195539 matches found
TYPO3 CMS 代码问题漏洞
TYPO3 CMS is a content management system developed under the TYPO3 open source framework. Code vulnerabilities existed in versions prior to TYPO3 CMS 10.4.57, as well as in versions 11.0.0 to 11.5.51, 12.0.0 to 12.4.46, 13.0.0 to 13.4.31, and 14.0.0 to 14.3.3. These vulnerabilities stemmed from...
Microsoft Windows UI Automation Manager (uiamanager.dll) 竞争条件问题漏洞
Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a vulnerability related to the Microsoft Windows UI Automation Manager uiamanager.dll. Attackers can exploit this vulnerability to gain higher privileges. The following products and...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by the American company Microsoft. Microsoft Office SharePoint has a cross-site scripting vulnerability, which stems from improper input during the web page generation process. This...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by the American company Microsoft. Microsoft Office SharePoint has a cross-site scripting vulnerability, which stems from improper input during the web page generation process. This...
NETGEAR Routers 代码注入漏洞
NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a code injection vulnerability, which stems from insufficient input validation in the rbe970 model. This vulnerability could allow administrators who are connected to the local networ...
Microsoft Windows Storage 权限许可和访问控制问题漏洞
Microsoft Windows Storage is a data storage solution provided by the American company Microsoft. There are code-related vulnerabilities in Microsoft Windows Storage. Attackers can exploit these vulnerabilities to gain elevated privileges. The following products and versions are affected: Windows ...
Tenda PW201A 安全漏洞
The Tenda PW201A is a power line network adapter produced by the Chinese company Tenda. Version 1.0.5 of the Tenda PW201A contains a security vulnerability. This vulnerability stems from a buffer overflow in the page parameter of the SafeMacFilter function, which could allow attackers to cause...
Adobe Campaign Classic 安全漏洞
Adobe Campaign Classic is a enterprise-level marketing automation and campaign management platform developed by Adobe Inc. Adobe Campaign Classic 7.4.3 build 9394 and earlier versions have a security vulnerability that stems from improper authorization, which may allow for the execution of...
Microsoft Azure Attestation service and Device Health Attestation Service 输入验证错误漏洞
Microsoft Azure is an open enterprise-level cloud computing platform provided by Microsoft Corporation in the United States. The Microsoft Azure Attestation service and Device Health Attestation Service have vulnerabilities related to input validation. Attackers can exploit these vulnerabilities ...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
openssl 异常处理不当漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team, capable of implementing Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure hash...
Microsoft Windows NTFS 缓冲区错误漏洞
Microsoft Windows NTFS is a file system provided by the American company Microsoft for managing computer files. This file system features error alerts, disk self-repair functions, and logging capabilities. There is an input validation vulnerability in Microsoft Windows NTFS. Attackers can exploit...
Adobe Acrobat Reader 资源管理错误漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability. This...
Dell Inventory Collector Client 安全漏洞
Dell Inventory Collector Client is a terminal asset inventory tool developed by the American company Dell. Versions of Dell Inventory Collector Client prior to version 13.8.0 contained security vulnerabilities. These vulnerabilities were caused by improper link resolution before file access, whic...
Microsoft HTTP.sys 资源管理错误漏洞
Microsoft HTTP.SYS is an HTTP application protocol developed by Microsoft Corporation. There is a resource management vulnerability in Microsoft HTTP.SYS. Attackers can exploit this vulnerability to cause a denial-of-service attack on the system. The following products and versions are affected:...
Pure Storage FlashArray Purity 安全漏洞
Pure Storage FlashArray Purity is a driver from the American company Pure Storage. It provides comprehensive data services. There is a security vulnerability in Pure Storage FlashArray Purity, which stems from improper permission allocation in the management interface. This vulnerability may allo...
SQLite 安全漏洞
SQLite is a lightweight database developed under the open-source SQLite project. It is an ACID-compliant relational database management system. There was a security vulnerability in versions of SQLite prior to 3.53.2. This vulnerability stemmed from a heap buffer overflow issue in the FTS5...
WordPress plugin FastPicker 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Microsoft Remote Desktop Client 安全漏洞
Microsoft Remote Desktop Client is a remote desktop client developed by Microsoft Corporation. There are security vulnerabilities present in Microsoft Remote Desktop Client. Attackers can exploit these vulnerabilities to execute code. The following products and versions are affected: Windows 10...
Waves Central 安全漏洞
Waves Central is an audio software license and product management tool provided by the Waves company. There are security vulnerabilities in the version of Waves Central for macOS from 13.0.9 to 16.5.5. These vulnerabilities stem from the Privilege Assistant service using process identifiers to...
WordPress plugin Insert PHP 代码注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from the...
Microsoft Exchange Server 服务端请求伪造漏洞
Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There are code vulnerabilities in Microsoft Exchange Server. Attackers can exploit these...
Ivanti EPMM 操作系统命令注入漏洞
Ivanti EPMM is a product developed by the American company Ivanti. It enables IT departments to create policies for mobile devices, applications, and content. Versions of Ivanti EPMM prior to 12.9.0.1, 12.8.0.3, and 12.7.0.2 contained a vulnerability related to operating system command injection...
Microsoft Azure Stack Edge 输入验证错误漏洞
Microsoft Azure Stack Edge is a Azure-hosted device by Microsoft that integrates Azure computing, storage, and intelligent features at the edge. There are security vulnerabilities present in Microsoft Azure Stack Edge. Attackers can exploit these vulnerabilities to execute code remotely...
Microsoft Office Word 缓冲区错误漏洞
Microsoft Office Word is a word processing software developed by Microsoft and open sourced in the United States. There is a buffer error vulnerability in Microsoft Office Word. Attackers can exploit this vulnerability to execute code remotely. The following products and versions are affected:...
Microsoft Hyper-V 信息泄露漏洞
Microsoft Hyper-V is an application developed by Microsoft Corporation in the United States. It is a system management program that enables desktop virtualization. Microsoft Hyper-V has a vulnerability related to information leakage. Attackers can exploit this vulnerability to obtain sensitive...
Apache Answer 代码问题漏洞
Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier had code vulnerabilities. These vulnerabilities stemmed from insufficient restrictions on the upload of dangerous types of files. Custom TIFF images might trigger...
Microsoft Windows Mark of the Web (MOTW) 处理逻辑错误漏洞
Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There are security vulnerabilities in Microsoft Windows Mark of the Web MOTW. Attackers can exploit these vulnerabilities to bypass certain features. The following products and versions are...
Microsoft Windows Application Identity (AppID) Subsystem 日志信息泄露漏洞
Microsoft Windows is an operating system used by personal devices by the American company Microsoft. Microsoft Windows has information leakage vulnerabilities. Attackers can exploit these vulnerabilities to obtain sensitive information. The following products and versions are affected: Windows...
Apptha Mac Photo Gallery 路径遍历漏洞
Apptha Mac Photo Gallery is a PHP-based website image display system developed by Apptha Corporation. Version 3.0 of Apptha Mac Photo Gallery has a path traversal vulnerability. This vulnerability stems from improper handling of the albid parameter, allowing unauthenticated attackers to download...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the uninitialized spitransfer structure in the mprls0025pa pressure sensor driver. This could lea...
Adobe Acrobat Reader 资源管理错误漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability that ste...
Netcad E-İmar SQL注入漏洞
Netcad E-İmar is a GIS-based urban planning information query platform developed by the Turkish company Netcad. Versions of Netcad E-İmar from 2.10.1.0 to 3.0.2 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of special elements within SQL commands, whic...
Spring Framework 环境问题漏洞
The Spring Framework is an application development framework developed by Spring in open source. Versions of the Spring Framework such as 7.0.0 and earlier, 6.2.0 and earlier, 6.1.0 and earlier, and 5.3.0 and earlier have environmental vulnerabilities. These vulnerabilities stem from the fact tha...
Svelte 跨站脚本漏洞
Svelte is an open-source approach to building web applications. Versions of Svelte prior to 5.55.7 contained a cross-site scripting vulnerability. This vulnerability stemmed from DOM pollution of internal framework states, which could lead to cross-site scripting attacks...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Tenda W20E 安全漏洞
The Tenda W20E is a router produced by the Chinese company Tenda. The version 15.11.0.6 of the Tenda W20E contains a security vulnerability. This vulnerability stems from a buffer overflow in the wewifiWhiteUserInfo parameter within the formAddWewifiWhiteUser function. It may allow attackers to...
WordPress plugin Car Park Booking Plugin 13 October SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
VMware Spring Framework 安全漏洞
VMware Spring Framework is an open-source Java and JavaEE application framework developed by VMware, Inc. This framework helps developers build high-quality applications. Versions of the VMware Spring Framework prior to 7.0.0, 6.2.0, 6.1.0, and 5.3.0 contain security vulnerabilities. These...
Microsoft Windows UEFI 处理逻辑错误漏洞
Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There are security vulnerabilities in Microsoft Windows UEFI. Attackers can exploit these vulnerabilities to bypass certain features. The following products and versions are affected: Windows 11...
Siemens SIMATIC WinCC Unified PC Runtime 安全漏洞
Siemens SIMATIC WinCC Unified PC Runtime is an industrial automation and SCADA system interface and monitoring platform developed by Siemens, a German company. Versions of Siemens SIMATIC WinCC Unified PC Runtime such as V16, V17, V18, V19, V20, and V21 Update 2 contain security vulnerabilities...
WordPress plugin Events Calendar for GeoDirectory 安全漏洞
WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. There is a security vulnerability in the Events Calendar...
Microsoft Windows Push Notifications 信息泄露漏洞
Microsoft Windows Push Notifications is a push notification service provided by Microsoft Corporation. It provides a reliable way to deliver new updates. However, Microsoft Windows Push Notifications has information leakage vulnerabilities. The following products and versions are affected: Window...
Microsoft Exchange Server 服务端请求伪造漏洞
Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There are code vulnerabilities in Microsoft Exchange Server. Attackers can exploit these...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
WordPress plugin User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Logseq 安全漏洞
Logseq is an open-source knowledge management and collaboration platform developed by Logseq. Version Logseq v0.10.15 contains a security vulnerability. This vulnerability stems from the Electron preloaded scripts, which expose an API method. This allows the rendering process to call IPC handlers...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is a distributed operating system designed for various scenarios, primarily providing seamless collaboration across devices. The IPC module of Huawei HarmonyOS has a out-of-bounds write vulnerability. This vulnerability arises from improper handling of certain input data. Attacke...
FreeSWITCH 输入验证错误漏洞
FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and short message-based products and applications. Prior to FreeSWITCH version 1.11.1, there was a...