195539 matches found
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability stems from an access control flaw in the Account Resources user lookup endpoint. It allows remote authenticated users who have at least one...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from the improper application of the OIDC bypass feature in the domain-level notBefore policy. This vulnerability may cause revoked tokens to remain...
Pharmacy Management System 安全漏洞
The Pharmacy Management System MPMS is a multilingual pharmacy management system developed by Mayuri K. The Pharmacy Management System 5c3d028 version has a security vulnerability. This vulnerability stems from the /api/user/signup endpoint, which fails to validate the role parameter in the reque...
Nozomi Networks CMC和Nozomi Networks Guardian 安全漏洞
Nozomi Networks CMC and Nozomi Networks Guardian are both products of Nozomi Networks, a company based in the United States. Nozomi Networks CMC is a network management platform. Nozomi Networks Guardian is a security software. Both Nozomi Networks CMC and Nozomi Networks Guardian have security...
terrascan 代码问题漏洞
Trenescan is an open-source infrastructure code static security analysis tool developed by Tenable. Versions of Trenescan 1.18.3 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the webhookurl parameter of the file...
Microsoft Defender 安全漏洞
Microsoft Defender is a threat protection software developed by the American company Microsoft. There is a security vulnerability in Microsoft Defender, and this vulnerability stems from a denial-of-service attack...
ExifReader 安全漏洞
ExifReader is a image metadata extraction library developed by Mattias Wallander. Versions of ExifReader prior to 4.39.0 contained security vulnerabilities. These vulnerabilities stemmed from insufficient boundary validation when processing ICC mluc tags, which could lead to a memory exhaustion...
NGINX JavaScript 安全漏洞
NGINX JavaScript is an extension developed by NGINX as open source. There is a security vulnerability in NGINX JavaScript. This vulnerability arises when configuring NGINX variables controlled by the jsFetchProxy directive, which may lead to a heap buffer overflow, resulting in the restart of the...
Escargot 资源管理错误漏洞
Escargot is a lightweight JavaScript engine developed by Samsung as open source, suitable for resource-constrained embedded devices. Escargot has a resource management vulnerability that stems from the reuse of freed resources, potentially leading to pointer manipulation issues...
AMD多款产品 安全漏洞
AMD Ryzen and AMD EPYC are both products of American semiconductor company AMD. AMD Ryzen is a central processing unit CPU. AMD EPYC is a high-performance server processor. Several AMD products have security vulnerabilities. These vulnerabilities stem from improper input validation, which may all...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a buffer overflow vulnerability, which was caused by GPU out-of-bound reads. This vulnerability could allow remote attackers to obtain sensitive information from process memory...
Mozilla Firefox和Mozilla Thunderbird 安全漏洞
Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...
OpenHarmony 安全漏洞
OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contain security vulnerabilities, and attackers can exploit these vulnerabilities to cause information leaks...
WordPress plugin Kirki – Freeform Page Builder, Website Builder & Customizer 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
OpenHarmony 资源管理错误漏洞
OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contained a resource management vulnerability that allowed attackers to execute arbitrary code...
Mozilla Firefox和Mozilla Thunderbird 安全漏洞
Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...
Scalar 安全漏洞
Scalar is an interactive API documentation and testing tool developed by Scalar OpenSource. Version 0.1.13 of Scalar contains a security vulnerability. This vulnerability stems from an arbitrary file upload vulnerability in the scalarurl query parameter of the Scalar Proxy endpoint, which could...
CtrlPanel.gg 安全漏洞
CtrlPanel.gg is an open-source hosting service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg prior to 1.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the management settings update endpoint accepting user-provided class names and using th...
Panabit PAP-XM320 操作系统命令注入漏洞
Panabit PAP-XM320 is an enterprise-level Internet behavior management and traffic control gateway device developed by Panabit Corporation. Versions of Panabit PAP-XM320 prior to v7.7 contain a vulnerability related to operating system command injection. This vulnerability arises from the...
SAMSUNG Walrus 代码问题漏洞
SAMSUNG Walrus is a WebAssembly runtime engine developed by South Korean company Samsung. There is a code vulnerability in SAMSUNG Walrus, which stems from null pointer dereferencing. This vulnerability could allow attackers to exploit it by using specially crafted WebAssembly modules that contai...
SAMSUNG Escargot 安全漏洞
SAMSUNG Escargot is a memory-optimized JavaScript engine developed by South Korea’s Samsung Corporation. It is suitable for mid-range devices such as smartphones, tablets, and TVs. There is a security vulnerability in SAMSUNG Escargot, which stems from improper handling of exception conditions,...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a security vulnerability caused by a Chromecast heap buffer overflow. This vulnerability could allow local attackers to execute arbitrary code within a sandbox through malicious...
Rocket.Chat 访问控制错误漏洞
Rocket.Chat is a chat software developed by the Rocket.Chat company. Vulnerabilities in access control existed in versions prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12. These vulnerabilities stemmed from the lack of room access checks for the...
编号撤回
BYD Atto3 is a pure electric compact SUV produced by BYD Corporation of China. The BYD Atto3 has a security vulnerability. This vulnerability allows attackers to obtain permanently valid authentication keys through brute-force attacks, enabling them to perform flash memory operations on the ECUs...
Panabit PAP-XM320 操作系统命令注入漏洞
Panabit PAP-XM320 is an enterprise-level Internet access behavior management and traffic control gateway device developed by Panabit Corporation. Versions of Panabit PAP-XM320 prior to V7.7 contain a vulnerability related to operating system command injection. This vulnerability arises from the W...
OpenHarmony 缓冲区错误漏洞
OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contained a buffer error vulnerability, which allowed attackers to execute arbitrary code in pre-installed applications...
Mozilla Thunderbird 缓冲区错误漏洞
Mozilla Thunderbird is an email client software developed by the Mozilla Foundation in the United States, and it is a standalone version of the Mozilla Application Suite. This software supports IMAP and POP email protocols, as well as HTML email formats. Version 150 of Mozilla Thunderbird contain...
Mozilla Firefox和Mozilla Thunderbird 访问控制错误漏洞
Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...
Mozilla Firefox for Android 安全漏洞
Mozilla Firefox for Android is a web browser designed for Android devices by the Mozilla Foundation in the United States. Versions of Mozilla Firefox for Android prior to version 151 contained a security vulnerability, which was caused by a deceptive issue with the Toolbar component...
Mozilla Firefox和Mozilla Thunderbird 安全漏洞
Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...
Mozilla Firefox和Mozilla Thunderbird 安全漏洞
Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that was separated from the Mozilla Application Suite. This software supports IMAP and POP email protocols, ...
Drupal Orejime 跨站脚本漏洞
Drupal Orejime is a Drupal privacy and cookie consent management module developed by the Drupal company. Versions of Drupal Orejime prior to 2.0.16 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during the web page generation process, which could le...
Mantis Bug Tracker 跨站脚本漏洞
Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker 2.28.1 and earlier had a cross-site scripting vulnerability. This vulnerability occurred when cloning issues from other projects, where the clone form added the source project...
Template 跨站脚本漏洞
Template is a quick and simple string templating tool developed by Blake Embrey. Versions of Template 3.102 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the htmlfilter function not escaping single quotes, which could lead to HTML and JavaScript injection...
zenshin 安全漏洞
Zenshin is an animation list management and media streaming tool developed by Hitarth. Versions of Zenshin prior to 2.7.0 contained security vulnerabilities. These vulnerabilities stemmed from OS command injection in the /stream-to-vlc Express route, which could allow remote attackers to execute...
Eclipse Glassfish 代码注入漏洞
Eclipse Glassfish is an application server developed by the Eclipse Foundation. Eclipse Glassfish has a code injection vulnerability. This vulnerability stems from allowing users with panel access rights to send custom requests, thereby enabling them to execute arbitrary operating system commands...
Apache Camel 安全漏洞
Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern and allows routing and mediation rules to be configured...
Vaadin Flow 安全漏洞
Vaadin Flow is an open-source application developed by Vaadin. It is a Java framework for the Vaadin platform, used to build modern websites that are visually appealing, perform well, and satisfy both you and your users. Versions of Vaadin Flow from 23.0.0 to 23.6.9, 24.0.0 to 24.10.3, and 25.0.0...
Apache OFBiz 授权问题漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a security vulnerability related to authorization logic. This...
TYPO3 Extension Frontend User Registration 安全漏洞
TYPO3 Extension Frontend User Registration is an open-source extension for TYPO3 that handles user registration at the frontend level. There is a security vulnerability in TYPO3 Extension Frontend User Registration. This vulnerability stems from the lack of restrictions on the submission of user...
Apache OFBiz 注入漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had a vulnerability related to injections. This vulnerability stemmed from...
Apache OFBiz 跨站脚本漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had a cross-site scripting vulnerability; this vulnerability was due to imprope...
Apache OFBiz 安全漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained security vulnerabilities, which were caused by improper input...
MLflow 访问控制错误漏洞
MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Version 3.9.0 of MLFlow contains a security vulnerability related to access control. This...
Apache OFBiz 路径遍历漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had a path traversal vulnerability; this vulnerability stemmed from improper pa...
AutoGPT 代码问题漏洞
AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. There were code vulnerabilities in versions 0.1.0 to 0.6.51 of AutoGPT. These vulnerabilities stemmed from the SendEmailBlock function, which accepted parameters for the smtpserver and...
AutoGPT 资源管理错误漏洞
AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. In versions 0.4.2 to 0.6.51 of AutoGPT, there was a resource management vulnerability. This vulnerability occurred because the downloadagentfile endpoint created temporary files without...
HestiaCP 代码问题漏洞
HestiaCP is a lightweight and powerful control panel suitable for modern networks. Versions 1.9.0 to 1.9.4 of HestiaCP have code vulnerabilities. These vulnerabilities stem from deserialization in the Web terminal component, allowing unauthenticated remote attackers to execute root-level code...
Apache OFBiz 路径遍历漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a path traversal vulnerability. This vulnerability was due to imprope...
Apache OFBiz 安全漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained security vulnerabilities, which were caused by improper handling of...