195539 matches found
CtrlPanel.gg 跨站脚本漏洞
CtrlPanel.gg is an open-source hosting service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg 1.1.1 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the content of responses in the ticket reply system was not...
CtrlPanel.gg 操作系统命令注入漏洞
CtrlPanel.gg is an open-source hosting service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg 1.1.1 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the Web installer performing the install.lock check...
CtrlPanel.gg 访问控制错误漏洞
CtrlPanel.gg is an open-source hosting service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg 1.1.1 and earlier contained a access control vulnerability. This vulnerability stemmed from multiple administrator controllers exposing unauthorized access to DataTable...
Joplin 安全漏洞
Joplin is an open-source note-taking and to-do application developed by Laurent Cozic. Joplin versions 3.6.14 and earlier contained a security vulnerability. This vulnerability stemmed from insufficient length validation in the title input function, allowing attackers to exploit it by inserting...
faraday 代码问题漏洞
Faraday is an open-source HTTP client library developed by LostIsland. There are code vulnerabilities in the Faraday version 2.0.0 to 2.14.1. These vulnerabilities stem from the fact that requests passed as URI objects still allow protocol-related host overrides, leading to request forgery attack...
KiTTY 缓冲区错误漏洞
KiTTY is a lightweight telnet and WindowsSSH client. Versions of Kitty 0.46.2 and earlier contained a buffer error vulnerability, which was caused by an unsigned 32-bit arithmetic integer overflow in handlecomposecommand. This overflow led to excessive reading or writing operations of the heap...
Sensorweb ScadaBR 信任管理问题漏洞
Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation for creating automated data acquisition and monitoring applications. Version ScadaBR 1.2.0 contains a vulnerability related to trust management. This vulnerability arises from the use of hard-coded credentials,...
Sensorweb ScadaBR 访问控制错误漏洞
Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation for creating automated data acquisition and monitoring applications. Version 1.2.0 of Sensorweb ScadaBR contains an access control vulnerability. This vulnerability stems from the lack of authentication for...
Sensorweb ScadaBR 跨站请求伪造漏洞
Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation for creating automated data acquisition and monitoring applications. Version 1.2.0 of Sensorweb ScadaBR contains a vulnerability related to cross-site request forgeing. This vulnerability arises when attackers...
Windmill 安全漏洞
Windmill is a low-code development platform open source by Windmill Labs, Inc. Versions of Windmill prior to 1.703.2 contained security vulnerabilities. These vulnerabilities stemmed from the binding and mounting of directories under /etc in the nsjail sandbox configuration file without any...
NanoMQ 代码问题漏洞
NanoMQ is an open-source IoT edge platform broker developed by EMQ in the United States. Versions of NanoMQ prior to 0.24.10 contained code vulnerabilities. These vulnerabilities stemmed from a flaw during the client’s MQTT session recovery when cleanstart=0: the ppeer callback function in the...
KiTTY 安全漏洞
KiTTY is a lightweight telnet and Windows SSH client. Kitty versions 0.46.2 and earlier have a security vulnerability caused by a heap buffer overflow in loadimagedata. This vulnerability allows processes that write to the terminal stdin to trigger a crash through the APC graphical protocol...
terrascan 安全漏洞
Trenescan is an open-source infrastructure code static security analysis tool developed by Tenable. Versions of Trenescan 1.18.3 and earlier contain security vulnerabilities. These vulnerabilities stem from server-side request forgeing vulnerabilities in the external URL parsing of uploaded IaC...
HestiaCP 安全漏洞
HestiaCP is an open-source control panel designed for modern networks, offering a lightweight yet powerful solution. Versions 1.2.0 to 1.9.4 of HestiaCP contain security vulnerabilities. These vulnerabilities stem from an IP spoofing vulnerability, allowing unauthorized remote attackers to bypass...
TYPO3 Extension Site Crawler 代码问题漏洞
TYPO3 Extension Site Crawler is an open-source extension for TYPO3 that handles site crawling and indexing tasks. There are code vulnerabilities in TYPO3 Extension Site Crawler; these vulnerabilities stem from the direct deserialization of the X-T3Crawler-Meta response header, which may lead to...
TYPO3 Extension Faceted Search 代码问题漏洞
TYPO3 Extension Faceted Search is an open-source extension for TYPO3 that enables faceted searching. TYPO3 Extension Faceted Search has code-related vulnerabilities. These vulnerabilities stem from the OOXML parsing in the file indexer, where external entity parsing is not disabled. This could...
EspoCRM 跨站脚本漏洞
EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. Versions of EspoCRM 9.3.3 and earlier contained a cross-site scripting vulnerability. This...
Apache OFBiz 代码注入漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had a code injection vulnerability, which originated from a code injection...
Apache OFBiz 代码问题漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained code vulnerabilities, which were caused by server-side request forgei...
ExifReader 安全漏洞
ExifReader is a image metadata extraction library developed by Mattias Wallander. Versions of ExifReader prior to 4.39.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size restrictions when decompressing PNG zTXt metadata, which could lead to the generation of...
MantisBT 安全漏洞
MantisBT is a set of web-based open-source defect tracking systems developed by the MantisBT team. This system provides project management and defect tracking services through web-based operations. Versions 2.28.0 and 2.28.1 of MantisBT contain security vulnerabilities. These vulnerabilities stem...
Mullvad VPN desktop and mobile app 安全漏洞
The Mullvad VPN desktop and mobile app is an open-source VPN client application developed by Mullvad VPN. Versions of the Mullvad VPN desktop and mobile app prior to 2026.1 contained a security vulnerability. This vulnerability stemmed from the installer’s failure to verify the validity of the...
Drupal Colorbox Inline 跨站脚本漏洞
Drupal Colorbox Inline is a Drupal pop-up display module developed by the Drupal company. Versions of Drupal Colorbox Inline prior to 2.1.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input validation during web page generation, which could lead to...
Drupal Obfuscate 跨站脚本漏洞
Drupal Obfuscate is a Drupal module from the Drupal community. Versions of Drupal Obfuscate prior to 2.0.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input validation during the web page generation process, which could lead to cross-site scripting...
Drupal core 安全漏洞
Drupal Core is a free, open-source content management system developed in PHP by the Drupal community. There are security vulnerabilities in Drupal Core, which stem from improper control of dynamic object attribute determination, potentially leading to object injection attacks. The following...
Drupal core 跨站脚本漏洞
Drupal Core is a free, open-source content management system developed in PHP by the Drupal community. Drupal Core has a cross-site scripting vulnerability, which stems from improper input during the web page generation process, potentially leading to cross-site scripting attacks. The following...
Mantis Bug Tracker 信息泄露漏洞
Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker 2.28.1 and earlier contained a vulnerability related to information leakage. This vulnerability stemmed from allowing users to list and download attachments that they had...
Mantis Bug Tracker 信息泄露漏洞
Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker 2.28.1 and earlier contained a vulnerability related to information leakage. This vulnerability occurred due to the use of a custom POST request through the private issue...
CtrlPanel-gg 安全漏洞
CtrlPanel-gg is an open-source, easy-to-use, and free billing solution developed by CtrlPanel-gg. Versions of CtrlPanel-gg 1.1.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the datatable method in the administrator role management interface, which directly insert...
Drupal Node View Permissions 代码问题漏洞
Drupal Node View Permissions is a Drupal content access control module developed by the Drupal company. There is a code vulnerability in Drupal Node View Permissions, which stems from improper checks for exceptional or special cases, potentially leading to forced browsing. The following versions...
Apache OFBiz 安全漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained security vulnerabilities, which were caused by the use of hard-coded...
Apache OFBiz 安全漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained security vulnerabilities, which were caused by improper handling of...
Discourse 安全漏洞
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1 contain security vulnerabilities. These...
Joplin 信息泄露漏洞
Joplin is an open-source note-taking and to-do application developed by Laurent Cozic. Joplin versions 3.5.2 and earlier contained a vulnerability that led to information leakage. This vulnerability originated from a logical error in the delta API, allowing recipients of shared notes to download...
Sensorweb ScadaBR 操作系统命令注入漏洞
Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation for creating automated data acquisition and monitoring applications. Version 1.2.0 of Sensorweb ScadaBR contains a vulnerability related to operating system command injection. This vulnerability arises from OS...
TYPO3 Extension News system SQL注入漏洞
TYPO3 Extension News system is an open-source extension for TYPO3 that allows for the publishing of news and content. The TYPO3 Extension News system has a SQL injection vulnerability, which stems from insufficient user input cleaning. This vulnerability could allow unauthenticated attackers to...
Apache OFBiz 代码注入漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a code injection vulnerability. This vulnerability stemmed from...
apscheduler 安全漏洞
apscheduler is a Python task scheduling and queueing system developed by Alex Grönholm. There are security vulnerabilities in the apscheduler 3.10.x version and 4.0.0a5 version. These vulnerabilities stem from the unmarshalobject function in JSONSerializer and CBORSerializer, which allows arbitra...
TYPO3 Extension Faceted Search 安全漏洞
TYPO3 Extension Faceted Search is an open-source extension for TYPO3 that enables faceted searching. There is a security vulnerability in TYPO3 Extension Faceted Search. This vulnerability stems from the additionaltables configuration in the page and ttcontent indexers, which allows arbitrary tab...
Apache Airflow 安全漏洞
Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 9.28.0, there were security...
Mozilla Firefox多款产品 访问控制错误漏洞
Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...
Mozilla多款产品 安全漏洞
Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...
GLPI 安全漏洞
GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases to manage various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...
OpenHarmony 安全漏洞
OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contain security vulnerabilities, and attackers can exploit these vulnerabilities to cause denial-of-service attacks...
Apache OFBiz 访问控制错误漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a security vulnerability related to access control, which stemmed fro...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a security vulnerability. This vulnerability stemmed from insufficient execution of Service Worker policies, which could allow remote attackers to bypass the same-origin policy...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. In versions prior to 148.0.7778.179, there was a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation, which could allow remote attackers to exploit the system by leaking cross-source data...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a security vulnerability. This vulnerability stemmed from insufficient execution of the ServiceWorker strategy, which could allow remote attackers to leak cross-source data through...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after QUIC release, which could allow remote attackers to execute arbitrary code within a...
billabear 安全漏洞
Billabear is an open-source self-hosted subscription management and billing system developed by Billabear. There is a security vulnerability in Billabear, which stems from the fact that the names of user-controlled metric filters and aggregation properties in the EventRepository are directly...