195539 matches found
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. In versions prior to 148.0.7778.179, there was a resource management vulnerability that stemmed from the reuse of XR objects after their release. This vulnerability could allow remote attackers to execute arbitrary code through a specially...
Apache OFBiz 代码问题漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained code vulnerabilities, specifically a server-side request forgeing...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.179 contained a security vulnerability caused by GFX type confusion, which could allow remote attackers to achieve sandbox escape through specially crafted video files...
Apache OFBiz 授权问题漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had vulnerabilities related to authorization issues, which stemmed from imprope...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a security vulnerability caused by a WebRTC heap buffer overflow. This vulnerability could allow remote attackers to execute arbitrary code within a sandbox through a specially...
Microsoft Azure Portal Windows Admin Center 后置链接漏洞
Microsoft Azure Portal Windows Admin Center is a Windows server and hybrid cloud management platform integrated with the Azure Portal by Microsoft Corporation. There is a postback link vulnerability in Microsoft Azure Portal Windows Admin Center, which stems from improper link resolution before...
Mozilla Firefox和Mozilla Firefox Focus for Android 安全漏洞
Mozilla Firefox and Mozilla Firefox Focus for Android are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox Focus for Android is a privacy-oriented browser designed specifically for Android devices. There were security vulnerabilities in...
Nozomi Networks Guardian和Nozomi Networks CMC 跨站脚本漏洞
Nozomi Networks Guardian and Nozomi Networks CMC are both products of the American company Nozomi Networks. Nozomi Networks Guardian is an IoT device and software inspection system. Nozomi Networks CMC is an application software that provides centralized OT and IoT security management. Both Nozom...
Mozilla Firefox 信息泄露漏洞
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 151.0 contained a vulnerability related to information leakage. This vulnerability stemmed from Reader mode being hosted on unauthenticated local web server...
WordPress plugin Piotnet Addons for Elementor Pro 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a buffer overflow vulnerability, which was caused by GPU out-of-bound reads. This vulnerability could allow remote attackers to execute out-of-bound memory reads through specially...
TYPO3 Extension Address List SQL注入漏洞
TYPO3 Extension Address List is an open-source extension for TYPO3, designed for address book and contact management purposes. TYPO3 Extension Address List has a SQL injection vulnerability; this vulnerability stems from the getSqlQuery method not properly cleaning user input, which may lead to S...
Mozilla多款产品 安全漏洞
Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...
Discourse 信息泄露漏洞
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1 contain information leakage vulnerabilitie...
Microsoft Windows BitLocker 命令注入漏洞
Microsoft Windows BitLocker is a security feature provided by Microsoft that ensures the recovery key is backed up and secure before it is activated. Microsoft Windows BitLocker has a command injection vulnerability, which stems from a flaw in the security function’s implementation. The following...
WordPress plugin Piotnet Forms 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability that stems from remote, unauthenticated attackers being able to send specially crafted XML inputs to SAML endpoints. This vulnerability can lead to high CPU usage and wo...
Mozilla Firefox和Mozilla Thunderbird 安全漏洞
Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...
Eclipse Glassfish 安全漏洞
Eclipse Glassfish is an application server developed by the Eclipse Foundation. Eclipse Glassfish has a security vulnerability, which stems from improper handling of expressions in the server-side template rendering mechanism. This vulnerability allows remote attackers to completely destroy the...
Scalar 安全漏洞
Scalar is an interactive API documentation and testing tool developed by Scalar OpenSource. Version 0.1.13 of Scalar contains a security vulnerability. This vulnerability stems from an arbitrary file upload vulnerability in the scalarurl query parameter of the Scalar Proxy endpoint, which could...
Mozilla Firefox多款产品 输入验证错误漏洞
Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...
terrascan 代码问题漏洞
Trenescan is an open-source infrastructure code static security analysis tool developed by Tenable. Versions of Trenescan 1.18.3 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the webhookurl parameter of the file...
Ledger Live 代码问题漏洞
Ledger Live is an encrypted asset management application developed by the French company Ledger. Versions of Ledger Live prior to 6.34.7 contained a code vulnerability caused by integer parsing issues. This vulnerability allowed attackers to manipulate EIP-712 type data messages by exploiting...
OpenHarmony 安全漏洞
OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contain security vulnerabilities, and attackers can exploit these vulnerabilities to cause information leaks...
Mozilla Firefox和Mozilla Thunderbird 安全漏洞
Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...
OpenHarmony 安全漏洞
OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contain security vulnerabilities, and attackers can exploit these vulnerabilities to cause information leaks...
Mozilla Firefox和Mozilla Thunderbird 安全漏洞
Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that was separated from the Mozilla Application Suite. This software supports IMAP and POP email protocols, ...
Template 跨站脚本漏洞
Template is a quick and simple string templating tool developed by Blake Embrey. Versions of Template 3.102 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the htmlfilter function not escaping single quotes, which could lead to HTML and JavaScript injection...
Discourse 安全漏洞
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email, and chat rooms. Versions of Discourse before 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1 contain security vulnerabilities. These vulnerabilities st...
zenshin 安全漏洞
Zenshin is an animation list management and media streaming tool developed by Hitarth. Versions of Zenshin prior to 2.7.0 contained security vulnerabilities. These vulnerabilities stemmed from OS command injection in the /stream-to-vlc Express route, which could allow remote attackers to execute...
Rocket.Chat 访问控制错误漏洞
Rocket.Chat is a chat software developed by the Rocket.Chat company. Vulnerabilities in access control existed in versions prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12. These vulnerabilities stemmed from the lack of room access checks for the...
Apache Camel 安全漏洞
Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern and allows routing and mediation rules to be configured...
WordPress plugin Presto Player 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
terrascan 安全漏洞
Trenescan is an open-source infrastructure code static security analysis tool developed by Tenable. Versions of Trenescan 1.18.3 and earlier contain security vulnerabilities. These vulnerabilities stem from a server-side request forgeing vulnerability in the remote directory scanning endpoint’s...
Broadcom Automic Automation Agent 安全漏洞
Broadcom Automic Automation Agent is a proxy program developed by Broadcom Corporation in the United States. It serves as an automation agent for enterprise-level tasks, supporting cross-platform job scheduling, process orchestration, and IT operations automation. It is suitable for automated...
Apache Airflow 安全漏洞
Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow, whic...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from a session fixation issue in the login endpoint. This vulnerability could allow unauthenticated attackers to intercept the authentication process,...
Nozomi Networks CMC和Nozomi Networks Guardian 跨站脚本漏洞
Nozomi Networks CMC and Nozomi Networks Guardian are both products of Nozomi Networks, a company based in the United States. Nozomi Networks CMC is a network management platform. Nozomi Networks Guardian is a security software. Both Nozomi Networks CMC and Nozomi Networks Guardian have cross-site...
Qt 代码问题漏洞
Qt is an open-source, cross-platform application development framework. Qt has code vulnerabilities, which stem from an issue with uncontrolled search path elements in the backend of OpenSSL TLS. This vulnerability allows local attackers to load malicious CA certificates as trusted system...
Offline Hospital Management System 安全漏洞
Offline Hospital Management System is a hospital information management system developed by silverplugins21. Version 5.3.0 of Offline Hospital Management System has a security vulnerability. This vulnerability stems from improper configuration of the Electron renderer. By enabling Node.js...
PrestaShop UPS Shipping 信息泄露漏洞
PrestaShop UPS Shipping is an e-commerce logistics delivery module provided by the French company PrestaShop. There is a vulnerability in PrestaShop UPS Shipping, which stems from issues with the components /upsshipping/logs/ and components/upsshipping/lib/UPSBaseApi.php. This vulnerability may...
HSC MailInspector 跨站脚本漏洞
HSC MailInspector is a mail security analysis and filtering system developed by the Brazilian company HSC. Version 5.3.3-7 of HSC MailInspector contains a cross-site scripting vulnerability. This vulnerability arises from the use of alternative or obfuscated JavaScript syntax in user inputs withi...
Amazon Redshift Python Connector 代码注入漏洞
The Amazon Redshift Python Connector is a Python-compatible connector for Amazon Redshift developed by Amazon, Inc. Versions of the Amazon Redshift Python Connector prior to version 2.1.14 contained a code injection vulnerability. This vulnerability stemmed from the unsafe use of the Python eval...
GnuTLS 安全漏洞
GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. There is a security vulnerability in gnutls, which stems from a logic issue with the reordering of Datagram Transport Layer Security packets. This...
MLflow 安全漏洞
MLflow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of mlflow prior to 3.11.0 contained a security vulnerability. This vulnerability stemmed...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...
WordPress多款产品 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin WP Maps 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Edimax BR-6428nS 注入漏洞
The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. The Edimax BR-6428NS v41.10 version has a vulnerability known as “injection flaw.” This flaw arises from the function formStaDrvSetup in the POST Request Handler component, which processes the parameter stadrvssid. This...
M-Files Server 安全漏洞
The M-Files Server is a server belonging to the M-Files company’s M-Files system. Versions of the M-Files Server prior to 26.5.16015.0, 26.2 LTS, and 25.8 LTS SR3 contained security vulnerabilities. These vulnerabilities resulted in a denial-of-service condition, which could potentially cause the...