195539 matches found
Apple Private Cloud Compute Server Software 输入验证错误漏洞
Apple Private Cloud Compute Server Software is a privacy-protective cloud-based AI computing platform software developed by Apple Inc. Versions prior to Apple Private Cloud Compute Server Software Release 5E290.3 contained a vulnerability related to input validation errors. This vulnerability...
Edimax BR-6428nS 缓冲区错误漏洞
The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. The Edimax BR-6428NS v41.10 version has a buffer overflow vulnerability. This vulnerability stems from the function formPPTPSetup in the POST Request Handler component, which handles the parameter pptpUserName and results i...
litemall 注入漏洞
Litemall is a small shopping system developed by Linlinjava’s developers. Versions of Litemall 1.8.0 and earlier had a injection vulnerability. This vulnerability originated from a function in the Front-end WeChat API, specifically the list function in the...
tinyMQTT 资源管理错误漏洞
tinyMQTT is a pre-sorted tree traversal algorithm library developed by 0x7C9A. There is a resource management vulnerability in tinyMQTT; this vulnerability stems from improper protocol handling during the parsing of CONNECT packets, which may lead to exhaustion of server resources. The following...
WordPress plugin Feeds for YouTube 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
litemall 注入漏洞
Litemall is a small shopping system developed by Linlinjava’s individual developers. Versions of Litemall 1.8.0 and earlier had a injection vulnerability. This vulnerability stemmed from the function backup/load in the Database Setting Handler component’s file...
WordPress plugin WP Photo Album Plus SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
Summarize 安全漏洞
Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from a path traversal issue in the /v1/summarize daemon’s endpoints. This issue could allow authenticated users t...
ngrok 命令注入漏洞
Ngrok is a security internal network penetration and application access platform developed by the US company Ngrok. Versions 4.3.3 and 5.0.0-beta.2 of Ngrok contain command injection vulnerabilities, which are vulnerable to command injection attacks...
Mattermost Plugins 安全漏洞
Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions 11.5, 11.1.5, 10.13.11, and 11.3.4.0 of Mattermost Plugins have security vulnerabilities. These...
AutoGPT 安全漏洞
AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. Versions 0.6.36 to 0.6.50 of AutoGPT contain security vulnerabilities. These vulnerabilities stem from the lack of verification of session ownership at the PATCH...
FacturaScripts 跨站脚本漏洞
FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2025.7 contained a cross-site scripting vulnerability. This vulnerability occurred due to the fsNick cookie parameter value being reflected directly into HTML, which...
Dokploy 操作系统命令注入漏洞
Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.26.6 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from insufficient cleanup of the appName parameter input, lack of pattern validation, and dire...
webdriverio 操作系统命令注入漏洞
WebdriverIO is an open-source automation testing framework for browsers and mobile devices developed by WebdriverIO. Versions of WebdriverIO prior to 9.24.0 had a vulnerability related to operating system command injection. This vulnerability stemmed from the getGitMetadataForAISelection function...
Claude HUD 路径遍历漏洞
Claude HUD is a Claude Code plugin developed by Jarrod Watts, which displays context usage, tool states, and progress. Versions of Claude HUD prior to 0.0.12 contained a path traversal vulnerability. This vulnerability stemmed from path traversal issues, allowing attackers to read arbitrary files...
Summarize 安全漏洞
Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from insecure file permissions in the configuration rewritepath without refreshing, allowing local users to acces...
SimpleSAMLphp-casserver 输入验证错误漏洞
SimpleSAMLphp-casserver is an open-source CAS protocol-compatible single-signpoint login server module developed by SimpleSAMLphp. Versions prior to 6.3.1 and 7.0.0 of SimpleSAMLphp-casserver contained a vulnerability related to input validation errors. This vulnerability occurred because the...
DumbAssets 路径遍历漏洞
DumbAssets is a physical asset tracking and management tool developed by DumbWare. Versions of DumbAssets 1.0.11 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the POST /api/delete-file endpoint and the path traversal issues in the filesToDelete array...
NetBSD 输入验证错误漏洞
NetBSD is an open-source Unix-like operating system developed by the NetBSD Foundation. Prior to version ec8451, there was a vulnerability related to input validation. This vulnerability stemmed from the fact that the local variable iovlen was declared as a signed integer in the cryptodevop...
dify 安全漏洞
Dify is an open-source LLM application development platform created by LangGenius. Versions of Dify prior to 1.14.1 contained security vulnerabilities. These vulnerabilities were due to an authorization bypass issue, which allowed authenticated users to modify user settings and enable tracking...
sglang 代码问题漏洞
SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has code vulnerabilities; one of these vulnerabilities stems from the fact that the ROUTER socket, which handles multi-modal generation during runtime scheduling, is...
Mattermost 信息泄露漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have a vulnerability related to information leakage. This...
Mattermost 信息泄露漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have a vulnerability related to information leakage. This...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...
Mattermost 代码问题漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series as well as 10.11.13 and earlier 10.11.x series have code vulnerabilities. These vulnerabilities stem from the lack of validation of the...
Mattermost Desktop App 安全漏洞
The Mattermost Desktop App is a desktop application for message communication developed by the American company Mattermost. Versions 6.1, 6.0.1, and 5.4.13.0 of the Mattermost Desktop App have security vulnerabilities. These vulnerabilities stem from a failure to prevent invalid URLs from being...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series as well as 10.11.13 and earlier 10.11.x series have security vulnerabilities. These vulnerabilities stem from the lack of mandatory...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series as well as 10.11.13 and earlier 10.11.x series have security vulnerabilities. These vulnerabilities stem from the lack of verification...
Tencent WeKnora 授权问题漏洞
Tencent WeKnora is an enterprise-level LLM knowledge base and RAG platform developed by Tencent, a Chinese technology company. Versions of Tencent WeKnora prior to 0.3.6 contained an authorization vulnerability. This vulnerability stemmed from the function getKnowledgeBaseForInitialization in the...
Continue 路径遍历漏洞
“Continue” is an open-source AI code review tool that can enforce checks during CI processes. Versions of “continue” prior to 1.2.22 contain a path traversal vulnerability. This vulnerability stems from the function “lsTool” in the component’s JSON-RPC Server, where the function “lsTool” processe...
SOGo SQL注入漏洞
SOGo is a highly fast and scalable modern collaboration suite open source by Alinto. It offers calendar management, address book management, a fully functional webmail client, as well as features for resource sharing and permission handling. Version 5.12.7 of SOGo contains a SQL injection...
Claude HUD 安全漏洞
Claude HUD is a Claude Code plugin developed by Jarrod Watts, which displays context usage, tool states, and progress. Versions of Claude HUD prior to 0.0.12 contained security vulnerabilities. These vulnerabilities stemmed from the use of raw cwd and branchUrl values to construct OSC 8 terminal...
NetBSD 竞争条件问题漏洞
NetBSD is an open-source Unix-like operating system developed by the NetBSD Foundation. Prior to version ec8451, there was a race condition vulnerability in NetBSD. This vulnerability stemmed from a race condition in the cryptodevop function within the opencrypto subsystem, which could lead to...
dify 安全漏洞
dify is an open-source LLM application development platform by LangGenius. Versions of dify prior to 1.14.1 have security vulnerabilities. These vulnerabilities stem from path traversal issues, which may allow authenticated users to manipulate requests redirected to the plugin daemon’s internal...
sglang 代码问题漏洞
SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has code vulnerabilities; these vulnerabilities arise when the --enable-custom-logit-processor option is enabled, resulting in unvalidated deserialization of Python...
Mattermost Desktop App 代码问题漏洞
The Mattermost Desktop App is a desktop application for message communication developed by the American company Mattermost. Versions 6.1, 6.0.1, and 5.4.13.0 of the Mattermost Desktop App have code vulnerabilities. These vulnerabilities stem from a failure to prevent servers from rendering conten...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series as well as 10.11.13 and earlier 10.11.x series have security vulnerabilities. These vulnerabilities stem from the lack of checks during...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...
cramfs-tools 后置链接漏洞
cramfs-tools is a compression read-only file system tool developed by Nicolas Pitre. Versions of cramfs-tools prior to 2.2 had a post-installation link vulnerability. This vulnerability stemmed from the operation of the changefilestatus function in the cramfsck.c file, which allowed symbolic link...
amf 缓冲区错误漏洞
AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain a buffer error vulnerability. This vulnerability stems from unknown functions in the ngap/dispatcher.go file within the NGAP Message Handler component, which can lea...
amf 缓冲区错误漏洞
AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain a buffer error vulnerability. This vulnerability arises from the operation of the NGSetupRequest function in the ngap/handler.go file, which leads to memory corrupti...
Summarize 安全漏洞
Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from an issue with authorization deficiencies, which could allow attackers to execute browser automation operatio...
Edimax BR-6228NC 注入漏洞
The Edimax BR-6228NC is a wireless broadband router produced by Edimax Corporation. Version 1.22 of the Edimax BR-6228NC has a vulnerability known as “injection flaw.” This flaw arises from the function mp in the POST Request Handler component, which processes the command parameter. The improper...
Open Source Point of Sale 加密问题漏洞
Open Source Point of Sale is an open-source sales point system based on the Open Source Point of Sale framework. Versions of Open Source Point of Sale 3.4.2 and earlier had encryption-related vulnerabilities. These vulnerabilities stemmed from a function in the Employee Login component called...
litemall 注入漏洞
Litemall is a small shopping system developed by Linlinjava’s developers. Versions of Litemall 1.8.0 and earlier had a injection vulnerability, which originated from an unknown function in the Admin Endpoint component. This vulnerability could lead to SQL injection attacks. The attacks can be...
FacturaScripts 信息泄露漏洞
FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to version 2026 contained a vulnerability related to information leakage. This vulnerability stemmed from the Library module not clearing the EXIF/XMP/IPTC metadata...
amf 安全漏洞
AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain security vulnerabilities. These vulnerabilities stem from unknown functions in the NGAP Message Handler component, specifically in the file ngap/handler.go, which...
Microsoft Azure Resource Manager和Microsoft Azure Local 授权问题漏洞
Microsoft Azure Resource Manager and Microsoft Azure Local are both products of Microsoft Corporation in the United States. Microsoft Azure Resource Manager is a service for deploying and managing resources. Microsoft Azure Local is a hybrid cloud infrastructure platform. There are authorization...