a malicious third party gains administrator access to th...
TOTOLINK A8000RU 操作系统命令注入漏洞
The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. An OS command injection vulnerability exists in TOTOLINK A8000RU version 7.1cu.643b20200521, which originates from the parameter of the function UploadFirmwareFile in the file /cgi-bin/cstecgi.cgi in the component W...
WordPress plugin eMagicOne Store Manager SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...
Apache Syncope 安全漏洞
Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration, and more. A security vulnerability exists in Apache Syncope versions 3.0 through...
TOTOLINK A8000RU 操作系统命令注入漏洞
The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the enable operation of the parameter of the function setRemoteCfg in the Web Management...
Apache Shiro 安全漏洞
Apache Shiro is a set of Java security frameworks for performing authentication, authorization, encryption, and session management from the Apache Foundation USA. A security vulnerability exists in Apache Shiro versions 2.0-alpha through 2.2.0 and 3.0.0-alpha-1, which stems from insufficient...
TOTOLINK A8000RU 操作系统命令注入漏洞
The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the operation of the parameter enabled of the function setOpenVpnCfg in the file...
TOTOLINK A8000RU 操作系统命令注入漏洞
The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the operation of the function setMacFilterRules in the parameter enable in the Web Management...
TOTOLINK A8000RU 操作系统命令注入漏洞
The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. An OS command injection vulnerability exists in TOTOLINK A8000RU version 7.1cu.643b20200521, which originates from the operation of the parameter enabled of the function setWanCfg in the file /cgi-bin/cstecgi.cgi in...
WordPress plugin Team Showcase 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
Code-Projects Employee Management System 代码注入漏洞
Code-Projects Employee Management System is a Code-Projects open source employee management system. A code injection vulnerability exists in code-projects Employee Management System version 1.0, which originates from the manipulation of the parameter ID by an unknown function in the /applyleave.p...
Besen BS20 EV Charging Station 安全漏洞
The Besen BS20 EV Charging Station is an AC electric vehicle wall-mounted charging station developed by the Chinese company Besen. The Besen BS20 EV Charging Station, including versions dated before April 2026, contains security vulnerabilities. These vulnerabilities stem from improper operation ...
Besen BS20 EV Charging Station 安全漏洞
The Besen BS20 EV Charging Station is an AC electric vehicle wall-mounted charging station developed by the Chinese company Besen. The Besen BS20 EV Charging Station, including versions dated 20260426 and earlier, contains a security vulnerability. This vulnerability stems from improper operation...
Hermes Agent 操作系统命令注入漏洞
Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent 5157f5427f19488b31c6fdebbacd15d798ce7f63 and earlier versions have a vulnerability related to operating system command injection. This vulnerability stems from improper...
Hermes Agent 安全漏洞
Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Version Hermes Agent 2026.4.23 contains a security vulnerability. This vulnerability stems from improper handling of the parameter HERSERENABLEPROJECTPLUGINS in the function discoverdashboardplugins ...
Edimax EW-7438RPn 操作系统命令注入漏洞
The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Versions of Edimax EW-7438RPn prior to 1.31 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the formWizSurvey function in the webs component files or...
TOTOLINK A8000RU 操作系统命令注入漏洞
TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains an operating system command injection vulnerability. This vulnerability stems from improper handling of the provider parameter in the setDdnsCfg function of the...
GNU SASL 代码问题漏洞
GNU SASL is a simple authentication and security layer framework from the GNU community in the United States, which implements several common SASL mechanisms. Versions of GNU SASL prior to 2.2.3 had code vulnerabilities; these vulnerabilities stemmed from a null pointer dereferencing in the...
Hermes Agent 安全漏洞
Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.16 contained a security vulnerability. This vulnerability stemmed from unknown functions in the Slack Agent/Mattermost Agent components, which manipulated the...
Hermes Agent 访问控制错误漏洞
Hermes Agent is an AI agent tool developed by Nous Research, featuring self-learning capabilities. Versions of Hermes Agent prior to 2026.4.23 contained a access control vulnerability. This vulnerability originated from the makerunenv function in the tools/environments/local.py file of the...
Projectworlds Online Art Gallery Shop SQL注入漏洞
Projectworlds Online Art Gallery Shop is an online art gallery store open source by Projectworlds. Version 1.0 of Projectworlds Online Art Gallery Shop has a SQL injection vulnerability. This vulnerability stems from improper handling of the parameter sociallinked in the file admin/adminHome.php,...
Edimax EW-7438RPn 安全漏洞
The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Versions of Edimax EW-7438RPn prior to 1.31 contained a security vulnerability. This vulnerability stemmed from unknown functions in the webs component files and/goform/formWpsStart, which operated on...
itsourcecode Electronic Judging System SQL注入漏洞
itsourcecode Electronic Judging System is an open-source electronic referee system developed by itsourcecode. Version 1.0 of the itsourcecode Electronic Judging System has a SQL injection vulnerability. This vulnerability stems from improper handling of the Username parameter in the file...
Hermes Agent 安全漏洞
Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.23 contained a security vulnerability. This vulnerability stemmed from unknown function operations on the parameter THREATPATTERNS in the agent/skillsguard.py...
H3C Magic B0 安全漏洞
H3C Magic B0 is a small wireless router produced by H3C Corporation. The H3C Magic B0 100R002 and earlier versions have security vulnerabilities. These vulnerabilities stem from improper handling of parameters in the function EditBasicSSID5G within the file/goform/aspForm. This may lead to a remo...