195539 matches found
NLnet Labs Unbound 缓冲区错误漏洞
NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. Versions of NLnet Labs Unbound 1.25.0 and earlier contained a buffer error vulnerability. This vulnerability stemmed from the use of incorrect counters in the DNSSEC verifier to calculate the write offset, resulting...
NLnet Labs Unbound 安全漏洞
NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. Versions of NLnet Labs Unbound 1.25.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by mixed records in the authoritative section, leading to cache poisoning. Attackers could...
WordPress plugin ProSolution WP Client 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...
NLnet Labs Unbound 安全漏洞
NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. Versions of NLnet Labs Unbound from 1.14.0 to 1.25.0 contain security vulnerabilities. These vulnerabilities stem from inconsistent locking mechanisms, and under certain conditions, they may lead to heap reclamation...
NLnet Labs Unbound 安全漏洞
NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. Versions of NLnet Labs Unbound 1.25.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the possibility of service degradation when processing a large number of incoming EDNS options...
NLnet Labs Unbound 访问控制错误漏洞
NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. In versions 1.16.2 to 1.25.0 of NLnet Labs Unbound, there is an access control vulnerability. This vulnerability stems from a phantom domain attack. It allows attackers to control phantoms and query the vulnerable...
NLnet Labs Unbound 资源管理错误漏洞
NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. In versions 1.19.1 to 1.25.0 of NLnet Labs Unbound, there is a resource management vulnerability. This vulnerability stems from incorrect overwriting of target pointers when deep copying data structures in the DNSSE...
Taiko AG1000-01A SMS Alert Gateway 信任管理问题漏洞
The Taiko AG1000-01A SMS Alert Gateway is an industrial communication gateway device developed by Taiko Company in Singapore. It supports SMS-based alert notifications and remote event messaging. Both the Rev 7.3 and Rev 8 versions of the Taiko AG1000-01A SMS Alert Gateway contain vulnerabilities...
WordPress plugin Nexa Blocks 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
tickets 跨站脚本漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of Tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting flaw in the addfacnote.php file. It could...
tickets 跨站脚本漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of Tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting vulnerability in routesnm.php, which coul...
Sitemio WISECP 跨站请求伪造漏洞
Sitemio WISECP is an automated management and billing platform developed by the Turkish company Sitemio, aimed at hosting services and domain name services. Versions of Sitemio WISECP from 2002 to 2026 had a cross-site request forgeing vulnerability. This vulnerability stems from cross-site reque...
Cisco ThousandEyes Virtual Appliance 注入漏洞
The Cisco ThousandEyes Virtual Appliance is a virtualization network monitoring device developed by Cisco Corporation. It provides network path monitoring and digital experience observability capabilities. The device has an injection vulnerability, which stems from insufficient user input...
WordPress plugin General Options 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
Dell PowerFlex Manager 安全漏洞
Dell PowerFlex Manager is a software-defined infrastructure deployment and lifecycle management platform developed by the American company Dell. Versions of Dell PowerFlex Manager prior to 4.6.2 contain security vulnerabilities. These vulnerabilities stem from the exposure of directory list...
Frappe 路径遍历漏洞
Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. Versions of Frappe prior to 15.105.0 and 16.15.0 have a path traversal vulnerability. This vulnerability arises from the possibility that path traversal may...
NLnet Labs Unbound 安全漏洞
NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. Versions of NLnet Labs Unbound 1.25.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from unbound name compression operations when handling large RRsets, which could lead to performanc...
WordPress plugin Presto Player 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
Ledger Live 代码问题漏洞
Ledger Live is an encrypted asset management application developed by the French company Ledger. Versions of Ledger Live prior to 6.34.7 contained a code vulnerability caused by integer parsing issues. This vulnerability allowed attackers to manipulate EIP-712 type data messages by exploiting...
Microsoft Windows BitLocker 命令注入漏洞
Microsoft Windows BitLocker is a security feature provided by Microsoft that ensures the recovery key is backed up and secure before it is activated. Microsoft Windows BitLocker has a command injection vulnerability, which stems from a flaw in the security function’s implementation. The following...
SAMSUNG Escargot 安全漏洞
SAMSUNG Escargot is a memory-optimized JavaScript engine developed by South Korea’s Samsung Corporation. It is suitable for mid-range devices such as smartphones, tablets, and TVs. SAMSUNG Escargot has a security vulnerability that stems from the release of invalid pointers or references, which m...
SAMSUNG Escargot 安全漏洞
SAMSUNG Escargot is a memory-optimized JavaScript engine developed by South Korea’s Samsung Corporation. It is suitable for mid-range devices such as smartphones, tablets, and TVs. SAMSUNG Escargot has a security vulnerability caused by uncontrolled recursion, which may lead to the handling of...
OpenHarmony 输入验证错误漏洞
OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contained a vulnerability related to input validation. Attackers could exploit this vulnerability to cause denial-of-service attacks...
Keycloak 输入验证错误漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a vulnerability related to input validation. This vulnerability stems from differences in the URL validation logic during redirection operations, which may allow attackers to bypass...
Live555 安全漏洞
LIVE555 is a cross-platform C++ open-source project that provides solutions for streaming media. It supports standard streaming media transmission protocols such as RTP/RTCP, RTSP, and SIP. Versions of LIVE555 before 2026.04.22 had security vulnerabilities. These vulnerabilities stemmed from...
terrascan 安全漏洞
Trenescan is an open-source infrastructure code static security analysis tool developed by Tenable. Versions of Trenescan 1.18.3 and earlier contain security vulnerabilities. These vulnerabilities stem from a server-side request forgeing vulnerability in the remote directory scanning endpoint’s...
Apache OFBiz 授权问题漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had an authorization vulnerability, which stemmed from improper authentication...
GoHTTP 路径遍历漏洞
GoHTTP is a web server written in C language by itang’s individual developer. Version 34ea51 of GoHTTP has a path traversal vulnerability, which allows attackers to perform directory traversal by submitting specially crafted requests...
OpenHarmony 安全漏洞
OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contained security vulnerabilities, allowing attackers to execute arbitrary code in pre-installed applications...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability stems from an insecure direct object reference issue in the authorization service’s protected API endpoints. It allows authenticated clients ...
OpenHarmony 代码问题漏洞
OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier have code vulnerabilities that can be exploited by attackers to cause denial-of-service attacks...
Broadcom Automic Automation Agent 安全漏洞
Broadcom Automic Automation Agent is a proxy program developed by Broadcom Corporation in the United States. It serves as an automation agent for enterprise-level tasks, supporting cross-platform job scheduling, process orchestration, and IT operations automation. It is suitable for automated...
Mozilla Firefox和Mozilla Thunderbird 安全漏洞
Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from the server’s processAction function not verifying the new credential parameters. This could lead to the creation of non-compliant credentials by...
Nozomi Networks CMC和Nozomi Networks Guardian 跨站脚本漏洞
Nozomi Networks CMC and Nozomi Networks Guardian are both products of Nozomi Networks, a company based in the United States. Nozomi Networks CMC is a network management platform. Nozomi Networks Guardian is a security software. Both Nozomi Networks CMC and Nozomi Networks Guardian have cross-site...
OpenHarmony 缓冲区错误漏洞
OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contained a buffer error vulnerability. Attackers could exploit this vulnerability to cause denial-of-service attacks that were irreversible...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the possibility for low-privilege users to bypass security controls and disable the implicit flow of OIDC clients, potentially leading to the leakage o...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a resource management vulnerability. This vulnerability stemmed from the reuse of WebRTC after it was released, which could allow remote attackers to execute arbitrary code through ...
SAMSUNG Walrus 代码问题漏洞
SAMSUNG Walrus is a WebAssembly runtime engine developed by South Korea’s Samsung Corporation. There is a code vulnerability in SAMSUNG Walrus, which stems from null pointer dereferencing, potentially leading to pointer-related issues...
Mozilla多款产品 资源管理错误漏洞
Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...
Nozomi Networks Guardian和Nozomi Networks CMC 跨站脚本漏洞
Nozomi Networks Guardian and Nozomi Networks CMC are both products of the American company Nozomi Networks. Nozomi Networks Guardian is an IoT device and software inspection system. Nozomi Networks CMC is an application software that provides centralized OT and IoT security management. Both Nozom...
WordPress plugin Kirki – Freeform Page Builder, Website Builder & Customizer 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 151 and Mozilla Thunderbird prior to version 151 contained security vulnerabilities, which were caused by deceptive issues in WebExtensions...
Mozilla Firefox 信息泄露漏洞
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 151.0 contained a vulnerability related to information leakage. This vulnerability stemmed from Reader mode being hosted on unauthenticated local web server...
OPPO O+ Connect 安全漏洞
OPPO O+ Connect is a multi-device connectivity and data collaboration platform developed by OPPO Corporation in China. There is a security vulnerability in OPPO O+ Connect, which stems from the failure to verify the identity of the caller on the pipeline interface, potentially leading to an...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from an authentication flaw in the WebAuthn process. This flaw allows remote attackers to reissue the ExecuteActionsActionToken token, enabling them ...
libheif 缓冲区错误漏洞
LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a buffer error vulnerability. This vulnerability stems from excessive heap buffer reading in the HeifPixelImage::overlay function, where a...
libheif 安全漏洞
LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain security vulnerabilities. These vulnerabilities stem from a heap buffer overflow in the MaskImageCodec::decodemaskimage function, where no...
Motorola Factory Test 安全漏洞
Motorola Factory Test is a mobile device hardware testing and production testing tool developed by the American company Motorola. Motorola Factory Test contains a security vulnerability. This vulnerability stems from the use of references to writable file descriptors in applications, which may...
Apache OFBiz 信息泄露漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a vulnerability related to information leakage, which resulted in...