195539 matches found
Devolutions Server 安全漏洞
Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. There were security vulnerabilities in the Devolutions Server version 2026.1.6.0 to 2026.1.16.0. These vulnerabilities...
Apache CXF 安全漏洞
Apache CXF is an open-source web service framework developed by the Apache Foundation in the United States. This framework supports various web service standards and multiple front-end programming APIs. There is a security vulnerability in Apache CXF, which stems from LDAP injection in the XKMS...
Dell PowerFlex Manager 安全漏洞
Dell PowerFlex Manager is a product of the American company Dell. Versions of Dell PowerFlex Manager prior to 4.6.2 contained security vulnerabilities. These vulnerabilities were due to incorrect permission allocation, which could allow low-privilege attackers with local access to escalate their...
Amazon Web Services Kiro CLI 安全漏洞
Amazon Web Services Kiro CLI is a command-line intelligent programming tool provided by Amazon, which supports AI agents, MCP integration, and terminal automation. Versions of the Amazon Web Services Kiro CLI prior to 1.28.0 contained security vulnerabilities. These vulnerabilities stemmed from...
PCManFM-Qt 安全漏洞
PCManFM-Qt is an open-source file manager based on Qt, developed by LXQt. Versions of PCManFM-Qt 1.1.0 and later contain security vulnerabilities. These vulnerabilities arise when regular file paths are passed as URIs to the org.freedesktop.FileManager1.ShowFolders D-Bus method call. In such case...
Typebot 安全漏洞
Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained a security vulnerability. This vulnerability stemmed from the fact that HTTP request blocks and code blocks validated the initial request URL using validateHttpReqUrl. However...
Typebot 安全漏洞
Typebot is an open-source chat bot builder developed by Baptiste Arnaud. There were security vulnerabilities in versions of Typebot prior to 3.16.0. These vulnerabilities stemmed from the Typebot viewer’s failure to filter javascript: URI schemes when rendering rich text bubble content, allowing...
Typebot 安全漏洞
Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot prior to 3.16.0 contained security vulnerabilities. These vulnerabilities stemmed from the SRFI protection for Webhook/HTTP requests, which only verified URL strings and allowed host name parameters and...
Typebot 安全漏洞
Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the preview chat endpoint, which allowed unverified users to forge server-side requests by providing custom bot...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...
Typebot 安全漏洞
Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the RatingButton component in the embed package using Solid’sinnerHTML directive to render the customIcon.svg fiel...
Concrete CMS 安全漏洞
Concrete CMS is an open-source content management system developed by Concrete CMS. Versions 9.0 to 9.5.0 of Concrete CMS have security vulnerabilities. These vulnerabilities stem from stored cross-site scripting in page names within the Atomik theme. This could allow malicious editors to inject...
Concrete CMS 安全漏洞
Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier contain security vulnerabilities. These vulnerabilities stem from insecure direct object references in the Express-associated reorder dialog boxes, as well as incorrect...
Apache CXF 安全漏洞
Apache CXF is an open-source web service framework developed by the Apache Foundation in the United States. This framework supports various web service standards and multiple front-end programming APIs. There is a security vulnerability in Apache CXF, which stems from an insecure XML parser...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.6.0 and earlier 11.6.x series, 11.5.3 and earlier 11.5.x series, 11.4.4 and earlier 11.4.x series, as well as 10.11.14 and earlier 10.11.x series. Thes...
Vifm 安全漏洞
Vifm is a Vim-style file manager developed by Vifm. Versions 0.12.1 to 0.14.3 of Vifm contain security vulnerabilities. These vulnerabilities stem from heap buffer overflows during historical merges, which could lead to memory corruption or application crashes...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...
WordPress plugin Widget Context 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Request Tracker SQL注入漏洞
Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions 5.0.0 to 5.0.9, as well as 6.0.0 to 6.0.2, have a SQL injection vulnerability. This vulnerability arises from SQL injections, allowing authenticated users to construct inputs and merge them into...
Mantis Bug Tracker 跨站脚本漏洞
Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions 2.11.0 to 2.28.1 of Mantis Bug Tracker contain a cross-site scripting vulnerability. This vulnerability stems from improper escaping of the filter owner’s name, which may lead to stored-cross-site...
Mermaid 安全漏洞
Mermaid is an open-source application developed by mermaid-js. It uses text and code to create charts and visualizations. Mermaid versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, have security vulnerabilities. These vulnerabilities stem from HTML injection under default...
Mermaid 代码注入漏洞
Mermaid is an open-source application developed by mermaid-js. It uses text and code to create charts and visualizations. Mermaid versions 10.9.5 and earlier, as well as versions 11.0.0-alpha.1 through 11.12.0, have a code injection vulnerability. This vulnerability stems from improper cleanup...
Vinades NukeViet 跨站脚本漏洞
Vinades NukeViet is an open-source content management system CMS developed by the Vietnamese company Vinades. Versions of Vinades NukeViet 4.5.07 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from insufficient input cleansing on the server side, which could lead...
Mantis Bug Tracker 安全漏洞
Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Mantis Bug Tracker versions 2.28.1 and earlier have security vulnerabilities, which stem from improper escaping of redirect pages, potentially leading to HTML injection attacks. The following versions are...
Devise 输入验证错误漏洞
Devise is an open-source authentication solution based on Warden, developed by heartcombo. Versions of Devise prior to 5.0.3 contained a vulnerability related to input validation. This vulnerability stemmed from the FailureAppredirecturl method returning an unvalidated HTTP Referer header, which...
Apache CXF 安全漏洞
Apache CXF is an open-source web service framework developed by the Apache Foundation in the United States. This framework supports various web service standards and multiple front-end programming APIs. There are security vulnerabilities in Apache CXF; these vulnerabilities arise from incomplete...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from an unchecked string length overflow. This vulnerability may lead to the return of...
Ivanti Secure Access Client 信任管理问题漏洞
Ivanti Secure Access Client is a security software client developed by the American company Ivanti. Versions of Ivanti Secure Access Client prior to 22.8R6 contained a vulnerability related to trust management. This vulnerability stemmed from improper certificate verification, which could allow...
Mantis Bug Tracker 安全特征问题漏洞
Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.1 contained a security vulnerability related to the script-src directive, which allowed bypassing content security policies by uploading specially crafted...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from malicious SSH peers being able to send unrequested global request responses that can...
F5 NGINX Plus和F5 NGINX Open Source 安全漏洞
F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...
Typebot 安全漏洞
Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained a security vulnerability. This vulnerability stemmed from the lack of cleanup for configuration file upload forms or the absence of restrictions on SVG/XML uploads, which coul...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from using Render to render arbitrary HTML. This can lead to an unexpected HTML tree, and...
Dell PowerFlex Manager 加密问题漏洞
Dell PowerFlex Manager is a software-defined infrastructure deployment and lifecycle management platform developed by the American company Dell. Versions of Dell PowerFlex Manager prior to 4.6.2 contained an encryption vulnerability. This vulnerability stemmed from the use of defective or high-ri...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go. This vulnerability arises from authenticated SSH clients repeatedly opening channels that are rejecte...
authentik 安全漏洞
Authentik is an open-source identity provisioning application developed by Authentik. Versions of Authentik prior to 2025.12.5, as well as versions from 2026.2.0-rc1 to 2026.2.2, contained security vulnerabilities. These vulnerabilities stemmed from the fact that the API response for GET...
authentik 安全漏洞
Authentik is an open-source identity provisioning application developed by Authentik. Versions of Authentik prior to 2025.12.5, as well as versions from 2026.2.0-rc1 to 2026.2.2, contained security vulnerabilities. These vulnerabilities stemmed from the PATCH /api/v3/core/users/pk/ API, which...
WordPress plugin GSheet For Woo Importer 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Trend Micro Apex One 路径遍历漏洞
Trend Micro Apex One is a terminal protection software developed by Trend Micro, a US-based company. Trend Micro Apex One has a path traversal vulnerability, which originates from the management console. This vulnerability could allow remote attackers to upload malicious code and execute commands...
Netatalk 授权问题漏洞
Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.2.2 to 4.4.2 of Netatalk contained vulnerabilities related to authorization. These vulnerabilities stemmed from...
Honeywell Control Network Module 安全漏洞
The Honeywell Control Network Module is a network communication control module developed by the American company Honeywell, aimed at industrial automation and process control systems. The Honeywell Control Network Module has a security vulnerability, which stems from command injection in the web...
Netatalk 格式化字符串错误漏洞
Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.0.3 to 4.4.2 of Netatalk contain a vulnerability related to formatted string errors. This vulnerability arises from...
Netatalk 安全漏洞
Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.0 to 4.4.2 of Netatalk have security vulnerabilities. These vulnerabilities stem from a minor error in the lpwrite functio...
Trend Micro Apex One 路径遍历漏洞
Trend Micro Apex One is a terminal protection software developed by Trend Micro, a US-based company. Trend Micro Apex One has a path traversal vulnerability, which originates from the management console. This vulnerability could allow remote attackers to upload malicious code and execute commands...
Trend Micro Apex One 访问控制错误漏洞
Trend Micro Apex One is a terminal protection software developed by Trend Micro, a US-based company. Trend Micro Apex One has an access control vulnerability, which stems from a source verification error. This vulnerability may allow local attackers to gain elevated privileges...
ZOHO多款产品 命令注入漏洞
ZOHO ManageEngine DataSecurity Plus is a product of the American company ZOHO. ZOHO ManageEngine DataSecurity Plus is a sensitive data management solution. ZOHO ManageEngine ADSelfService Plus is an integrated self-service password management and single-sign-on solution for Active Directory and...