195539 matches found
WordPress plugin WishList Member 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
cal.diy 代码问题漏洞
cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier have code vulnerabilities. These vulnerabilities stem from the Logo API component file apps/web/app/api/logo/route.ts, specifically the function validateUrlForSSRF, which may lead to...
Edimax BR-6428nS 命令注入漏洞
The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. Version 1.10 of the Edimax BR-6428nS contains a command injection vulnerability. This vulnerability stems from improper handling of the parameter “repeaterSSID” in the formWlbasic function within the POST request processing...
Smartshop SQL注入漏洞
Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a SQL injection vulnerability. This vulnerability arises from injecting SQL code through the searched parameter in the search.php file. It may allow unauthenticated attackers to manipulat...
Smartshop SQL注入漏洞
Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter, which may allow unauthenticated attackers to execute arbitrary SQL queries...
WordPress plugin Ultimate Form Builder Lite SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Audiograbber 安全漏洞
Audiograbber is a software tool developed by Audiograbber Inc. for capturing audio CDs and converting them into digital audio format. Version 1.83 of Audiograbber contained a security vulnerability. This vulnerability stemmed from a local buffer overflow, which could allow attackers to execute...
WordPress plugin WooCommerce PayPal Payments 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress plugin Wishlist Member 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
vps-inventory-monitoring 代码注入漏洞
vps-inventory-monitoring is a web inventory monitoring tool developed by individual developer 546669204. vps-inventory-monitoring has a code injection vulnerability, which stems from the use of the eval function in the VpsTest Console component file app/index/command/VpsTest.php, specifically...
Edimax BR-6428nS 安全漏洞
The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. Version 1.10 of the Edimax BR-6428nS contains a security vulnerability. This vulnerability stems from improper handling of the parameter “vapurl” in the “formWirelessTbl” function within the POST request processing program,...
WordPress plugin Wishlist Member 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
UserSpice 安全漏洞
UserSpice is an open-source PHP framework for user management and identity authentication. Version 4.3.24 of UserSpice contains a security vulnerability that stems from username enumeration. This vulnerability could allow unauthenticated attackers to discover valid usernames by sending POST...
Joomla Component jomres 跨站请求伪造漏洞
The Joomla component jomres is a hotel and property online reservation management component developed by the Jomres developer. Version 9.11.2 of the Joomla component jomres contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, allowing...
Edimax EW-7438RPn 操作系统命令注入漏洞
The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Versions of Edimax EW-7438RPn prior to 1.31 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the function formWpsStart in the webs component...
WordPress plugin Form Maker SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
D-Link DIR-601 安全漏洞
The D-Link DIR-601 is a home wireless router produced by D-Link Corporation. The D-Link DIR-601 2.02NA version has a security vulnerability. This vulnerability arises from manipulating the tablename parameter in POST requests, which may allow unauthenticated attackers to retrieve sensitive...
UserSpice 跨站脚本漏洞
UserSpice is an open-source PHP framework for user management and identity authentication developed by UserSpice. Version 4.3.24 of userSpice contains a cross-site scripting vulnerability. This vulnerability stems from the injection of malicious scripts through the X-Forwarded-For HTTP header,...
New API 安全漏洞
The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.12.1 contain security vulnerabilities. These vulnerabilities stem from the RelayMidjourneyImage/GetByOnlyMJId function in the router/relay-router.go file of the Midjourney Image Relay Endpoint...
10-Strike Network Scanner 安全漏洞
The 10-Strike Network Scanner is a local area network device discovery and network scanning tool developed by the 10-Strike company in the United States. Version 3.0 of the 10-Strike Network Scanner contains a security vulnerability. This vulnerability stems from a local buffer overflow in the ho...
Yakamara Media Redaxo CMS Mediapool Addon 安全漏洞
Yakamara Media Redaxo CMS Mediapool Addon is an extension for media resource management within the REDAXO content management system developed by Yakamara Media. Versions of Yakamara Media Redaxo CMS Mediapool Addon prior to version 5.5.1 contained security vulnerabilities. These vulnerabilities...
WordPress plugin Contact Form Maker SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Edimax BR-6428nS 安全漏洞
The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. Version 1.10 of the Edimax BR-6428nS contains a security vulnerability. This vulnerability stems from improper handling of the parameter “pppUserName” in the POST request processing program, specifically in the...
Dolibarr ERP CRM 代码注入漏洞
Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Version 7.0.3 of Dolibarr ERP CRM contains a code injection vulnerability. This vulnerability stems from injecting PHP code via the dbname parameter, which may allow unauthenticated attackers to execu...
Smartshop SQL注入漏洞
Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter, which may allow unauthenticated attackers to execute arbitrary SQL queries...
Joomla Component Ek Rishta SQL注入漏洞
The Joomla component Ek Rishta is a Joomla-based dating and networking website component developed by the Ek Rishta team. Version 2.10 of the Ek Rishta component contains a SQL injection vulnerability. This vulnerability arises from injecting SQL code via the cid parameter, which may allow...
Edimax BR-6428nS 命令注入漏洞
The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. Version 1.10 of the Edimax BR-6428nS has a command injection vulnerability. This vulnerability stems from improper handling of multiple parameters in the system function of the goform/formWlanM file during POST request...
SIPp 安全漏洞
SIPp is an open-source SIP protocol testing tool and traffic generator developed by SIPp. Versions of SIPp 3.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from local buffer overflows in the handling of command-line parameters, which could allow local attackers to...
amf 缓冲区错误漏洞
AMF is an open-source library under Apache License, developed by Free5GC. Versions of AMF prior to 2.1.1 contain a buffer error vulnerability, which stems from unknown features of the PathSwitchRequest handler. This vulnerability may lead to memory corruption...
Smartshop 跨站请求伪造漏洞
Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, allowing attackers to manipulate user profiles by tricking authenticated users into...
cal.diy 安全漏洞
cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier contain security vulnerabilities, which stem from unknown functions and may lead to cross-site request forgery attacks...
SourceCodester Hospitals Patient Records Management System SQL注入漏洞
SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability stems from...
amf 缓冲区错误漏洞
AMF is an open-source library under Apache License, developed by Free5GC. Versions of AMF prior to 2.1.1 contain a buffer error vulnerability. This vulnerability stems from unknown code in the NGReset Message Handler component, which may lead to memory corruption...
amf 缓冲区错误漏洞
AMF is an open-source library under Apache License, developed by Free5GC. Versions of AMF prior to 2.1.1 contain a buffer error vulnerability, which stems from unknown parts of the NGSetupRequest Handler component, potentially leading to memory corruption...
amf 缓冲区错误漏洞
AMF is a control plane function in the Aether SD-Core Project’s open-source 5G core network. Versions of AMF prior to 2.1.1 contained a buffer error vulnerability. This vulnerability originates from the PDUSessionResourceModifyIndication function in the /go/src/amf/ngap/handler.go file, and it...
New API SQL注入漏洞
The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.12.1 have a SQL injection vulnerability. This vulnerability originates from the SearchUserTopUps/SearchAllTopUps function in the model/topup.go file of the self Endpoint component, which may lead to...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fragment transmission helper function failing to propagate the SKBFLSHAREDFRAG bit. This coul...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the skbtrycoalesce function does not propagate the SKBFLSHAREDFRAG flag during...
10-Strike Network Inventory Explorer 安全漏洞
10-Strike Network Inventory Explorer is a scanning software developed by 10-Strike Corporation. It is used to track hardware and software on network computers. Version 8.54 of 10-Strike Network Inventory Explorer contains a security vulnerability. This vulnerability stems from a stack-based buffe...
Dell ECS 访问控制错误漏洞
Dell ECS is an enterprise-level object storage solution from the American company Dell. Versions 3.5 and 3.6 of Dell ECS contain access control vulnerability issues. This vulnerability stems from improper access control in the identity and access management module, which may allow remote...
Ubiquiti UniFi OS Server 安全漏洞
The Ubiquiti UniFi OS Server is a server platform developed by the Ubiquiti company, designed for managing UniFi networks and security devices. The Ubiquiti UniFi OS Server has a security vulnerability, which stems from improper input validation. This vulnerability could allow malicious actors wi...
WordPress plugin CBX 5 Star Rating & Review 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CIOP-PIB STER 安全漏洞
CIOP-PIB STER is a occupational safety and human ergonomics risk assessment software system developed by the Polish company CIOP-PIB. Versions of CIOP-PIB STER prior to version 9.5 contained security vulnerabilities. These vulnerabilities stemmed from the use of unencrypted TCP traffic for data...
WordPress plugin KIA Subtitle 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Microsoft Azure Entra ID 安全漏洞
Microsoft Azure Entra ID is a cloud-based identity and access management service provided by Microsoft Corporation in the United States. There is a security vulnerability in Microsoft Azure Entra ID, which stems from improper permission management. This vulnerability could allow unauthorized...
Microsoft Office SharePoint 代码问题漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. There is a code vulnerability in Microsoft Office SharePoint, which stems from deserializing untrusted data, potentially allowing authorized attackers to execute...
BentoML 后置链接漏洞
BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Versions of BentoML prior to 1.4.38 contained a post-link vulnerability. This vulnerability stemmed from the fact that the bui...
Arm NN 安全漏洞
Arm NN is an open-source machine learning inference engine optimized for the Arm architecture, developed by Arm Software. Versions of Arm NN prior to 2026-03-27 contained a security vulnerability. This vulnerability stemmed from integer overflow in the TensorShape::GetNumElements function, which...
ClipBucket 安全漏洞
ClipBucket is an open-source PHP script developed by MacWarrior. It is available for free download and used to create video-sharing websites. Version 5.5.2 of ClipBucket contains a security vulnerability. This vulnerability stems from the authentication interface, the login page endpoint, and the...
Ubiquiti UniFi OS Server 安全漏洞
The Ubiquiti UniFi OS Server is a server platform developed by the Ubiquiti company, designed for managing UniFi networks and security devices. The Ubiquiti UniFi OS Server has a security vulnerability that stems from path traversal attacks. This vulnerability may allow malicious actors with...