195539 matches found
Microsoft Azure Resource Manager和Microsoft Azure Local 授权问题漏洞
Microsoft Azure Resource Manager and Microsoft Azure Local are both products of Microsoft Corporation in the United States. Microsoft Azure Resource Manager is a service for deploying and managing resources. Microsoft Azure Local is a hybrid cloud infrastructure platform. There are authorization...
NOVUS Automation AirGate 4G firmware 安全漏洞
NOVUS Automation AirGate 4G firmware is an industrial IoT gateway firmware system developed by NOVUS Automation in Brazil. Version 1.1.16 of NOVUS Automation AirGate 4G firmware contains a security vulnerability. This vulnerability stems from improper endpoint access control in the /uci/get/...
HCL Connections 安全漏洞
HCL Connections is a corporate collaboration platform developed by the Indian company HCL. There is a security vulnerability in HCL Connections, which stems from ineffective access control. This vulnerability may allow unauthorized users to update data in certain scenarios...
iCMS 安全漏洞
iCMS is a software application. It is a highly efficient and concise content management system built using PHP and MySQL. iCMS has security vulnerabilities, which stem from authorization bypasses. This could allow attackers to gain unauthorized access by manipulating HTTP redirect headers during...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...
HSC MailInspector 跨站脚本漏洞
HSC MailInspector is a mail security analysis and filtering system developed by the Brazilian company HSC. Version 5.3.3-7 of HSC MailInspector contains a cross-site scripting vulnerability. This vulnerability arises from the use of alternative or obfuscated JavaScript syntax in user-controlled...
FacturaScripts 输入验证错误漏洞
FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2026 contained a vulnerability related to input validation errors. This vulnerability stemmed from the Plugins::add function not properly verifying the file paths in...
Mattermost Plugins 安全漏洞
Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions 11.5, 11.1.5, 10.13.11, and 11.3.4.0 of Mattermost Plugins contain security vulnerabilities. These...
OpENer 缓冲区错误漏洞
OpENer is an open-source industrial Ethernet protocol stack developed by the EIP Stack Group, supporting connections for I/O devices. Version OpENer v2.3-558-g1e99582 contains a buffer error vulnerability. This vulnerability stems from an out-of-bounds read in the CreateCommonPacketFormatStructur...
Thermo Fisher Scientific Torrent Suite Dx 安全漏洞
Thermo Fisher Scientific Torrent Suite Dx is a clinical gene sequencing data analysis platform provided by Thermo Fisher Scientific. Versions of Thermo Fisher Scientific Torrent Suite Dx prior to 5.14.2 contained security vulnerabilities. These vulnerabilities were due to issues with privilege...
Open Source Point of Sale 路径遍历漏洞
Open Source Point of Sale is an open-source sales point system based on the Open Source Point of Sale framework. Versions of Open Source Point of Sale 3.4.2 and earlier have a path traversal vulnerability. This vulnerability arises from the operation of the getPicThumb function in the...
DumbAssets 跨站脚本漏洞
DumbAssets is a physical asset tracking and management tool developed by DumbWare. Versions of DumbAssets 1.0.11 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting issue in asset fields. It allowed attackers to create o...
FreePBX 代码问题漏洞
FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI graphical web-based interface. Versions of FreePBX prior to 16.0.71 and 17.0.6 contained code vulnerabilities. These vulnerabilities stemmed from the backup module failing ...
Mattermost Plugins 安全漏洞
Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions 11.5, 11.1.5, 10.13.11, and 11.3.4.0 of Mattermost Plugins contain security vulnerabilities. These...
Perforce P4 代码注入漏洞
Perforce P4 is an enterprise-level version control and code management platform provided by Perforce Corporation. Versions of Perforce P4 prior to 2025.2 Patch 2 contained a code injection vulnerability, which stemmed from issues with the command-line client and could potentially pose security...
Intelbras VIP-1230-D-G4 安全漏洞
The Intelbras VIP-1230-D-G4 is an industrial-grade IP camera from the Brazilian company Intelbras, which supports PoE power supply. The Intelbras VIP-1230-D-G4 V2.800.00IB00C.0.T version has a security vulnerability. This vulnerability stems from the password reset function under /OutsideCmd, and...
Edimax BR-6428nS 缓冲区错误漏洞
The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. The Edimax BR-6428NS v41.10 version has a buffer overflow vulnerability. This vulnerability stems from the function formL2TPSetup in the POST Request Handler component, which handles the parameter L2TPUserName and leads to ...
Dell Live Optics 信任管理问题漏洞
Dell Live Optics is an IT infrastructure analysis and capacity assessment platform developed by the American company Dell. Dell Live Optics has a trust management vulnerability, which stems from improper certificate verification. This vulnerability could allow remote unauthenticated attackers to...
HSC MailInspector 安全漏洞
HSC MailInspector is a mail security analysis and filtering system developed by the Brazilian company HSC. Version 5.3.3-7 of HSC MailInspector contains a security vulnerability. This vulnerability arises from the text parameter used in the endpoint/tap/dw.php script to construct file paths, whic...
Projectworlds Hospital Management System 注入漏洞
Projectworlds Hospital Management System is a hospital management system developed by the Austrian company Projectworlds. Version 1.0 of the Projectworlds Hospital Management System has a SQL injection vulnerability. This vulnerability arises from the function getAllPatientDetail in the GET...
Basamak DernekWeb 跨站脚本漏洞
Basamak DernekWeb is an association and membership management system developed by the Turkish company Basamak. Versions of Basamak DernekWeb prior to 30122025 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during the web page generation process, whi...
BigBlueButton 跨站脚本漏洞
BigBlueButton is an open-source web conferencing system developed by the BigBlueButton community. Versions of BigBlueButton prior to 3.0.19 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to clean up user input in public chat areas during recording and...
Joplin 安全漏洞
Joplin is an open-source note-taking and to-do application developed by Laurent Cozic. Versions of Joplin prior to 3.5.7 contained a security vulnerability. This vulnerability stemmed from path traversal vulnerabilities in the importer; the OneNote converter did not clean up embedded file names...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost 11.5.1 and earlier, including 11.5.x, have security vulnerabilities. These vulnerabilities stem from the lack of verification of channel members when processing AI-assisted...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.5.1 and earlier of the 11.5.x series, as well as versions 10.11.13 and earlier of the 10.11.x series, and 11.4.3 and earlier of the 11.4.x series. Thes...
lwip 缓冲区错误漏洞
lwIP is an open-source implementation of the TCP/IP protocol stack developed by lwIP Developers. Versions of lwIP 2.2.1 and earlier contained a buffer error vulnerability. This vulnerability originated from the function snmpparseinboundframe in the SNMPv3 USM Handler component. The operation of t...
Summarize 代码问题漏洞
Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 have code vulnerabilities. These vulnerabilities stem from issues with the hover summary feature, which may allow malicious pages to assign synthetic mouse hover events on...
HSC MailInspector 安全漏洞
HSC MailInspector is a mail security analysis and filtering system developed by the Brazilian company HSC. Version 5.3.3-7 of HSC MailInspector contains security vulnerabilities. These vulnerabilities stem from improper control of file paths provided to users. When the...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There were security vulnerabilities in MongoDB Server versions prior to 7.0...
WordPress plugin Ajax Load More 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Claude HUD 代码问题漏洞
Claude HUD is a Claude Code plugin developed by Jarrod Watts, which displays context usage, tool states, and progress. Versions of Claude HUD prior to 0.0.12 contained code vulnerabilities. These vulnerabilities stemmed from command injection issues, allowing local attackers to execute arbitrary...
Net::Statsd::Lite 注入漏洞
Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.10.0 have a vulnerability due to the setadd method not checking for line breaks, colons, or pipes, which may lead to metric...
amf 安全漏洞
AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the RANConfiguration function in the file ngap/handler.go, which allows null pointer...
MLflow 安全漏洞
MLflow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of mlflow prior to 3.11.0 contained a security vulnerability. This vulnerability stemmed...
amf 安全漏洞
AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the function UERadioCapabilityCheckResponse in the file ngap/dispatcher.go, which leads to...
Summarize 安全漏洞
Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from an authorization flaw in the content script’s window.postMessage bridging mechanism, which could allow...
Offline Hospital Management System 安全漏洞
Offline Hospital Management System is a hospital information management system developed by silverplugins21. Version 5.3.0 of Offline Hospital Management System has a security vulnerability. This vulnerability stems from improper configuration of the Electron renderer. By enabling Node.js...
chroma 代码注入漏洞
Chroma is an open-source AI data infrastructure tool developed by Chroma. Versions of Chroma 1.0.0 and later have a code injection vulnerability. This vulnerability stems from a pre-authentication code injection issue, allowing unauthenticated attackers to execute arbitrary code on the server by...
amf 安全漏洞
AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain security vulnerabilities. These vulnerabilities stem from unknown functions in the NGAP Message Handler component, specifically in the file ngap/handler.go, which...
Alloksoft Fast AVI MPEG Splitter 安全漏洞
Alloksoft Fast AVI MPEG Splitter is a multimedia processing tool developed by Alloksoft Corporation, capable of quickly splitting and trimming video files in formats such as AVI and MPEG. Version 1.2 of Alloksoft Fast AVI MPEG Splitter contains a security vulnerability. This vulnerability stems...
DataEase 注入漏洞
DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. Version 2.10.20 of DataEase contains a injection vulnerability. This...
EMQX 竞争条件问题漏洞
EMQX is an MQTT message server provided by the EMQX company. Versions of EMQX 6.2.0 and earlier contained a race condition vulnerability. This vulnerability stemmed from unknown functions in the QoS 2 PUBLISH Packet Handler component, specifically the emqxpersistentsessionds.erl file. Attackers...
AstrBot 路径遍历漏洞
AstrBot is an open-source multi-platform LLM chatbot and development framework developed by AstrBot. Versions of AstrBot 4.23.5 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of the postfile function in the File Upload Handler component...
qs 代码问题漏洞
QS is a JavaScript library developed by Jordan Harband. Versions of QS from 6.11.1 to 6.15.2 had code vulnerabilities. This vulnerability occurred when calling qs.stringify on an array containing null or undefined, with arrayFormat set to comma and encodeValuesOnly set to true. This resulted in a...
Crypt::OpenSSL::PKCS12 安全漏洞
Crypt::OpenSSL::PKCS12 is an open-source cryptographic extension module developed by Dan Sully for the Perl language. It primarily provides functionality for calling the OpenSSL PKCS12 API. Versions of Crypt::OpenSSL::PKCS12 up to 1.94 contained security vulnerabilities. These vulnerabilities...
PublicCMS 授权问题漏洞
PublicCMS is an open-source content management system CMS developed in Java by PublicCMS Company in China. Version 5.202506.d of PublicCMS has a vulnerability related to authorization. This vulnerability stems from the execute function in the Trade Address Query Handler component, specifically in...
AI SDK 命令注入漏洞
AI SDK is a TypeScript AI toolkit open-sourced by Vercel. Versions of AI SDK 3.0.97 and earlier have a command injection vulnerability. This vulnerability stems from the run function in the PR Branch Name Interpolation component, where operating system commands can be injected, potentially allowi...
Vercel AI SDK 代码问题漏洞
Vercel AI SDK is a JavaScript SDK developed by Vercel that supports the integration of large language models, streaming responses, and AI application development. Versions of Vercel AI 3.0.97 and earlier contain code vulnerabilities. These vulnerabilities stem from the validateDownloadUrl functio...
Z-BlogPHP 安全漏洞
Z-BlogPHP is an open-source PHP-based blog system developed by the Z-Blog community. Version Z-BlogPHP 1.7.4.3430 contains a security vulnerability. This vulnerability stems from an improper authorization in the CheckComment function of the commend Approval Handler component’s csystemevent.php...
Flexense VX Search 安全漏洞
Flexense VX Search is a rule-based automatic file search solution provided by Flexense Corporation. It allows users to search for files based on file type, category, file name, size, location, extension, regular expressions, text and binary patterns, creation, modification, and last access dates,...