195539 matches found
Concrete CMS 跨站脚本漏洞
Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier had a cross-site scripting vulnerability. This vulnerability occurred due to the OAuth integration name being rendered using the t translation assistant. As a result, the...
Concrete CMS 代码问题漏洞
Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have code vulnerabilities. These vulnerabilities stem from insecure deserialization in the ExpressEntryList block controller. This could allow malicious administrators wi...
IINA 参数注入漏洞
IINA is an open-source modern macOS video player developed by IINA. Versions of IINA prior to 1.4.3 had a parameter injection vulnerability. This vulnerability stemmed from the lack of validation for the mpvoptions/input-commands parameter via the custom URL scheme iina://open. This allowed remot...
tickets 信任管理问题漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the disabling of TLS certificate verification in incs/login.inc.php,...
tickets 信任管理问题漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the disabling of TLS certificate verification in the file...
tickets 信任管理问题漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the disabling of TLS certificate verification in the ajax/reports.php file...
tickets SQL注入漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the fact that the values of latitude, longitude, callsign, mph, altitude, and timestamp,...
tickets SQL注入漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from multiple POST parameters in tables.php—tablename, indexname, and sortby—which were...
tickets 跨站脚本漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the type POST parameter in the landb.php file, allowing uncleaned valu...
tickets 跨站脚本漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the frmaddstr POST parameter was not cleared in icc202.php, allowin...
tickets 跨站脚本漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of cleanup in the deletemodule.php file, allowing multiple POST paramete...
tickets 跨站脚本漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to clean the frmaddstr POST parameter in ics205a.php, allowing for th...
tickets 跨站脚本漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the frmaddstr POST parameter was not cleared in ics205.php, allowin...
tickets 跨站脚本漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the circular.php file, where the frmid POST parameter was directly inserted into...
tickets 跨站脚本漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the direct insertion of the ticketid POST parameter into HTML form input fields...
MLflow 访问控制错误漏洞
MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code into repeatable runs, and sharing and deploying models. Versions of mlflow prior to 3.9.0 contained a access control vulnerability. This vulnerability...
PowerDNS Authoritative 命令注入漏洞
PowerDNS Authoritative is a DNS server software developed by PowerDNS Corporation. PowerDNS Authoritative has a command injection vulnerability, which stems from insufficient name validation during the AXFR process...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fbdev: udlfb module. In this module, the dlfbopsmmap function does not set vmops, causing the...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an incorrect inference of the zero-copy status during the cleanup phase before messages are...
Concrete CMS 跨站请求伪造漏洞
Concrete CMS is an open-source content management system designed for teams. Versions of Concrete CMS prior to 9.5.0 had a cross-site request forgeing vulnerability. This vulnerability stems from the function concrete/controllers/backend/file removeFavoriteFolder$id, which is vulnerable to...
tickets SQL注入漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the direct concatenation of the id GET parameter in the ajax/mobilemain.php file into th...
Uncrustify 安全漏洞
Uncrustify is an open-source multi-language source code formatting tool developed by uncrustify. The version UncrustifyUncrustifyd-0.82.0-132-bcc41cbdc contains security vulnerabilities. These vulnerabilities stem from buffer overflows in the checktemplate.cpp file, the checktemplate function, th...
Concrete CMS 安全漏洞
Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have security vulnerabilities, which stem from IDOR. These vulnerabilities may allow unauthorized access to all conversation messages and file attachments...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from IPv6: when the SRH compression level increases in RPL, the maclen header field is not reserved,...
authentik 安全漏洞
Authentik is an open-source identity provisioning application developed by Authentik. Versions of Authentik prior to 2025.12.4, as well as versions from 2026.2.0-rc1 to 2026.2.2, contain security vulnerabilities. These vulnerabilities stem from XML injection in SAML NameID fields, which could all...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of current instead of waiter::task in the removewaiter function within the rtmutex. This...
PowerDNS Authoritative 资源管理错误漏洞
PowerDNS Authoritative is a DNS server software developed by PowerDNS Corporation. PowerDNS Authoritative has a resource management vulnerability, which stems from insufficient validation of Autoprimary SOA queries...
Netatalk 安全漏洞
Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.0 to 4.4.2 of Netatalk have security vulnerabilities. These vulnerabilities stem from improper handling of uppercase...
Netatalk 缓冲区错误漏洞
Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 1.3 to 4.4.2 of Netatalk contained a buffer error vulnerability. This vulnerability stemmed from out-of-bounds reading during...
NVIDIA BioNeMo 代码问题漏洞
NVIDIA BioNeMo is a generative AI model development and training platform for the biomedical field developed by NVIDIA Corporation in the United States. NVIDIA BioNeMo has code vulnerabilities, which stem from insecure data deserialization. These vulnerabilities may lead to code execution, denial...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a resource management vulnerability. This vulnerability stemmed from the reuse of WebRTC after it was released, which could allow remote attackers to execute arbitrary code through ...
WordPress plugin Cost of Goods by PixelYourSite 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
MongoDB C Driver 安全漏洞
The MongoDB C Driver is an open-source client driver library for connecting to and operating MongoDB databases in C-language programs. There is a security vulnerability in the MongoDB C Driver, which stems from the lack of proper validation of file metadata by the traditional GridFS API. This...
Talend Administration Center 安全漏洞
Talend Administration Center is a web-based application developed by Talend Corporation in the United States. It allows for centralized management of workspaces. Talend Administration Center has a security vulnerability that stems from stored XSS payloads. This vulnerability could be exploited by...
NVIDIA BioNeMo Core 安全漏洞
NVIDIA BioNeMo Core is a deep learning framework component developed by NVIDIA Corporation for biomedical and protein AI model development. There is a security vulnerability in NVIDIA BioNeMo Core, which stems from the loading of malicious files leading to path traversal. This vulnerability may...
Esri ArcGIS Server 安全漏洞
Esri ArcGIS Server is a web-based enterprise-level software platform provided by Esri that can deliver geographic services. Version 11.5 of Esri ArcGIS Server contains a security vulnerability. This vulnerability stems from a weakness in input validation within the login redirection workflow. Thi...
WordPress plugin Anomify AI 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin Infility Global SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Nimiq 安全漏洞
Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq 1.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from malicious network peer nodes publishing specially crafted Kademlia DHT records where the length of the signature field is...
Rsync 缓冲区错误漏洞
Rsync is a fast and versatile file copying tool developed by RsyncProject. It is used for both remote and local files. Versions of Rsync 3.4.2 and earlier have a buffer error vulnerability. This vulnerability stems from a 32-bit signed counter in the compression token decoder that does not check...
WordPress plugin All in One SEO 信息泄露漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
libzypp 安全漏洞
Libzypp is a package manager developed by OpenSUSE. There is a security vulnerability in Libzypp, which arises when the chroot target is the system root directory. This vulnerability allows for traversing paths with root privileges, enabling execution of host binary files...
tickets 跨站脚本漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting flaw in the dounitmail.php file. It could...
Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...
WordPress plugin NextGEN Gallery 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
NVIDIA Triton Inference Server 资源管理错误漏洞
NVIDIA Triton Inference Server is an open-source software developed by NVIDIA Corporation. It helps standardize model deployment and provide fast, scalable AI capabilities in production environments. NVIDIA Triton Inference Server has a resource management vulnerability that stems from uncontroll...
WordPress plugin Sentence To SEO 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Easy Elements for Elementor – Addons & Website Templates 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin Sticky 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin Word 2 Cash 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...